ICT Security-Sécurité PC et Internet
87.8K views | +2 today
Follow
ICT Security-Sécurité PC et Internet
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
October 15, 2024 2:25 PM
Scoop.it!

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists | ICT Security-Sécurité PC et Internet | Scoop.it

North Korean hackers deploy Linux-based FASTCash malware to exploit ATMs globally, enabling fraudulent withdrawals.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

North Korean hackers deploy Linux-based FASTCash malware to exploit ATMs globally, enabling fraudulent withdrawals.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
September 26, 2024 3:42 PM
Scoop.it!

Doomsday 9.9 unauthenticated RCE bug affects 'all Linux'

Doomsday 9.9 unauthenticated RCE bug affects 'all Linux' | ICT Security-Sécurité PC et Internet | Scoop.it

No fix yet plus criticalness plus uncertainty plus talk of example exploit equals nightmare
Jessica Lyons


Details about an as-yet-non-public critical 9.9-out-of-10-severity unauthenticated remote-code execution vulnerability affecting all GNU/Linux systems could be revealed today.

That's according to software developer Simone Margaritelli, who says there's still no fix for the decade-old flaw he disclosed to developers three weeks ago. If it is as described, the bug could be used to hijack Linux-based systems from across the internet or network.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

No fix yet plus criticalness plus uncertainty plus talk of example exploit equals nightmare
Jessica Lyons


Details about an as-yet-non-public critical 9.9-out-of-10-severity unauthenticated remote-code execution vulnerability affecting all GNU/Linux systems could be revealed today.

That's according to software developer Simone Margaritelli, who says there's still no fix for the decade-old flaw he disclosed to developers three weeks ago. If it is as described, the bug could be used to hijack Linux-based systems from across the internet or network.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
September 12, 2023 11:33 AM
Scoop.it!

Free Download Manager site redirected Linux users to malware for years

Free Download Manager site redirected Linux users to malware for years | ICT Security-Sécurité PC et Internet | Scoop.it

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.

The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials.

Kaspersky discovered the potential supply chain compromise case while investigating suspicious domains, finding that the campaign has been underway for over three years.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.

The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials.

Kaspersky discovered the potential supply chain compromise case while investigating suspicious domains, finding that the campaign has been underway for over three years.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

No comment yet.
Scooped by Gust MEES
August 15, 2023 3:59 PM
Scoop.it!

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics | ICT Security-Sécurité PC et Internet | Scoop.it

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

No comment yet.
Scooped by Gust MEES
July 13, 2023 8:33 AM
Scoop.it!

Angriff ohne Spuren: Kryptomining-Malware versteckt sich ausschließlich im Ram 

Angriff ohne Spuren: Kryptomining-Malware versteckt sich ausschließlich im Ram  | ICT Security-Sécurité PC et Internet | Scoop.it

Kryptomining-Malware versteckt sich ausschließlich im Ram
Ein Python-Skript namens Pyloose hat es auf Linux-Systeme abgesehen, um direkt aus dem Arbeitsspeicher heraus Kryptowährungen zu schürfen.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
Gust MEES's insight:

Kryptomining-Malware versteckt sich ausschließlich im Ram
Ein Python-Skript namens Pyloose hat es auf Linux-Systeme abgesehen, um direkt aus dem Arbeitsspeicher heraus Kryptowährungen zu schürfen.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
May 9, 2023 12:54 PM
Scoop.it!

New Linux kernel NetFilter flaw gives attackers root privileges

New Linux kernel NetFilter flaw gives attackers root privileges | ICT Security-Sécurité PC et Internet | Scoop.it

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.

The CVE-2023-32233 identifier has been reserved for the vulnerability, but a severity level is yet to be determined.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.

The CVE-2023-32233 identifier has been reserved for the vulnerability, but a severity level is yet to be determined.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
January 27, 2023 2:45 PM
Scoop.it!

Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ

Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ | ICT Security-Sécurité PC et Internet | Scoop.it

The Feds have disrupted the prolific Hive ransomware gang, saving victims from a collective $130 million in ransom demands. But it remains to be seen how much of a blow the effort will be to the overall ransomware landscape.

The group's operations have been buzzing with activity for months, racking up more than 1,500 victims in 80-plus countries around the world since it appeared in June 2021, according to an announcement from the US Justice Department. The gang has been operating with a ransomware-as-a-service (RaaS) model, engaging in data theft and double extortion, and delivering its venom indiscriminately to school districts, financial firms, critical infrastructure, and others. At least one affiliate has become a bit of a hospital specialist, disrupting patient care in some attacks.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
 
Gust MEES's insight:

The Feds have disrupted the prolific Hive ransomware gang, saving victims from a collective $130 million in ransom demands. But it remains to be seen how much of a blow the effort will be to the overall ransomware landscape.

The group's operations have been buzzing with activity for months, racking up more than 1,500 victims in 80-plus countries around the world since it appeared in June 2021, according to an announcement from the US Justice Department. The gang has been operating with a ransomware-as-a-service (RaaS) model, engaging in data theft and double extortion, and delivering its venom indiscriminately to school districts, financial firms, critical infrastructure, and others. At least one affiliate has become a bit of a hospital specialist, disrupting patient care in some attacks.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
 
No comment yet.
Scooped by Gust MEES
April 27, 2022 6:44 PM
Scoop.it!

Microsoft points out privilege-escalation flaws in Linux | #CyberSecurity #Nimbuspwn

Microsoft points out privilege-escalation flaws in Linux | #CyberSecurity #Nimbuspwn | ICT Security-Sécurité PC et Internet | Scoop.it

Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.

It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all the effort of a big write-up and giving the flaws a catchy name, Nimbuspwn, when countless privilege-elevation holes are fixed in its Windows operating system each month, and we can't recall Microsoft lately making this much of a song and dance over them.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.

It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all the effort of a big write-up and giving the flaws a catchy name, Nimbuspwn, when countless privilege-elevation holes are fixed in its Windows operating system each month, and we can't recall Microsoft lately making this much of a song and dance over them.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
March 7, 2022 9:13 AM
Scoop.it!

Dirty Pipe: Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten | #CyberSecurity

Dirty Pipe: Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it

Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten
Ein Fehler bei der Verarbeitung von Pipes im Linux-Kernel lässt sich ausnutzen, um Root-Rechte zu erlangen.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten
Ein Fehler bei der Verarbeitung von Pipes im Linux-Kernel lässt sich ausnutzen, um Root-Rechte zu erlangen.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
January 26, 2022 5:08 PM
Scoop.it!

Major Linux PolicyKit security vulnerability uncovered: Pwnkit

Major Linux PolicyKit security vulnerability uncovered: Pwnkit | ICT Security-Sécurité PC et Internet | Scoop.it

If it's not one thing, it's another. After one real Linux problem -- the heap overflow bug in the Linux kernel's fs/fs_context.c program -- is found and fixed, then a new security problem is discovered. This time security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. 

Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.


How dangerous is it? Very. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

If it's not one thing, it's another. After one real Linux problem -- the heap overflow bug in the Linux kernel's fs/fs_context.c program -- is found and fixed, then a new security problem is discovered. This time security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. 

Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.


How dangerous is it? Very. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
January 21, 2022 4:25 PM
Scoop.it!

Les malware pour Linux sont en croissance, voici les trois principales menaces actuelles | #CyberSecurity

Les malware pour Linux sont en croissance, voici les trois principales menaces actuelles | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it

Les appareils de l'internet des objets font augmenter le nombre de variantes de logiciels malveillants Linux.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Les appareils de l'internet des objets font augmenter le nombre de variantes de logiciels malveillants Linux.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
October 29, 2021 12:30 PM
Scoop.it!

Hive ransomware now encrypts Linux and FreeBSD systems | #CyberSecurity 

Hive ransomware now encrypts Linux and FreeBSD systems | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.

