Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Linux Security. Show all posts
Windows
Browsers CyberCrime Cybersecurity Digital Data Digital Transformation Linux Linux Security macOS PC Privacy Software VPN Windows

Linux Distribution Designed for Seamless Anonymous Browsing



Despite the fact that operating systems like Windows and macOS continue to dominate the global market, Linux has gained a steady following among users who value privacy and security as well as cybersecurity professionals, thanks to its foundational principles: transparency, user control, and community-based development, which have made it so popular. 

Linux distributions—or distros—are open-source in contrast to proprietary systems, and their source code is freely available to anyone who wishes to check for security vulnerabilities independently. In this way, developers and ethical hackers around the world can contribute to the development of the platform by identifying flaws, making improvements, and ensuring that it remains secure against emerging threats by cultivating a culture of collective scrutiny.

In addition to its transparency, Linux also offers a significant degree of customisation, giving users a greater degree of control over everything from system behaviour to network settings, according to their specific privacy and security requirements. In addition to maintaining strong privacy commitments, most leading distributions explicitly state that their data will not be gathered or monetised in any way. 

Consequently, Linux has not only become an alternative operating system for those seeking digital autonomy in an increasingly surveillance-based, data-driven world, but is also a deliberate choice for those seeking digital autonomy. Throughout history, Linux distributions have been developed to serve a variety of user needs, ranging from multimedia production and software development to ethical hacking and network administration to general computing. 

With the advent of purpose-built distributions, Linux shows its flexibility, as each variant caters to a particular situation and is optimised for that specific task. However, not all distributions are confined to a single application. For example, ParrotOS Home Edition is designed with flexibility at its core, offering a balanced solution that caters to the privacy concerns of both individuals and everyday users. 

In the field of cybersecurity circles, ParrotOS Home Edition is a streamlined version of Parrot Security OS, widely referred to as ParrotSec. Despite the fact that it also shares the same sleek, security-oriented appearance, the Home Edition was designed to be used as a general-purpose computer while maintaining its emphasis on privacy in its core. 

As a consequence of omitting a comprehensive suite of penetration testing tools, the security edition is lighter and more accessible, while the privacy edition retains strong privacy-oriented features that make it more secure. The built-in tool AnonSurf, which allows users to anonymise their online activity with remarkable ease, is a standout feature in this regard. 

It has been proven that AnonSurf offers the same level of privacy as a VPN, as it disguises the IP address of the user and encrypts all data transmissions. There is no need for additional software or configuration; you can use it without installing anything new. By providing this integration, ParrotOS Home Edition is particularly attractive to users who are looking for secure, anonymous browsing right out of the box while also providing the flexibility and performance a user needs daily. 

There are many differences between Linux distributions and most commercial operating systems. For instance, Windows devices that arrive preinstalled with third-party software often arrive bloated, whereas Linux distributions emphasise performance, transparency, and autonomy in their distributions. 

When it comes to traditional Windows PCs, users are likely to be familiar with the frustrations associated with bundled applications, such as antivirus programs or proprietary browsers. There is no inherent harm in these additions, but they can impact system performance, clog up the user experience, and continuously remind users of promotions or subscription reminders. 

However, most Linux distributions adhere to a minimalistic and user-centric approach, which is what makes them so popular. It is important to note that open-source platforms are largely built around Free and Open Source Software (FOSS), which allows users to get a better understanding of the software running on their computers. 

Many distributions, like Ubuntu, even offer a “minimal installation” option, which includes only essential programs like a web browser and a simple text editor. In addition, users can create their own environment, installing only the tools they need, without having to deal with bloatware or intrusive third-party applications, so that they can build it from scratch. As far as user security and privacy are concerned, Linux is committed to going beyond the software choices. 

In most modern distributions, OpenVPN is natively supported by the operating system, allowing users to establish an encrypted connection using configuration files provided by their preferred VPN provider. Additionally, there are now many leading VPN providers, such as hide.me, which offer Linux-specific clients that make it easier for users to secure their online activity across different devices. The Linux installation process often provides robust options for disk encryption. 

