LINUX

Pierluigi Paganini March 04, 2024
New Linux variant of BIFROSE RAT uses deceptive domain strategies

A new Linux variant of the remote access trojan (RAT) BIFROSE (aka Bifrost) uses a deceptive domain mimicking VMware. Palo Alto Networks Unit 42 researchers discovered a new Linux variant of Bifrost (aka Bifrose) RAT that uses a deceptive domain (download.vmfare[.]com) that mimics the legitimate VMware domain. The Bifrost RAT has been active since 2004, […]

Pierluigi Paganini February 14, 2024
Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages

Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue […]

Pierluigi Paganini February 07, 2024
Critical shim bug impacts every Linux boot loader signed in the past decade

The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The maintainers of ‘shim’ addressed six vulnerabilities with the release of version 15.8. The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS score: 9.8), can lead to remote code execution under specific circumstances. The vulnerability CVE-2023-40547 is […]

Pierluigi Paganini January 30, 2024
Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc), including a heap-based buffer overflow tracked as CVE-2023-6246. GNU C Library (glibc) is a free software library that provides essential system […]

Pierluigi Paganini December 16, 2023
New NKAbuse malware abuses NKN decentralized P2P network protocol

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team (GERT) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. The malicious code is written in Go language, it is the first malware that relies on the NKN technology for data exchange […]

Pierluigi Paganini December 07, 2023
New Krasue Linux RAT targets telecom companies in Thailand

A previously undetected Linux RAT dubbed Krasue has been observed targeting telecom companies in Thailand. Group-IB researchers discovered a previously undetected Linux remote access trojan called Krasue has been employed in attacks aimed at telecom companies in Thailand. The Krasue Remote Access Trojan (RAT) has remained undetected since at least 2021 when it was registered on […]

Pierluigi Paganini November 22, 2023
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2023-4911 (CVSS score 7.8), aka Looney Tunables, is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the […]

Pierluigi Paganini November 04, 2023
Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Kinsing threat actors are exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables to target cloud environments. Researchers are cloud security firm Aqua have observed threat actors exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables in attacks against cloud environments. The vulnerability Looney Tunables (CVE-2023-4911 (CVSS score 7.8)) is a buffer overflow issue that […]

Pierluigi Paganini October 10, 2023
A flaw in libcue library impacts GNOME Linux systems

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts. libcue provides an […]

Pierluigi Paganini October 06, 2023
Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. An attacker can trigger the vulnerability to execute code with elevated privileges. “A […]