However, as Slovak internet security firm ESET discovered, Hive's new encryptors are still in development and still lack functionality.

The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
 
Gust MEES's insight:

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.

However, as Slovak internet security firm ESET discovered, Hive's new encryptors are still in development and still lack functionality.

The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
 
 
No comment yet.
Scooped by Gust MEES
July 27, 2021 6:15 AM
Scoop.it!

Microsoft warns over this unusual malware that targets Windows and Linux | #CyberSecurity

Microsoft warns over this unusual malware that targets Windows and Linux | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it

Microsoft is warning customers about the LemonDuck crypto mining malware which is targeting both Windows and Linux systems and is spreading via phishing emails, exploits, USB devices, and brute force attacks, as well as attacks targeting critical on-premise Exchange Server vulnerabilities uncovered in March. 

The group was discovered to be using Exchange bugs to mine for cryptocurrency in May, two years after it first emerged.        

Notably, the group behind LemonDuck is taking advantage of high-profile security bugs by exploiting older vulnerabilities during periods where security teams are focussed on patching critical flaws, and even removing rival malware. 

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Gust MEES's insight:

Microsoft is warning customers about the LemonDuck crypto mining malware which is targeting both Windows and Linux systems and is spreading via phishing emails, exploits, USB devices, and brute force attacks, as well as attacks targeting critical on-premise Exchange Server vulnerabilities uncovered in March. 

The group was discovered to be using Exchange bugs to mine for cryptocurrency in May, two years after it first emerged.        

Notably, the group behind LemonDuck is taking advantage of high-profile security bugs by exploiting older vulnerabilities during periods where security teams are focussed on patching critical flaws, and even removing rival malware. 

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

No comment yet.
Scooped by Gust MEES
October 8, 2024 2:25 PM
Scoop.it!

Linux-Malware "Perfctl" befällt offenbar schon seit Jahren Linux-Server

Linux-Malware "Perfctl" befällt offenbar schon seit Jahren Linux-Server | ICT Security-Sécurité PC et Internet | Scoop.it

Linux-Malware "Perfctl" befällt offenbar schon seit Jahren Linux-Server.
Eine ausgeklügelte Malware befällt massenweise Linux-Server mit falschen Konfigurationen. Das blieb lange unentdeckt, auch wegen der guten Tarnung.


Eine jetzt entdeckte Malware hat es auf Linux-Server abgesehen: Wie die Experten der Cybersecurity-Beratung Aqua Security berichten, ist das Programm namens "Perfctl" vermutlich schon seit 2021 im Umlauf und befällt Linux-Systeme, um diese heimlich als Proxyserver und für Cryptomining zu nutzen. Das Schadprogramm kann auch als Loader für weitere unerwünschte Programme fungieren.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

Linux-Malware "Perfctl" befällt offenbar schon seit Jahren Linux-Server.
Eine ausgeklügelte Malware befällt massenweise Linux-Server mit falschen Konfigurationen. Das blieb lange unentdeckt, auch wegen der guten Tarnung.


Eine jetzt entdeckte Malware hat es auf Linux-Server abgesehen: Wie die Experten der Cybersecurity-Beratung Aqua Security berichten, ist das Programm namens "Perfctl" vermutlich schon seit 2021 im Umlauf und befällt Linux-Systeme, um diese heimlich als Proxyserver und für Cryptomining zu nutzen. Das Schadprogramm kann auch als Loader für weitere unerwünschte Programme fungieren.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
February 9, 2024 9:54 AM
Scoop.it!

Bootloader-Lücke gefährdet viele Linux-Distributionen | heise online

Bootloader-Lücke gefährdet viele Linux-Distributionen | heise online | ICT Security-Sécurité PC et Internet | Scoop.it

Bootloader-Lücke gefährdet viele Linux-Distributionen
Im Bootloader shim, der Secure-Boot auch für nicht-Windows-Betriebssysteme erlaubt, klafft eine Sicherheitslücke.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Bootloader-Lücke gefährdet viele Linux-Distributionen
Im Bootloader shim, der Secure-Boot auch für nicht-Windows-Betriebssysteme erlaubt, klafft eine Sicherheitslücke.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
September 7, 2023 10:08 AM
Scoop.it!

