#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Linux Rootkit | Breaking Cybersecurity News | The Hacker News

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

Jul 29, 2020
A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. Dubbed ' BootHole ' and tracked as CVE-2020-10713 , the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems. Secure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) that uses a bootloader to load critical components, peripherals, and the operating system while ensuring that only cryptographically signed code executes during the boot process. "One of the explicit design goals of Secure Boot is to prevent unauthorized code, even running with administrator privileges, from gaining additional privileges and pre-OS pers
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Jul 07, 2020
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta , is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits , and other stealthy malware techniques such as process hiding . The project is named after Warsaw's Freta Street , the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I. "Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every us
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

May 29, 2019
Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u , the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised systems to prevent the malware from being terminated. The campaign, which dates back to February 26 but was first detected in early-April, has been found delivering 20 different payload versions hosted on various hosting providers. The attack relies on the brute-forcing technique after finding publicly accessible Windows MS-SQL and PHPMyAdmin servers using a simple port scanner. Upon successful login authentication with administrative privileges, attackers execute a sequence of MS-SQL commands on the compromised system to download malicious payload from a remote file server and
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

Jul 27, 2017
WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed ' Imperial ,' which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems. If you are a regular reader of THN, you must be aware that this latest revelation by the whistleblower organisation is the part of an ongoing CIA-Vault 7 leaks, marking it as the 18th batch in the series. If you are unaware of the Vault 7 leaks, you can head on to the second of this article for having a brief look on all the leaks at once. Achilles — Tool to Backdoor Mac OS X Disk Images Dubbed Achilles , the hacking tool allows CIA operators to combine malicious Trojan applications with a legitimate Mac OS app into a disk image installer (.DMG) file. The binding tool, the shell script is written in Bash, gives the CIA operators "one or more desired operator specified e
New Linux Rootkit Attacks Internet Users

New Linux Rootkit Attacks Internet Users

Dec 02, 2012
Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the web visitor&#
Cybersecurity Resources