Linux Trojan | Breaking Cybersecurity News | The Hacker News

A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August. Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty in a US federal court on Tuesday for his role in the development and maintenance of the infamous Linux botnet known as Ebury that siphoned millions of dollars from victims worldwide. Senakh, who was detained by Finland in August 2015 and extradition to the US in January 2016, admitted to installing Ebury malware on computer servers worldwide, including thousands in the United States. First spotted in 2011, Ebury is an SSH backdoor Trojan for Linux and Unix-style operating systems, like FreeBSD or Solaris, which infected more than 500,000 computers and 25,000 dedicated servers in a worldwide malware campaign called ' Operation Windigo .' Ebury backdoor gives attackers full shell control of...

Security researchers have discovered a highly nasty Linux trojan that has been used by cybercriminals in state sponsored attack in order to steal personal, confidential information from government institutions, military and pharmaceutical companies around the world. A previously unknown piece of a larger puzzle called " Turla ," one of the most complex Advanced Persistent Threats (APTs) uncovered by researchers at Kaspersky Lab in August, remained hidden on some systems for at least four years. The malware was notable for its use of a rootkit that made it extremely hard to detect. The German security company G Data believed that Turla campaign is linked to Russia and has in the past exploited a variety of Windows vulnerabilities, at least two of which were zero-days, to infect government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. Recently, security researchers from Moscow-based Kaspersky Lab...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...