linux (5)

13112071265?profile=RESIZE_180x180Securonix Threat Research has discovered a sophisticated phishing campaign, “CRON#TRAP,” that leverages a unique approach to infiltrate systems and establish persistent backdoors. This creative attack method involves deploying emulated Linux environments within compromised endpoints, specifically Tiny Core Linux.

Multi-Stage Attack Process of CRON#TRAP - The CRON#TRAP campaign employs a multi-stage attack method to compromise target systems and establish persistent backdoors. The initial infecti

12291239683?profile=RESIZE_400xThe term “Looney Tunables” refers to a vulnerability that exists in the GNU C library, which is a core library in Linux-based systems.  This library has a hand in many foundational operations like file opening and reading, threading, memory allocation, console printing, etc.  The bug was introduced in April of 2021, but the CVE was not posted to NIST until October 3rd, 2023.  The vulnerability was discovered by the Qualys Threat Research Unit in early September of this year.

A buffer overflow vu

11592223889?profile=RESIZE_180x180Cyber threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware designed to capture sensitive data from infected hosts.  The threat actor behind this Ransomware-as-a-Service (RaaS) promotes its offering on forums where it requests a share of profits from those engaging in malicious activities using its malware.

Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux.  It is also des

8508398465?profile=RESIZE_400xIn late January, a new botnet campaign was discovered targeting unpatched software running on Linux devices with recent code execution CVEs.  Once a device is compromised, the bot downloads and executes a malicious Python script that joins the compromised device to the botnet.  The botnet is controlled by attackers using Internet Relay Chat (IRC) and enables the attackers to perform DDoS attacks and run crypto miner software on infected devices.  Updates are available to patch all CVEs exploited

8175658256?profile=RESIZE_400xIn August 2020, the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware.  The entire report can be viewed here

The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, “The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector