HackDig : Dig high-quality web security articles

New Linux Ransomware BlackSuit is similar to Royal ransomware

Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. The human-operated Royal ransomware first appeared on the threat
Publish At:2023-06-03 07:29 | Read:101306 | Comments:0 | Tags:Breaking News Cyber Crime Malware BlackSuit ransomware Cyber

New Go-written GobRAT RAT targets Linux Routers in Japan

A new Golang remote access trojan (RAT), tracked as GobRAT, is targeting Linux routers in Japan, the JPCERT Coordination Center warns. JPCERT/CC is warning of cyberattacks against Linux routers in Japan that have been infected with a new Golang remote access trojan (RAT) called GobRAT. Threat actors are targeting Linux routers with publicly exposed WEB
Publish At:2023-05-29 11:27 | Read:65016 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Internet of Things Malware

A Linux NetFilter kernel flaw allows escalating privileges to ‘root’

A Linux NetFilter kernel flaw, tracked as CVE-2023-32233, can be exploited by unprivileged local users to escalate their privileges to root. Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for pack
Publish At:2023-05-09 17:10 | Read:122360 | Comments:0 | Tags:Breaking News Security CVE-2023-32233 Hacking hacking news i

Researchers found the first Linux variant of the RTM locker

RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code
Publish At:2023-04-27 14:10 | Read:96284 | Comments:0 | Tags:Breaking News Cyber Crime Malware Security Cybercrime Hackin

Decoy dog toolkit plays the long game with Pupy RAT

Researchers at Infoblox have discovered a new toolkit being used in the wild called Decoy Dog. It targets enterprises, and has a fondness for deploying a remote access trojan called Pupy RAT. Activity from the RAT was first noticed earlier this month. Subsequent research revealed that it has been in operation since at least April last year. An initial t
Publish At:2023-04-26 22:02 | Read:256294 | Comments:0 | Tags:News Pupy RAT nation state russia decoy dog toolkit linux mo

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group  (aka GALLIUM, Softcell) targeting Linux systems with a new variant of PingPull backdoor. While investigating the activity of
Publish At:2023-04-26 19:22 | Read:175826 | Comments:0 | Tags:APT Hacking Intelligence Mobile Alloy Taurus backdoor China

New Mélofée Linux malware linked to Chinese APT groups

Exatrack researchers warn of an unknown China-linked hacking group that has been linked to a new Linux malware, dubbed Mélofée. Cybersecurity researchers from ExaTrack recently discovered a previously undetected malware family, dubbed Mélofée, targeting Linux servers. The researchers linked with high-confidence this malware to China-linked APT groups,
Publish At:2023-03-30 09:30 | Read:521822 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Malware

New ShellBot bot targets poorly managed Linux SSH Servers

New ShellBot DDoS bot malware, aka PerlBot, is targeting poorly managed Linux SSH servers, ASEC researchers warn. AhnLab Security Emergency response Center (ASEC) discovered a new variant of the ShellBot malware that was employed in a campaign that targets poorly managed Linux SSH servers. The ShellBot, also known as PerlBot, is a Perl-based DDoS bot t
Publish At:2023-03-21 17:28 | Read:248167 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime DDoS in

Recently discovered IceFire Ransomware now also targets Linux systems

The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-
Publish At:2023-03-09 11:20 | Read:275389 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware IceFire ransomware

Readline crime: exploiting a SUID logic bug

By roddux // Rory M I discovered a logic bug in the readline dependency partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow attackers to move laterally on a box where sshd is running, a given user is able to login, and the user’s private key is stored in a known location (/home/user/.ssh/i
Publish At:2023-02-16 09:48 | Read:232086 | Comments:0 | Tags:Linux exploit

Two year old vulnerability used in ransomware attack against VMware ESXi

On Friday and over the weekend, several Computer Emergency Response Teams (CERTs) sounded the alarm about an ongoing large scale ransomware attack on VMware ESXi virtual machines. With some discrepancies between Shodan queries from various researchers, most agree that an estimated 500 entities were affected by the attack over the weekend. Old
Publish At:2023-02-06 22:16 | Read:244443 | Comments:0 | Tags:Exploits and vulnerabilities News Ransomware VMware ESXi Nev

Harnessing the eBPF Verifier

By Laura Bauman During my internship at Trail of Bits, I prototyped a harness that improves the testability of the eBPF verifier, simplifying the testing of eBPF programs. My eBPF harness runs in user space, independently of any locally running kernel, and thus opens the door to testing of eBPF programs across different kernel versions. eBPF enables users to
Publish At:2023-01-19 09:47 | Read:242310 | Comments:0 | Tags:Internship Projects eBPF Linux

New shc Linux Malware used to deploy CoinMiner

Researchers discovered a new Linux malware developed with the shell script compiler (shc) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler (shc) that threat actors used to install a CoinMiner. The experts believe attackers initially compromised targeted de
Publish At:2023-01-04 08:29 | Read:250767 | Comments:0 | Tags:Breaking News Cyber Crime Malware CoinMiner Cybercrime Hacki

New Linux malware targets WordPress sites by exploiting 30 bugs

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes. The malware i
Publish At:2022-12-30 18:30 | Read:309073 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime hacking

Critical Linux Kernel flaw affects SMB servers with ksmbd enabled

Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. An u
Publish At:2022-12-25 19:46 | Read:367746 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud