Tag: linux
-
Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers
by
in SecurityNewsCado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting both Windows and Linux systems. The attack utilizes multiple stages of obfuscation, including encrypted payloads and COM object manipulation, to ultimately deploy miners for various cryptocurrencies including Monero, Ravencoin, and several others. This previously unreported exploitation method demonstrates how threat actors…
-
The most notorious and damaging ransomware of all time
by
in SecurityNews
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
Latest Chrome Update Addresses Multiple High-Risk Security Issues
Google has released a critical update for its Chrome browser, advancing the stable channel to version 134.0.6998.88 for Windows, Mac, and Linux, and 134.0.6998.89 for Windows and Mac on the Extended Stable channel. This update includes several high-priority security fixes to safeguard users against potential threats. The rollout will occur over the coming days and…
-
New Linux Kernel Code Written in Rust Aims to Eliminate Memory Safety Bugs
by
in SecurityNewsThe integration of Rust into the Linux kernel is a significant step forward in enhancing memory safety, a critical aspect of kernel development. This effort, known as Rust for Linux, began in 2021 with the publication of an RFC by Miguel Ojeda, the project’s primary maintainer. The goal is not to rewrite the entire kernel…
-
Commvault Webserver Vulnerability Poses Cybersecurity Risk, Urging Immediate Action
by
in SecurityNewsCommvault, a leading provider of data protection and management solutions, has recently addressed a critical flaw affecting its webserver software. This Webserver vulnerability, if left unchecked, could have allowed attackers to gain full control over systems running affected versions of Commvault’s software. The flaw impacts both Linux and Windows platforms, posing a substantial risk to…
-
Strap in, get ready for more Rust drivers in Linux kernel
by
in SecurityNewsLikening memory safety bugs to smallpox may not soothe sensitive C coders First seen on theregister.com Jump to article: www.theregister.com/2025/03/10/rust_drivers_expected_to_become/
-
Commvault Webserver Flaw Allows Attackers to Gain Full Control
by
in SecurityNewsCommvault has revealed a major vulnerability in its software that could allow malicious actors to gain full control of its webservers. The issue, identified as CV_2025_03_1, has been categorized as a high-severity flaw and impacts multiple versions of the Commvault platform running on both Linux and Windows. The vulnerability in question allows attackers to create and…
-
Tails 6.13 Linux Distro Released with Enhanced Wi-Fi Hardware Detection
The Tails Project has launched Tails 6.13, the latest version of its privacy-centric Linux distribution, introducing improved Wi-Fi troubleshooting tools, updated anonymity software, and fixes for persistent storage and installation workflows. Targeted at users prioritizing security and anonymity, this release addresses common hardware compatibility challenges while refining the user experience. Enhanced Wi-Fi Hardware Detection and…
-
Linux, macOS users infected with malware posing as legitimate Go packages
Campaign is tailor-made for persistence : The repeated use of identical filenames, array-based string obfuscation, and delayed execution tactics strongly suggests a coordinated adversary who plans to persist and adapt, the researchers added.The presence of multiple malicious Hypert and Layout packages along with several fallback domains also suggests a resilient infrastructure. This setup will allow threat…
-
How to Install Librewolf
by
in SecurityNewsWhen configured properly, Mozilla Firefox offers great privacy and security. However, achieving a higher level of privacy and security in Mozilla Firefox requires many tweaks across all levels. Some users may not be too comfortable with this and may prefer an out-of-the-box solution that isn’t Chromium dependent. Enter Librewolf – which aims to be user…
-
Typosquatting campaign targets financial sector Linux, macOS systems
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/typosquatting-campaign-targets-financial-sector-linux-macos-systems
-
Malware Infects Linux and macOS via Typosquatted Go Packages
by
in SecurityNewsSocket exposes a typosquatting campaign delivering malware to Linux and macOS systems via malicious Go packages. Discover the… First seen on hackread.com Jump to article: hackread.com/malware-infects-linux-macos-typosquatted-go-packages/
-
CISA Issues Alert on Actively Exploited VMware Vulnerabilities
by
in SecurityNews
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, linux, mitigation, threat, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated warnings on March 4, 2025, by adding four severe vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Federal agencies and private organizations are urged to prioritize mitigation efforts, as threat actors are actively weaponizing these flaws in VMware ESXi, Workstation, Fusion, and the Linux kernel. CVE-2025-22225:…
