CyberSecurity updates
Updated: 2024-12-04 13:07:16 Pacfic

Pierluigi Paganini @ Security Affairs
Bootkitty: First UEFI Bootkit Targeting Linux Systems - 5d

ESET researchers discovered Bootkitty, the first UEFI bootkit designed for Linux systems. While appearing to be a proof-of-concept, its existence signals a concerning shift in the UEFI threat landscape, expanding threats beyond traditionally targeted Windows systems. Further research is needed to determine its potential for active exploitation and the extent of its capabilities.

arstechnica.com
Exploiting Log4j Vulnerabilities: Still Active After Nearly 3 Years - 2d

Log4j vulnerabilities, specifically CVE-2021-44228 and CVE-2021-45046, remain a significant threat to cybersecurity. Despite being discovered in late 2021, vulnerable instances of Log4j are still being actively exploited. This highlights the importance of prompt patching and ongoing security measures for software components. The persistence of Log4j exploits indicates the challenge of achieving widespread adoption of patches, even for critical vulnerabilities. It underscores the need for proactive security practices and ongoing vigilance to address known vulnerabilities.

arstechnica.com
Perfctl Malware Exploits Common Misconfigurations and Known Vulnerabilities to Infect Linux Machines - 20d

Perfctl, a stealthy and persistent Linux malware, has been circulating since at least 2021, infecting thousands of machines. It leverages a range of tactics, including exploiting common misconfigurations and known vulnerabilities, to gain access to vulnerable systems. The malware, which has a high success rate in avoiding detection, uses a naming convention similar to common Linux tools to blend in with legitimate processes. The attackers exploit vulnerabilities like CVE-2023-33246 in Apache RocketMQ, a widely used messaging and streaming platform, to establish a foothold. Perfctl is primarily used for cryptocurrency mining, stealing processing power from infected machines.

securityonline.info
Multiple Critical Vulnerabilities in GNU/Linux Systems Enabled Unauthenticated Remote Code Execution (RCE) - 10d

A critical security vulnerability has been discovered in all GNU/Linux systems, and potentially others, allowing unauthenticated remote code execution (RCE) with a CVSS score of 9.9. This vulnerability is being kept under wraps until full disclosure, but its impact could be severe, potentially allowing attackers to compromise systems without any user interaction. Organizations using GNU/Linux systems should prioritize patching and implementing robust security measures to mitigate the risks associated with this critical vulnerability.

ubuntu.com
Linux Kernel Vulnerabilities (USN-7019-1) Impact Multiple Subsystems and Architectures - 15d

Multiple vulnerabilities have been identified and addressed in the Linux kernel, impacting various subsystems and architectures. These vulnerabilities, including CVE-2022-38096, CVE-2024-23307, CVE-2024-23848, and others, could potentially allow attackers to exploit weaknesses within the kernel to compromise the system. Affected systems should be updated promptly to mitigate the risks associated with these vulnerabilities. Timely updates are essential to ensure the stability and security of Linux systems.

thehackernews.com
New Linux Malware Campaign Exploits Oracle WebLogic to Mine Cryptocurrency: Hadooken Malware Delivers Tsunami and Deploys Crypto Miners, Targeting Linux Environments - 20d

A newly identified malware campaign is targeting Linux systems, particularly Oracle WebLogic servers, for illicit cryptocurrency mining. The campaign delivers Hadooken malware, which in turn drops Tsunami malware and deploys crypto miners. The malware’s objective is to exploit vulnerable systems to secretly mine cryptocurrency, potentially impacting system performance and consuming valuable computing resources. The campaign highlights the growing threat of malware targeting Linux environments and the need for robust security measures to protect against such attacks. The use of established tools like Oracle WebLogic to distribute malicious payloads is also a key finding.

broadcom.com
Linux SSH Server Attacks: SuperShell and ShellBot Malware Campaigns - 20d

Linux SSH servers have been targeted by two separate malware campaigns: SuperShell and ShellBot. SuperShell, a Go-based malware, acts as a reverse shell granting attackers remote control of infected systems. It collects system information, potentially installs crypto miners and may be used for DDoS attacks. ShellBot, a Perl-based DDoS bot, targets vulnerable SSH servers through brute force attacks, leveraging the IRC protocol for command and control. Both campaigns leverage weak SSH credentials as an attack vector, emphasizing the importance of strong password practices and regular security audits for Linux systems.


This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.