LUKS (Linux Unified Key Setup) is typically used to implement Full Disk Encryption (FDE), which offers military-grade 256-bit AES encryption, for example, that safeguards data on a hard drive using military-grade 256-bit AES encryption. Most distributions also allow users to encrypt their home directories, making sure that the files they store on their computer, such as documents, downloads, and photos, remain safe even if another user gets access to them. 

There is a sophisticated security module called AppArmor built into many major distributions such as Ubuntu, Debian, and Arch Linux that plays a major part in the security mechanisms of Linux. Essentially, AppArmor enforces access control policies by defining a strict profile for each application. 

Thus, AppArmor limits the data and system resources that can be accessed by each program. Using this containment approach, you significantly reduce the risk of security breaches because even if malicious software is executed, it has very little chance of interacting with or compromising other components of the system.

In combination with these security layers,and the transparency of open-source software, Linux positioned itself as one of the most powerful operating systems for people who seek both performance and robust digital security. Linux has a distinct advantage over its proprietary counterparts, such as Windows and Mac OS, when it comes to security. 

There is a reason why Linux has earned a reputation as a highly secure mainstream operating system—not simply anecdotal—but it is due to its core architecture, open source nature, and well-established security protocols that it holds this reputation. There is no need to worry about security when it comes to Linux; unlike closed-source platforms that often conceal and are controlled solely by vendors, Linux implements a "security by design" philosophy with layered, transparent, and community-driven approaches to threat mitigation. 

Linux is known for its open-source codebase, which allows for the continual auditing, review, and improvement of the system by independent developers and security experts throughout the world. Through global collaboration, vulnerabilities can be identified and remedied much more rapidly than in proprietary systems, because of the speed with which they are identified and resolved. In contrast, platforms like Windows and macOS depend on "security through obscurity," by hiding their source code so malicious actors won't be able to take advantage of exploitable flaws. 

A lack of visibility, however, can also prevent independent researchers from identifying and reporting bugs before they are exploited, which may backfire on this method. By adopting a true open-source model for security, Linux is fostering an environment of proactive and resilient security, where accountability and collective vigilance play an important role in improving security. Linux has a strict user privilege model that is another critical component of its security posture. 

The Linux operating system enforces a principle known as the least privilege principle. The principle is different from Windows, where users often operate with administrative (admin) rights by default. In the default configuration, users are only granted the minimal permissions needed to fulfil their daily tasks, whereas full administrative access is restricted to a superuser. As a result of this design, malware and unapproved processes are inherently restricted from gaining system-wide control, resulting in a significant reduction in attack surface. 

It is also important to note that Linux has built in several security modules and safeguards to ensure that the system remains secure at the kernel level. SELinux and AppArmor, for instance, provide support for mandatory access controls and ensure that no matter how many vulnerabilities are exploited, the damage will be contained and compartmentalised regardless. 

It is also worth mentioning that many Linux distributions offer transparent disk encryption, secure boot options, and native support for secure network configurations, all of which strengthen data security and enhance online security. These features, taken together, demonstrate why Linux has been consistently favoured by privacy advocates, security professionals, and developers for years to come. 

There is no doubt in my mind that the flexibility of it, its transparency, and its robust security framework make it a compelling choice in an environment where digital threats are becoming increasingly complex and persistent. As we move into a digital age characterised by ubiquitous surveillance, aggressive data monetisation, and ever more sophisticated cyber threats, it becomes increasingly important to establish a secure and transparent computing foundation. 

There are several reasons why Linux presents a strategic and future-ready alternative to proprietary systems, including privacy-oriented distributions like ParrotOS. They provide users with granular control, robust configurability, and native anonymity tools that are rarely able to find in proprietary platforms. 

A migration to a Linux-based environment is more than just a technical upgrade for those who are concerned about security; it is a proactive attempt to protect their digital sovereignty. By adopting Linux, users are not simply changing their operating system; they are committing to a privacy-first paradigm, where the core objective is to maintain a high level of user autonomy, integrity, and trust throughout the entire process.

Read more »
Palo Alto Networks
Botnet Botnet attack cryptocurrency mining Cyber Attacks Evasion Tactics Linux Linux Malware Linux Security Linux Servers Malware attacks Palo Alto Palo Alto Networks

Palo Alto Detects New Prometei Botnet Attacks Targeting Linux Servers

Cybersecurity analysts from Palo Alto Networks’ Unit 42 have reported a resurgence of the Prometei botnet, now actively targeting Linux systems with new, upgraded variants as of March 2025. Originally discovered in 2020 when it was aimed at Windows machines, Prometei has since expanded its reach. 

Its Linux-based malware strain has been in circulation since late 2020, but recent versions—designated as 3.x and 4.x—demonstrate significant upgrades in their attack capabilities. The latest Prometei malware samples are equipped with remote control functionality, domain generation algorithms (DGA) to ensure connection with attacker-controlled servers, and self-updating systems that help them remain undetected. This renewed activity highlights the botnet’s growing sophistication and persistent threat across global networks. 

At its core, Prometei is designed to secretly mine Monero cryptocurrency, draining the resources of infected devices. However, it also engages in credential harvesting and can download additional malicious software depending on the attacker’s goals. Its modular framework allows individual components to carry out specific tasks, including brute-force attacks, vulnerability exploitation (such as EternalBlue and SMB bugs), mining operations, and data exfiltration. 

The malware is typically delivered via HTTP GET requests from rogue URLs like hxxp://103.41.204[.]104/k.php. Prometei uses 64-bit Linux ELF binaries that extract and execute payloads directly in memory. These binaries also carry embedded configuration data in a JSON format, containing fields such as encryption keys and tracking identifiers, making them harder to analyze and block. 

Once a system is compromised, the malware collects extensive hardware and software information—CPU details, OS version, system uptime—and sends this back to its command-and-control (C2) servers, including addresses like hxxp://152.36.128[.]18/cgi-bin/p.cgi. Thanks to DGA and self-update features, Prometei ensures consistent communication with attacker infrastructure and adapts to security responses on the fly.  

To defend against these threats, Palo Alto Networks advises using advanced detection tools such as Cortex XDR, WildFire, and their Advanced Threat Prevention platform. These technologies utilize real-time analytics and machine learning to identify and contain threats. Organizations facing a breach can also contact Palo Alto’s Unit 42 incident response team for expert help. 

The activity observed from March to April 2025 underlines the continued evolution of the Prometei botnet and the growing risk it poses to businesses relying on Linux environments. Strengthening cybersecurity protocols and remaining alert to new threats is essential in today’s threat landscape.
Read more »
Penetration Testing
Cyber Security Digital Forensics Ethical Hacking Kali Kali Pentesting Linux Linux Linux Security Penetration Testing

What Is Kali Linux? Everything You Need to Know

 

Kali Linux has become a cornerstone of cybersecurity, widely used by ethical hackers, penetration testers, and security professionals. This open-source Debian-based distribution is designed specifically for security testing and digital forensics. 

Recognized for its extensive toolset, it has been featured in popular culture, including the TV series Mr. Robot. Its accessibility and specialized features make it a preferred choice for those working in cybersecurity. The project originated as a successor to BackTrack Linux, developed by Offensive Security (OffSec) in 2013. 

Created by Mati Aharoni and Devon Kearns, Kali was designed to be a more refined, customizable, and scalable penetration testing platform. Unlike its predecessor, Kali adopted a rolling release model in 2016, ensuring continuous updates and seamless integration of the latest security tools. This model keeps the OS up to date with emerging cybersecurity threats and techniques. 

One of Kali Linux’s standout features is its extensive suite of security testing tools—approximately 600 in total—catering to various tasks, including network penetration testing, password cracking, vulnerability analysis, and digital forensics. The OS is also optimized for a wide range of hardware platforms, from traditional desktops and laptops to ARM-based systems like Raspberry Pi and even Android devices through Kali NetHunter. 

A key advantage of Kali is its built-in customization and ease of use. Unlike installing individual security tools on a standard Linux distribution, Kali provides a ready-to-use environment where everything is pre-configured. Additionally, it offers unique capabilities such as “Boot Nuke,” which enables secure data wiping, and containerized support for running older security tools that may no longer be maintained. 

Maintained and funded by Offensive Security, Kali Linux benefits from ongoing community contributions and industry support. The development team continuously enhances the system, addressing technical challenges like transitioning to updated architectures, improving multi-platform compatibility, and ensuring stability despite its rolling release model. 

The project also prioritizes accessibility for both seasoned professionals and newcomers, offering free educational resources like Kali Linux Revealed to help users get started. Looking ahead, Kali Linux’s roadmap remains dynamic, adapting to the fast-changing cybersecurity landscape. 

While core updates follow a structured quarterly release cycle, the development team quickly integrates new security tools, updates, and features as needed. With its strong foundation and community-driven approach, Kali Linux continues to evolve as an essential tool for cybersecurity professionals worldwide.
Read more »
targeting VMware ESXi systems
Cyber Security cybersecurity threat ESXi environments Linux Security New Linux ransomware Play ransomware variant ransomware attacks ransomware protection targeting VMware ESXi systems

New Linux Play Ransomware Variant Targets VMware ESXi Systems

 

Attacks with a new Play ransomware variant for Linux have been deployed against VMware ESXi systems, most of which have been aimed at the U.S. and at organizations in the manufacturing, professional services, and construction sectors, according to The Hacker News.

Such a novel Play ransomware version was hosted on an IP address that also contained the WinSCP, PsExec, WinRAR, and NetScan tools, as well as the Coroxy backdoor previously leveraged by the ransomware operation, indicating similar functionality, an analysis from Trend Micro revealed. However, additional examination of the payload showed its utilization of a registered domain generation algorithm to bypass detection, a tactic similarly used by the Prolific Puma threat operation. 

"ESXi environments are high-value targets for ransomware attacks due to their critical role in business operations. The efficiency of encrypting numerous VMs simultaneously and the valuable data they hold further elevate their lucrativeness for cybercriminals," said researchers. Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments.

"This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a report published Friday.

Play, which arrived on the scene in June 2022, is known for its double extortion tactics, encrypting systems after exfiltrating sensitive data and demanding payment in exchange for a decryption key. According to estimates released by Australia and the U.S., as many as 300 organizations have been victimized by the ransomware group as of October 2023.

Statistics shared by Trend Micro for the first seven months of 2024 show that the U.S. is the country with the highest number of victims, followed by Canada, Germany, the U.K., and the Netherlands. Manufacturing, professional services, construction, IT, retail, financial services, transportation, media, legal services, and real estate are some of the top industries affected by the Play ransomware during the time period.

The cybersecurity firm's analysis of a Linux variant of Play comes from a RAR archive file hosted on an IP address (108.61.142[.]190), which also contains other tools identified as utilized in previous attacks such as PsExec, NetScan, WinSCP, WinRAR, and the Coroxy backdoor.

"Though no actual infection has been observed, the command-and-control (C&C) server hosts the common tools that Play ransomware currently uses in its attacks," it said. "This could denote that the Linux variant might employ similar tactics, techniques, and procedures (TTPs)."

The ransomware sample, upon execution, ensures that it's running in an ESXi environment before proceeding to encrypt virtual machine (VM) files, including VM disk, configuration, and metadata files, and appending them with the extension ".PLAY." A ransom note is then dropped in the root directory.

Further analysis has determined that the Play ransomware group is likely using the services and infrastructure peddled by Prolific Puma, which offers an illicit link-shortening service to other cybercriminals to help them evade detection while distributing malware. Specifically, it employs what's called a registered domain generation algorithm (RDGA)
Read more »
XZ Utils Library
Backdoor Information Security Linux Linux Security Vulnerabilities and Exploits XZ Utils Library

Unveiling the XZ Utils Backdoor: A Wake-Up Call for Linux Security

 

The recent discovery of a backdoor in the XZ Utils, a vital tool for lossless data compression on Linux, has sent shockwaves through the tech community. This revelation poses a significant risk to nearly all Linux systems, prompting urgent concerns about cybersecurity and system integrity. 