-
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
by
in SecurityNewsCybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems.”The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers First seen on thehackernews.com…
-
U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: android, cisa, cve, cybersecurity, exploit, google, infrastructure, kev, linux, vmware, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The first issue, tracked as CVE-2024-50302, was addressed by Google with the release of the Android…
-
Chrome 134 Launches with Patches for 14 Crash-Inducing Vulnerabilities
by
in SecurityNewsGoogle has rolled out Chrome 134 to the stable channel for Windows, macOS, and Linux, addressing14 security vulnerabilities”, including high-severity flaws that could enable remote code execution or crashes. The update, version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for macOS, follows weeks of testing and includes critical fixes for vulnerabilities in components like…
-
HP-Sicherheitsupdate für Thin-Client ThinPro
by
in SecurityNewsSetzt jemand aus der Leserschaft auf den Thin-Client ThinPro von HP? In dem Linux-basierten Produkt gibt es “hunderte” Sicherheitslücken, die nun per HP ThinPro 8.1 SP6 Security Updates behoben werden sollen. Die Redaktion von heise hat diesen Sachverhalt in diesem … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/04/hp-sicherheitsupdate-fuer-thin-client-thinpro/
-
OSPS Baseline: Practical security best practices for open source software projects
by
in SecurityNewsThe Open Source Security Foundation (OpenSSF), a cross-industry initiative by the Linux Foundation, has announced the initial release of the Open Source Project Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/28/osps-baseline-practical-security-best-practices-for-open-source-software-projects/
-
Geopolitical tensions fuel surge in OT and ICS cyberattacks
by
in SecurityNewsNew Russian group focused on Ukraine: The second new group to launch attack campaigns against industrial organizations last year, dubbed GRAPHITE, has overlaps with APT28 activities. Also known as Fancy Bear or Pawn Storm, APT28 is believed to be a unit inside Russia’s General Staff Main Intelligence Directorate (GRU).GRAPHITE launched constant phishing campaigns against hydroelectric,…
-
Rust vs. C, Linux’s Uncivil War
by
in SecurityNewsKernel Panic in the Rust Belt. Memory safety: GOOD. Cheese motion: BAD. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/rust-linux-war-richixbw/
-
New Auto-Color Linux backdoor targets North American govts, universities
by
in SecurityNewsA previously undocumented Linux backdoor dubbed ‘Auto-Color’ was observed in attacks between November and December 2024, targeting universities and government organizations in North America and Asia. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-auto-color-linux-backdoor-targets-north-american-govts-universities/
-
LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
by
in SecurityNewsCybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram.LightSpy is the name given to a modular spyware that’s capable of infecting both Windows and Apple systems with an aim to harvest…
-
New Auto-Color Malware Attacking Linux Devices to Gain Full Remote Access
by
in SecurityNewsResearchers at Palo Alto Networks have identified a new Linux malware, dubbed >>Auto-Color,
-
LightSpy Malware Expands With 100+ Commands to Target Users Across All Major OS Platforms
by
in SecurityNewsThe LightSpy surveillance framework has significantly evolved its operational capabilities, now supporting over 100 commands to infiltrate Android, iOS, Windows, macOS, and Linux systems, and routers, according to new infrastructure analysis. First documented in 2020, this modular malware has shifted from targeting messaging applications to focusing on social media database extraction and cross-platform surveillance, marking…
-
KernelSnitch: Uncovering a New Side-Channel Attack on Data Structures
by
in SecurityNewsResearchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack,KernelSnitch, which exploits timing variances in Linux kernel data structures. Unlike hardware-dependent attacks, KernelSnitch targets hash tables, radix trees, and red-black trees, enabling unprivileged attackers to leak sensitive data across isolated processes, as per a report by a Researcher Published on Github. The…
-
Zero Trust World: Endpoint risks for Linux environments
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/resource/zero-trust-world-endpoint-risks-for-linux-environments
-
Linux-Images schreiben: Tails-Entwickler warnen vor Balenaetcher
by
in SecurityNewsJahrelang hat Tails Balenaetcher empfohlen, um bootfähige Medien zu erstellen. Nun äußert das Team Bedenken, weil das Tool wohl allerhand Daten sammelt. First seen on golem.de Jump to article: www.golem.de/news/linux-images-schreiben-tails-entwickler-warnen-vor-balenaetcher-2502-193575.html