Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 4
61 résultats taggé Linux  ✕
[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds https://syst3mfailure.io/two-bytes-of-madness/
10/05/2025 22:59:46
QRCode
archive.org
thumbnail

CVE-2025-37752 is an Array-Out-Of-Bounds vulnerability in the Linux network packet scheduler, specifically in the SFQ queuing discipline. An invalid SFQ limit and a series of interactions between SFQ and the TBF Qdisc can lead to a 0x0000 being written approximately 256KB out of bounds at a misaligned offset. If properly exploited, this can enable privilege escalation.

  • Spray sfq_slots in kmalloc-64 to prevent an immediate kernel crash when the bug is triggered.
  • Prevent a type-confused skb from being dequeued by reconfiguring the TBF Qdisc. Drop TBF rate and add packet overhead before the OOB write occurs.
  • Use the 0x0000 written 262636 bytes OOB to corrupt the pipe->files field of a named pipe, free the pipe, cause page-level UAF and get arbitrary R/W in that page.
  • Reclaim the freed page with signalfd files and use the page-level R/W primitive to swap file->private_data with file->f_cred.
  • Get root by overwriting the process credentials with zeros via signalfd4().bounds at a misaligned offset. If properly exploited, this can enable privilege escalation.
syst3mfailure.io EN 2025 CVE-2025-37752 kernelCTF linux kernel pwn exploit oob out-of-bounds vulnerability
Linux wiper malware hidden in malicious Go modules on GitHub https://www.bleepingcomputer.com/news/security/linux-wiper-malware-hidden-in-malicious-go-modules-on-github/
06/05/2025 11:21:38
QRCode
archive.org
thumbnail

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.

The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them.

Complete disk destruction
The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wiping activity.

Furthermore, the payload verifies that it runs in a Linux environment (runtime.GOOS == "linux") before trying to execute.

An analysis from supply-chain security company Socket shows that the command overwrites with zeroes every byte of data, leading to irreversible data loss and system failure.

The target is the primary storage volume, /dev/sda, that holds critical system data, user files, databases, and configurations.

“By populating the entire disk with zeros, the script completely destroys the file system structure, operating system, and all user data, rendering the system unbootable and unrecoverable” - Socket

The researchers discovered the attack in April and identified three Go modules on GitHub, that have since been removed from the platform:

github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy

bleepingcomputer EN 2025 Data-Wiper GitHub Golang Linux Server supply-chain-attack
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs https://www.elastic.co/security-labs/outlaw-linux-malware
06/04/2025 11:21:09
QRCode
archive.org
thumbnail

OUTLAW is a persistent yet unsophisticated auto-propagating coinminer package observed across multiple versions over the past few years [1], [2], [3], [4]. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics such as SSH brute-forcing, SSH key and cron-based persistence, and manually modified commodity miners and IRC channels. This persistence highlights how botnet operators can achieve widespread impact without relying on sophisticated techniques.

elastic EN 2025 OUTLOW linux malware analisys
SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write - SSD Secure Disclosure https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/
22/03/2025 10:12:34
QRCode
archive.org
thumbnail

This advisory describes an out-of-bounds write vulnerability in the Linux kernel that achieves local privilege escalation on Ubuntu 22.04 for active user sessions.

Credit
An independent security researcher working with SSD Secure Disclosure.

Vendor Response
Ubuntu has released the following advisory and fix: https://ubuntu.com/security/CVE-2025-0927

ssd-disclosure EN 2025 CVE-2025-0927 Linux kernel hfsplus slab-out-of-bounds Write
Bootkitty: Analyzing the first UEFI bootkit for Linux https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/
28/11/2024 10:25:22
QRCode
archive.org
thumbnail

ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

welivesecurity EN 2024 Bootkitty UEFI bootkit Linux
Windows infected with backdoored Linux VMs in new phishing attacks https://www.bleepingcomputer.com/news/security/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks/
13/11/2024 11:29:40
QRCode
archive.org
thumbnail

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

Backdoor Linux Phishing QEMU Virtual-Machine Windows Security InfoSec Computer-Security
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging - Securonix https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/
04/11/2024 16:55:53
QRCode
archive.org
thumbnail

