Linux

‘WallEscape’ Linux Vulnerability Leaks User Passwords

CVE-2024-28085, Linux, Malware & Threats, Ubuntu, Vulnerabilities, WallEscape /

‘WallEscape’ Linux Vulnerability Leaks User Passwords 2024-04-01 at 19:31 By Ionut Arghire A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View […]

React to this headline:

Loading spinner

‘WallEscape’ Linux Vulnerability Leaks User Passwords Read More »

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

Alpine, backdoor, Debian, Don't miss, Fedora, Hot stuff, Kali Linux, Linux, Linux Mint, News, open source, Orca Security, Red Hat, supply chain attacks, Ubuntu, vulnerability /

XZ Utils backdoor update: Which Linux distros are affected and what can you do? 2024-03-31 at 21:01 By Zeljka Zorz The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of

React to this headline:

Loading spinner

XZ Utils backdoor update: Which Linux distros are affected and what can you do? Read More »

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

backdoor, CISA, CVE, Debian, Don't miss, Fedora, Hot stuff, Linux, News, open source, Red Hat, SUSE, vulnerability /

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

React to this headline:

Loading spinner

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

Lynis: Open-source security auditing tool

Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, scanning, software, Unix /

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

React to this headline:

Loading spinner

Lynis: Open-source security auditing tool Read More »

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

backdoor, Check Point, Don't miss, exploit, Hot stuff, Linux, Malware, News, vulnerability, Windows /

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware 2024-03-12 at 11:01 By Helga Labus A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely

React to this headline:

Loading spinner

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Read More »

Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability 

Linux, Vulnerabilities, vulnerability /

Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability  2024-02-07 at 16:31 By Ionut Arghire A critical remote code execution vulnerability in Shim could allow attackers to take over vulnerable Linux systems. The post Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability  Read More »

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

Akamai, botnet, Don't miss, exploit, Hot stuff, Linux, Log4j, Malware, News, vulnerability /

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities 2024-02-01 at 17:31 By Helga Labus The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet The FritzFrog botnet, initially identified in August 2020, is

React to this headline:

Loading spinner

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities Read More »

GNU C Library Vulnerability Leads to Full Root Access

CVE-2023-6246, GNU C, Linux, Qualys, Security Architecture, Vulnerabilities /

GNU C Library Vulnerability Leads to Full Root Access 2024-01-31 at 19:47 By Ionut Arghire Researchers at Qualys call attention to a vulnerability in Linux’s GNU C Library (glibc) that allows full root access to a system. The post GNU C Library Vulnerability Leads to Full Root Access appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

GNU C Library Vulnerability Leads to Full Root Access Read More »

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

cybersecurity, DFIR, Linux, News, open source, software /

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations 2024-01-16 at 06:31 By Mirko Zorz Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics analysis, post-mortem analysis, and digital evidence acquisition. Users can also perform malware analysis, OSINT and computer vision activities.

React to this headline:

Loading spinner

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations Read More »

AuthLogParser: Open-source tool for analyzing Linux authentication logs

cybersecurity, Don't miss, GitHub, Hot stuff, Linux, News, open source, software /

AuthLogParser: Open-source tool for analyzing Linux authentication logs 2024-01-08 at 07:31 By Mirko Zorz AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs (auth.log). The tool examines the auth.log file, extracting crucial details like SSH logins, user creations, event names, IP addresses, among others. It

React to this headline:

Loading spinner

AuthLogParser: Open-source tool for analyzing Linux authentication logs Read More »

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, OffSec, open source, penetration testing /

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! 05/12/2023 at 21:31 By Zeljka Zorz OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes:

React to this headline:

Loading spinner

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! Read More »

Apache ActiveMQ bug exploited to deliver Kinsing malware

Apache ActiveMQ, cryptojacking, Don't miss, exploit, Hot stuff, Linux, Malware, News, Trend Micro, vulnerability /

Apache ActiveMQ bug exploited to deliver Kinsing malware 21/11/2023 at 15:02 By Helga Labus Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services

React to this headline:

Loading spinner

Apache ActiveMQ bug exploited to deliver Kinsing malware Read More »

Looney Tunables bug exploited for cryptojacking

Aqua Security, cloud computing, cryptojacking, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications

React to this headline:

Loading spinner

Looney Tunables bug exploited for cryptojacking Read More »

‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks 

Cloud, cloud security, exploited, Featured, Linux /

‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks  06/11/2023 at 17:06 By Eduard Kovacs Glibc vulnerability affecting major Linux distributions and tracked as Looney Tunables exploited in cloud attacks by Kinsing group.  The post ‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks  Read More »

BiBi-Linux wiper targets Israeli companies

Don't miss, Hacktivism, Hot stuff, Israel, Linux, Malware, News, Security Joes /

BiBi-Linux wiper targets Israeli companies 31/10/2023 at 15:01 By Helga Labus Attackers have started using new wiper malware called BiBi-Linux to attack Israeli companies and destroy their data. The BiBi-Linux wiper The Security Joes Incident Response team found the malware during a forensics investigation of a breach within an Israeli company. “This malware is an

React to this headline:

Loading spinner

BiBi-Linux wiper targets Israeli companies Read More »

From Windows 9x to 11: Tracing Microsoft’s security evolution

CISA, CISO, cybersecurity, Don't miss, Features, Hot stuff, Linux, macOS, Microsoft, News, opinion, strategy, Tenable, Windows /

From Windows 9x to 11: Tracing Microsoft’s security evolution 31/10/2023 at 09:01 By Mirko Zorz Over its journey from Windows 9x to Windows 11, Microsoft has implemented multiple security overhauls, each addressing the challenges of its time and setting the stage for future developments. In this Help Net Security interview, we feature security researcher Alex

React to this headline:

Loading spinner

From Windows 9x to 11: Tracing Microsoft’s security evolution Read More »

10 essential cybersecurity cheat sheets available for free

cloud security, cybersecurity, Don't miss, guide, Hot stuff, Incident Response, Linux, News, skill development, strategy, tips, Windows /

10 essential cybersecurity cheat sheets available for free 18/10/2023 at 07:02 By Help Net Security Cheat sheets are concise, to-the-point references tailored for instant insights. This article provides a curated list of 10 essential cybersecurity cheat sheets, all free to download. Whether you’re seeking a quick refresher or a beginner trying to make sense of

React to this headline:

Loading spinner

10 essential cybersecurity cheat sheets available for free Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems

GNOME, Linux, Vulnerabilities /

One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems 10/10/2023 at 17:02 By Eduard Kovacs A one-click exploit targeting the Libcue component of the GNOME desktop environment could pose a serious threat to Linux systems. The post One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Scroll to Top