The Common Vulnerabilities and Exposures (CVE) system, a reference for publicly known information-security vulnerabilities, assigned a severity score of 10/10 to the Linux XZ Utils backdoor. This rating underscores the gravity of the situation and underscores the urgent need for action. 

The initial detection of the backdoor was made by Andres Freund, a PostgreSQL developer at Microsoft. Freund noticed unusual SSH login delays and CPU usage spikes on a Debian Linux system, leading to an investigation that uncovered the presence of the backdoor in the XZ Utils. This discovery exposed countless Linux servers and workstations to potential attacks, highlighting the widespread impact of the vulnerability. 

The backdoor was cleverly concealed within binary files in the XZ Utils’ test folder, encrypted using the XZ library itself, making it difficult to detect. While systems running Debian or Red Hat Linux distributions were particularly vulnerable, Arch Linux and Gentoo Linux appeared to be spared due to their unique system architectures. The malware exploited an audit hook in the dynamic linker, a fundamental component of the Linux operating system, enabling attackers to execute code remotely at the system level. 

This capability granted them full control over compromised systems, posing severe risks such as data theft, system disruption, and the deployment of additional malware or ransomware. Further investigations revealed that the breach of the XZ repository was a sophisticated and well-coordinated effort, likely involving multiple individuals. This complexity raises concerns about the extent of the damage and the potential for other undiscovered vulnerabilities. 

The attack's sophistication suggests a deep understanding of the Linux ecosystem and the XZ Utils, highlighting the need for enhanced security measures in open-source software development. Immediate steps, such as updating to patched versions of XZ Utils or reverting to safe earlier versions, are crucial for system security. This incident serves as a wake-up call for the Linux community to reassess its security practices and strengthen defenses against future attacks. 

Rigorous code reviews, increased use of security auditing tools, and fostering transparency and collaboration among developers and security researchers are essential steps to mitigate similar threats in the future. As the tech community grapples with the implications of this backdoor, ongoing research is underway to determine the full extent of the threat. This incident underscores the critical importance of system security and the need for continuous vigilance against evolving cyber threats. Together, we must learn from this experience and work towards building a more secure and resilient Linux ecosystem.
Read more »
VMware ESXi
Cyber Security IoT devices Linux Security Online Safety Operating system Server Hack VMware VMware ESXi

Here's Why Cybercriminals are Targeting Linux Operating Systems

 

Internal strife is common among ransomware gangs. They argue, they fight, and they establish allies only to rapidly break them. Take, for instance, the leak of malware code from Babuk, which was compromised in 2021 by hackers enraged at being duped by the infamous ransomware gang. 

The outcomes of this intramural warfare are frequently fruitful for cybersecurity experts. Ten other ransomware gangs used the code to attack VMware and ESXI servers after that, and a number of versions were produced that researchers have been busy updating ever since. 

However, what made this particular family of malware noteworthy was that it specifically targeted Linux, which has quickly become a favourite of developers working on creating virtual machines for cloud-based computer systems, hosting for live websites, or IoT devices. With an estimated 14 million internet-facing gadgets, 46.5% of the top million websites by traffic, and an astounding 71.8% of IoT devices using Linux on any one day, its use has increased significantly in recent years. 

That's excellent news for advocates of open-source software development, for whom Linux has always served as an illustration of what can be accomplished when coding communities work together without being constrained by anything as odious as a corporate culture or a profit motivation. 

It's also really alarming for some cybersecurity specialists. Not only is there a significant dearth of ongoing research into the security of Linux-based systems in comparison to those based on more mainstream operating systems, but there is also no official, overarching method for patching the vulnerabilities in this OS. Instead, as befits an open-source product, 'flavours' of Linux are patched on an ad hoc basis by developers with time and intellect to spare - a valuable resource in the face of a real tsunami of cybercrime. Attackers are taking note. AtlasVPN discovered over 1.9 million new malware threats last year, representing a 50% rise year on year.

Shifting trend 

It wasn't always like this. Bharat Mistry recalls a time when hackers were more interested in cracking open old Windows computers. "I believe cybercriminals stayed away because they believed the popularity wasn't there," says Trend Micro's technical director for the UK and Ireland. Linux had a reputation for being secure by design, with reduced default access levels and other characteristics designed to hinder the easy spread of malware. "But over the last six years, certainly with cloud usage, it's [usage has] exponentially grown," says Mistry, increasing the amount of possible vulnerabilities. 

According to Mistry, this is largely due to the fact that it offers a cheap and cheerful alternative to the dominant OS brands, with many different flavours of unlicensed Linux accessible. "When you look at things like web servers that are hosted in the cloud, [why] should I pay for a Windows licence?" Mistry asks, speaking from the perspective of a savvy, money-conscious company. A Linux alternative is "as cheap as chips and does exactly what I need it to do." I can install Apache on it... and have the performance I want without the extra cost." 

Unfortunately, if an operating system is designed and maintained according to open source principles, hackers looking to exploit it can simply source it on GitHub and other software forums. Ensar Seker, for one, is concerned about the consequences for the use of virtual machines (VMs) in the cloud. "Virtual machines often lack the same level of security monitoring as physical systems, making it easier for attackers to go undetected for a longer period of time," says the chief information security officer at digital risk protection platform SOCRadar. 

The fact that the vast majority of software on IoT devices is based on Linux should also be cause for concern, according to the researcher, especially considering the rate of development expected for the smart device market over the next decade. More concerningly, Mistry continues, "we're seeing Linux being used more and more in critical systems," owing to how easy it is to branch and customise variants of the OS to suit particular jobs compared to its mainstream counterparts.

Given hackers' access to the source code of the operating system, malware designed to break open-source versions of these systems is frequently created to a higher standard than its Windows-targeting counterparts. It's also popular among a wide range of cybercriminal gangs. Tilted Temple, a Chinese cyber group, has utilised Linux-based malware to infiltrate important national infrastructure on three continents. 

Major players in the cybercriminal underworld, such as Black Basta, Lockbit, and Hive, have all been identified as deploying targeted Linux-chomping malware to breach online infrastructure. Another such gang, RTM, has been found on dark web forums as trading in harmful, Linux-targeting software. 

It's unclear how prepared cybersecurity providers are for this new threat. After all, until recently, these companies spent far more time fixing vulnerabilities in more widespread operating systems. Far fewer have investigated how vulnerable Linux systems can be to hacking - a squandered opportunity, according to Mistry. "Everyone's been so focused on Windows over the last few years because it's been the predominant operating system that all enterprises use," he explains. "But, in the background, Linux has always been there." 

Future threats 

Mistry does not believe the current wave of Linux attacks will abate anytime soon. He feels it will be some time before consumers and developers become aware of the risks and alter their behaviours. "The vulnerabilities in Linux platforms are massive," Mistry adds. "No one is actively controlling the vulnerabilities and patching them on a daily basis." 

Does this imply that its open-source framework contributes directly to Linux's lack of security? Certainly less, says Mistry. "You've got the openness, you've got the mass flexibility - the problem is when it comes to support," explains Mistry. 

Organisations developing new software on Linux should educate themselves on the trade-offs involved in adopting the operating system. The communities of developers modifying and patching this or that variant of Linux have "got people who will do things, but there's no kind of set body to say, 'This is the kind of direction we're going [in.]," adds Mistry, let alone any built-in regime mandating security standards. As a result, firms would be advised, according to the TrendMicro researcher, to install their own regime or create a viable audit trail for products built on some of the more unusual varieties of Linux. 

So, are the days of Linux as a popular OS alternative numbered? Probably not in the short term, and many cybersecurity vendors are becoming aware of the threat posed by Linux-based systems, according to Mistry. Nonetheless, according to Seker, each new security event involving Linux-targeting malware only serves to erode its reputation as an economical, secure, and open-source alternative to the monolithic Windows and iOS. "Even a single high-profile incident can quickly change a perception if the security community does not respond to threats promptly and effectively," he says.
Read more »
Vulnerabilities and Exploits
Linux Linux Security Linux Vulnerability Russia Russian OS Vulnerabilities and Exploits

Inherent Vulnerability in Linux Puts Russian OS at Risk

 

The vulnerability found in all distributions of the Linux operating system also puts at risk Russian OS based on it, which are used in banks, enterprises, and government agencies. Developers of Russian OS on Linux have already begun to publish updates that close the security gap. But the problem may not be an isolated one, since few people have been engaged in comprehensive research of the Linux source code. 
The vulnerability, called PwnKit, was discovered by the American company Qualys. Experts pointed out that the breach allows attackers to easily obtain administrator rights. The vulnerability is present in the pkexec component. The researchers claim that the vulnerability is installed by default on all Linux distributions and has existed in the pkexec component (graphical interface) since its creation, that is, almost 13 years. 

Kaspersky Lab researcher Boris Larin confirmed that the vulnerability also affected some Russian Linux distributions. The Russian developer RED SOFT, which produces the Russian Red OS based on Linux, acknowledged that the system uses a potentially unsafe module, but noted that the company regularly tests the system and has already released an update. 

It should be noted that administrator rights give unlimited opportunities to attackers, and most likely, within a year, this vulnerability will become the main tool for attacking devices running Linux. "Banks, industrial enterprises, and the public sector can be targeted," said Alexey Malynev, head of the Jet Infosystem Incident Monitoring and Response Center. 

Exploits that allow exploiting the vulnerability appeared a few hours after the information about the problem appeared. Developers have already started releasing security updates to close the gap. 

The revealed vulnerability demonstrates one of the important shortcomings of open source systems. "It seems that it is available, and everyone can check it, but in fact, few people do it, so no one has noticed the vulnerability for years," noted Pavel Korostelev, head of the Security Code product promotion department. 

Dmitry Derzhavin, head of CPI development, emphasizes that modern operating systems are millions of lines of code. "It so happened that no one has looked into this particular line until now, and there is no excuse for this oversight."
Read more »
Malware.
Cyber Attacks HiddenWasp Linux Linux Security Linux Vulnerability Malware.

Undetected malware attacks Linux systems

A new sophisticated, unique Linux malware dubbed HiddenWasp used in targeted attacks against victim’s who are already under attack or gone through a heavy reconnaissance.

The malware is highly sophisticated and went undetected; the malware is still active and has a zero detection rate. The malware adopted a massive amount of codes from publically available malware such as Mirai and the Azazel rootkit.

Unlike Windows malware, Linux malware authors won’t concentrate much with evasion techniques, as the trend of using Anti-Virus solutions in Linux machine is very less when compared to other platforms.

However, the Intezer report shows “malware with strong evasion techniques does exist for the Linux platform. There is also a high ratio of publicly available open-source malware that utilizes strong evasion techniques and can be easily adapted by attackers.” In the past, we saw many malware focussed on crypto-mining or DDoS activity, but the HiddenWasp is purely a targeted remote control attack.

The malware is composed of a user-mode rootkit, a trojan, and an initial deployment script. Researchers spotted the files went undetected in VirusTotal and the malware hosted in servers of a hosting company ThinkDream located in Hong Kong.

While analyzing scripts, Intezer spotted a user named ‘sftp’ and hardcodes, which can be used for initial compromise and also the scripts has variable to clear the older versions from the compromised systems.

The scripts also include variables to determine server architecture of the compromised system and download components from the malicious server based on the compromised server architecture. Once the components installed, the trojan will get executed on the system.

“Within this script, we were able to observe that the main implants were downloaded in the form of tarballs. As previously mentioned, each tarball contains the main trojan, the rootkit, and a deployment script for x86 and x86_64 builds accordingly.”
Read more »
Linux Security
DoS Vulnerabilities Linux Kernel Linux Security

Unpatched Linux Kernel Vulnerabilities Could Be Exploited For Local Dos




As of late two denial-of-service (DoS) vulnerabilities evaluated as ones with Medium severity, affected the Linux kernel 4.19.2 in addition to its previous versions. The two defects are NULL pointer deference issues that can be misused by even a local attacker if he or she wishes to trigger a DoS condition.

