The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.
CVE-2024-3094 is the new hot one and it’s extremely critical; however, impact should be limited as most normal linux distros are unaffected. Here’s some stuff to know:
This page is short for now but it will get updated as I learn more about the incident. Most likely it will be during the first week of April 2024.
The Git repositories of XZ projects are on git.tukaani.org.
xz.tukaani.org DNS name (CNAME) has been removed. The XZ projects currently don’t have a home page. This will be fixed in a few days.
CVE-2024-1086 turns the page tables on system admins
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.
A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car.
Tazama is the first open source platform for financial monitoring and fraud detection.
Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing.
I recently found an integer overflow in the Linux kernel, which leads
to the kernel allocating skb_shared_info in the userspace, which is
exploitable in systems without SMAP protection since skb_shared_info
contains references to function pointers.
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
Reptile is an open-source kernel module rootkit that targets Linux systems and is publicly available on GitHub. [1] Rootkits are malware that possess the capability to conceal themselves or other malware. They primarily target files, processes, and network communications for their concealment. Reptile’s concealment capabilities include not only its own kernel module but also files, directories, file contents, processes, and network traffic. Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse...
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
Cyble Research & Intelligence Labs examines the Linux variant of Akira Ransomware and assesses its impact on various sectors.
JPCERT/CC has confirmed attacks that infected routers in Japan with malware around February 2023. This blog article explains the details of the attack confirmed by JPCERT/CC and GobRAT malware, which was used in the attack. ### Attack flow up to...
An issue has been discovered in the Linux kernel that can be abused by
unprivileged local users to escalate privileges.
The issue is about Netfilter nf_tables accepting some invalid updates
to its configuration.
Uptycs threat research team discovered a new ransomware Linux binary attributed to the RTM group Locker, a known Ransomware-as-a-Service (RaaS) provider.