'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign

'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign | ICT Security-Sécurité PC et Internet | Scoop.it

The fake TradingView website is hosted on trabingviews[.]com, with special font characters being used to make it look like the legitimate domain and help it avoid detection.

The malicious website is designed to look authentic, claiming to offer downloads for the TradingView app’s Windows, macOS and Linux versions.

While the Windows and Linux files deliver the NetSupport RAT, the Mac file delivers the AMOS malware. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

 

Gust MEES's insight:

The fake TradingView website is hosted on trabingviews[.]com, with special font characters being used to make it look like the legitimate domain and help it avoid detection.

The malicious website is designed to look authentic, claiming to offer downloads for the TradingView app’s Windows, macOS and Linux versions.

While the Windows and Linux files deliver the NetSupport RAT, the Mac file delivers the AMOS malware. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

 

No comment yet.
Scooped by Gust MEES
July 14, 2023 5:24 AM
Scoop.it!

AVrecon malware infects 70,000 Linux routers to build botnet

AVrecon malware infects 70,000 Linux routers to build botnet | ICT Security-Sécurité PC et Internet | Scoop.it

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

This allows its operators to hide a wide spectrum of malicious activities, from digital advertising fraud to password spraying.

According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan (RAT) compromised over 70,000 devices, only 40,000 were added to the botnet after gaining persistence.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

This allows its operators to hide a wide spectrum of malicious activities, from digital advertising fraud to password spraying.

According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan (RAT) compromised over 70,000 devices, only 40,000 were added to the botnet after gaining persistence.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
July 6, 2023 9:39 AM
Scoop.it!

New StackRot Linux kernel flaw allows privilege escalation

New StackRot Linux kernel flaw allows privilege escalation | ICT Security-Sécurité PC et Internet | Scoop.it

Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "minimal capabilities." The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges.

A patch is available for the affected stable kernels since July 1st and full details about the issue along with a complete exploit code are expected by the end of the month.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "minimal capabilities." The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges.

A patch is available for the affected stable kernels since July 1st and full details about the issue along with a complete exploit code are expected by the end of the month.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
March 2, 2023 12:57 PM
Scoop.it!

Linux Support Expands Cyber Spy Group's Arsenal

Linux Support Expands Cyber Spy Group's Arsenal | ICT Security-Sécurité PC et Internet | Scoop.it

A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.


Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.


Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
December 27, 2022 3:09 PM
Scoop.it!

Une grave faille de sécurité affecte le noyau Linux | #CyberSecurity

Une grave faille de sécurité affecte le noyau Linux | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it

Une grave faille de sécurité affecte le noyau Linux
Sécurité : La faille de sécurité affecte ksmbd, un serveur SMB intégré au noyau de Linux 5.15, et sa note de gravité avoisine le 10, selon la ZDI.

Joyeux Noël à tous les administrateurs de systèmes Linux ! Et en guise de cadeau : une grave faille de sécurité dans le noyau Linux.

C’est la Zero Day Initiative (ZDI), une société de recherche sur les failles zero-day, qui l’a découverte et annoncée juste avant le réveillon.

Cette vulnérabilité pourrait permettre à un attaquant à distance authentifié de divulguer des informations sensibles et d’exécuter du code sur les versions vulnérables du noyau Linux.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
Gust MEES's insight:

Une grave faille de sécurité affecte le noyau Linux
Sécurité : La faille de sécurité affecte ksmbd, un serveur SMB intégré au noyau de Linux 5.15, et sa note de gravité avoisine le 10, selon la ZDI.

Joyeux Noël à tous les administrateurs de systèmes Linux ! Et en guise de cadeau : une grave faille de sécurité dans le noyau Linux.

C’est la Zero Day Initiative (ZDI), une société de recherche sur les failles zero-day, qui l’a découverte et annoncée juste avant le réveillon.

Cette vulnérabilité pourrait permettre à un attaquant à distance authentifié de divulguer des informations sensibles et d’exécuter du code sur les versions vulnérables du noyau Linux.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
No comment yet.
Scooped by Gust MEES
March 18, 2022 5:47 PM
Scoop.it!

Nasty Linux netfilter firewall security hole found | #CyberSecurity #NobodyIsPerfect 

Nasty Linux netfilter firewall security hole found | #CyberSecurity #NobodyIsPerfect  | ICT Security-Sécurité PC et Internet | Scoop.it

Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
Gust MEES's insight:

Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
No comment yet.
Scooped by Gust MEES
January 26, 2022 5:11 PM
Scoop.it!

Pwnkit: Triviale Linux-Lücke ermöglicht Root-Rechte 

Pwnkit: Triviale Linux-Lücke ermöglicht Root-Rechte  | ICT Security-Sécurité PC et Internet | Scoop.it

Triviale Linux-Lücke ermöglicht Root-Rechte
Zum Ausnutzen der Sicherheitslücke in Polkit muss der Dienst nur installiert sein. Das betrifft auch Serversysteme. Exploits dürften schnell genutzt werden.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Triviale Linux-Lücke ermöglicht Root-Rechte
Zum Ausnutzen der Sicherheitslücke in Polkit muss der Dienst nur installiert sein. Das betrifft auch Serversysteme. Exploits dürften schnell genutzt werden.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
January 21, 2022 4:40 PM
Scoop.it!

Linux malware is on the rise. Here are three top threats right now | #CyberSecurity 

Linux malware is on the rise. Here are three top threats right now | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it

Internet of Things devices are driving up the number of Linux malware variants.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Internet of Things devices are driving up the number of Linux malware variants.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
January 20, 2022 9:20 AM
Scoop.it!

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung | #CyberSecurity 

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung
Vor allem in Cloud-Systemen problematisch: An Linux-Systemen angemeldete Nutzer könnten aufgrund eines potenziellen Pufferüberlaufs ihre Rechte ausweiten.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung
Vor allem in Cloud-Systemen problematisch: An Linux-Systemen angemeldete Nutzer könnten aufgrund eines potenziellen Pufferüberlaufs ihre Rechte ausweiten.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

No comment yet.
Scooped by Gust MEES
August 3, 2021 6:53 AM
Scoop.it!

Microsoft: This Windows and Linux malware does everything it can to stay on your network | #CyberSecurity

Microsoft: This Windows and Linux malware does everything it can to stay on your network | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it

Microsoft has continued its analysis of the LemonDuck malware, known for installing crypto-miners in enterprise environments. It makes a strong case for why it is worth removing it from your network. 

This group, according to Microsoft, has a well-stocked arsenal of hacking tools, tricks and exploits aimed at one thing: for their malware to retain exclusive access to a compromised network for as long as possible.

While crypto-mining malware could be just a nuisance, LemonDuck attributes suggest the attacker group really do try to own compromised networks by disabling anti-malware, removing rival malware, and even automatically patching vulnerabilities -- a competitive effort to keep rival attackers from feeding off its turf. 

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Gust MEES's insight:

Microsoft has continued its analysis of the LemonDuck malware, known for installing crypto-miners in enterprise environments. It makes a strong case for why it is worth removing it from your network. 

This group, according to Microsoft, has a well-stocked arsenal of hacking tools, tricks and exploits aimed at one thing: for their malware to retain exclusive access to a compromised network for as long as possible.

While crypto-mining malware could be just a nuisance, LemonDuck attributes suggest the attacker group really do try to own compromised networks by disabling anti-malware, removing rival malware, and even automatically patching vulnerabilities -- a competitive effort to keep rival attackers from feeding off its turf. 

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

No comment yet.