Tracked as CVE-2018-19406, the primary issue was observed to dwell in a Linux kernel function called kvm_pv_send_ipi, which is characterized in curve/x86/kvm/lapic.c. The defect is activated when the Advanced Programmable Interrupt Controller (APIC) delineate is not initialized correctly.
To abuse the security defect, a local attacker can utilize the already 'crafted' system calls to achieve a circumstance where the apic delineate remains uninitialized.

In a published blog post the Linux contributor Wanpeng Li reports:
“The reason is that the apic map has not yet been initialized, the testcase triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map is dereferenced”

The second vulnerability, which has been doled out the CVE number CVE-2018-19407, impacts the vcpu_scan_ioapic function that is characterized in curve/x86/kvm/x86.c. The bug is activated when I/O Advanced Programmable Interrupt Controller (I/O APIC) does not instate effectively.

Further adds the security advisor “the vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.”

“The reason is that the testcase writes hyperv synic HV_X64_MSR_SINT6 msr and triggers scan ioapic logic to load synic vectors into EOI exit bitmap. However, irqchip is not initialized by this simple testcase, ioapic/apic objects should not be accessed,” reads the analysis published by Wanpeng Li.

Albeit informal patches for the two blemishes were discharged in the informal Linux Kernel Mailing List (LKML) archive, however despite everything they haven't been pushed upstream.

Read more »
Vulnerability
Featured Linux Security Linux Vulnerability Vulnerability

Bug in GnuTLS allows hackers to run malicious code in Your Linux

Another major security vulnerability has been discovered in the popular cryptographic Library 'GnuTLS' that leaves Linux vulnerable to remote code execution.

GNUTLS is a free library implementing Secure Socket Layer(SSL), Transport Layer Security (TLS) and Datagram Transport Layer Security(DTLS) protocols which are used to offer secure communications.
 
"A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake." an entry posted on the Red Hat Bug Tracker reads.

Flaw: The read_server_hello function checks only whether the length of the Session ID does not exceed incoming packet size but it fails to ensure it doesn't exceed maximum length of Session ID.

A malicious server could exploit this vulnerability by sending a very long Session ID value and run a malicious code in "a connecting TLS/SSL client using GnuTLS".

In March, a different vulnerability was patched in GnuTLS Library that could have allowed attackers "to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker"

I've updated my Linux, Did you?
Read more »
Ubuntu Security
IT Security News Linux Security Security Advisory Security News Ubuntu Security

Update your Ubuntu 12.10 to fix the Linux Kernel vulnerabilities


Canonical on May 2 released security advisory to fix ten Linux kernel vulnerabilities that affect the Ubuntu 12.10 version. 

The list of vulnerabilities include Information leak in the Linux kernel's UDFfile system implementation ((CVE-2012-6548), Information leak in the Linux kernel's ISO9660 CDROM file system driver(CVE-2012-6549), Integer overflow in the Direct Rendering Manager (DRM), subsystem for the i915 video driver in the Linux kernel(CVE-2013-0913), Denial of service flaw in guest OS time updates in the Linuxkernel's KVM((CVE-2013-1796)).

Other vulnerabilities are Use after free error in guest OS time updates in the Linux kernel;s KVM (CVE-2013-1797), Flaw in the way KVM emulated the IOAPIC (CVE-2013-1798), Escalate privileges vulnerability in the Linux kernel's ext3 filesystem(CVE-2013-1848) , Buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class (CVE-2013-1860), information leak in the Linux kernel's dcb netlink interface (CVE-2013-2634) ,kernel stack information leak in the RTNETLINK component(CVE-2013-2635).

To patch these vulnerabilities, Ubuntu users are urged to update your system to the following package version: linux-image-3.5.0-28-generic 3.5.0-28.48 .

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. 
Read more »
Subscribe to: Posts (Atom)