In a rather novel attack chain, attackers deploy a custom-made emulated QEMU Linux box to persist on endpoints, delivered through phishing emails.

securonix EN 2024 Linux CRON#TRAP QEMU phishing emails
FASTCash for Linux https://doubleagent.net/fastcash-for-linux/
21/10/2024 21:10:40
QRCode
archive.org
thumbnail

Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.

doubleagent EN 2024 analysis Linux DPRK FASTCash malware
From Perfctl to InfoStealer https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334
09/10/2024 16:09:09
QRCode
archive.org
thumbnail

From Perfctl to InfoStealer, Author: Xavier Mertens

sans EN 2024 Perfctl infostealer analysis linux
perfctl: A Stealthy Malware Targeting Millions of Linux Servers https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
06/10/2024 23:32:52
QRCode
archive.org
thumbnail

Perfctl is particularly elusive and persistent malware employing several sophisticated techniques

aquasec EN 2024 research Stealthy Malware Linux Servers perfctl
Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
25/08/2024 19:50:44
QRCode
archive.org
thumbnail

Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.

aon EN 2024 sedexp Linux Malware udev Rules
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1) https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
25/06/2024 09:19:25
QRCode
archive.org
thumbnail

A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.

ambionics EN 2024 cve-2024-2961 glibc linux PHP
RansomHub Draws in Affiliates with Multi-OS Capability and High Commission Rates https://www.recordedfuture.com/ransomhub-draws-in-affiliates-with-multi-os-capability-and-high-commission-rates
24/06/2024 20:15:50
QRCode
archive.org
thumbnail

Discover how RansomHub's ransomware-as-a-service targets Windows, Linux, and ESXi systems.

recordedfuture EN 2024 analysis RansomHub ESXi Linux Multi-OS
XZ backdoor behavior inside OpenSSH https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/
24/06/2024 16:44:07
QRCode
archive.org
thumbnail

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

securelist EN 2024 Backdoor Cyber-espionage Linux Malware Malware-Descriptions Malware-Technologies SSH Targeted-attacks XZ
Kaspersky analysis of the backdoor in XZ https://securelist.com/xz-backdoor-story-part-1/112354/
13/04/2024 03:32:39
QRCode
archive.org
thumbnail

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

securelist EN 2024 Backdoor Cyber-espionage Linux Malware analysis Malware-Descriptions Malware-Technologies SSH XZ
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind https://www.wired.com/story/jia-tan-xz-backdoor/
03/04/2024 17:16:13
QRCode
archive.org
thumbnail

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

wired EN 2024 XZ vulnerabilities linux open-source hackers JiaT75
Check if you're vulnerable to CVE-2024-3094 https://www.latio.tech/posts/CVE-2024-3094
01/04/2024 10:36:57
QRCode
archive.org
thumbnail

CVE-2024-3094 is the new hot one and it’s extremely critical; however, impact should be limited as most normal linux distros are unaffected. Here’s some stuff to know:

latio.tech EN 2024 CVE-2024-3094 check linux xz vulnerability-check
XZ Utils backdoor https://tukaani.org/xz-backdoor/
30/03/2024 16:28:24
QRCode
archive.org

This page is short for now but it will get updated as I learn more about the incident. Most likely it will be during the first week of April 2024.

The Git repositories of XZ projects are on git.tukaani.org.

xz.tukaani.org DNS name (CNAME) has been removed. The XZ projects currently don’t have a home page. This will be fixed in a few days.

tukaani EN 2024 XZ backdoor linux CVE-2024-3094
Easy privilege escalation exploit lands for Linux kernels https://www.theregister.com/2024/03/29/linux_kernel_flaw/
29/03/2024 22:49:16
QRCode
archive.org
thumbnail

CVE-2024-1086 turns the page tables on system admins

theregister EN 2024 CVE-2024-1086 Local-Privilege-Escalation Linux PoC Kernel
Urgent security alert for Fedora 41 and Fedora Rawhide users https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
29/03/2024 19:26:40
QRCode
archive.org
thumbnail

Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.

redhat EN 2024 xz backdoor linux CVE-2024-3094
page 1 / 4
4259 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio