Linux security | Breaking Cybersecurity News | The Hacker News

SUSE, the open source software company owned by British firm Micro Focus International, has been sold to a Swedish private equity firm. Yes, SUSE Linux and its associated software business has finally been acquired by EQT Partners for $2.535 billion, lifting its shares 6 percent. SUSE is one of the oldest open source companies and perhaps the first to provide enterprise-grade Linux software service to banks, universities and government agencies around the world. Since its foundation in 1992, SUSE has changed ownership multiple times. US-based software company Novell acquired SUSE for $120 million in November 2003 to compete with Microsoft in the operating system market. However, things did not work as the company thought and Novell in turn itself was acquired by another US-based company The Attachmate Group for $2.2 billion in 2011. Three years later, Micro Focus International acquired Attachmate for $2.35 billion in 2014. Since then SUSE Linux has been part of Micro Focus ...

A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines. Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available today, including Windows, Linux, UNIX, IBM System 390, and OpenVMS. Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to share network shared folders, files, and printers with Windows operating system. The newly discovered remote code execution vulnerability ( CVE-2017-7494 ) affects all versions newer than Samba 3.5.0 that was released on March 1, 2010. "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba wrote in an advisory published Wed...

A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August. Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty in a US federal court on Tuesday for his role in the development and maintenance of the infamous Linux botnet known as Ebury that siphoned millions of dollars from victims worldwide. Senakh, who was detained by Finland in August 2015 and extradition to the US in January 2016, admitted to installing Ebury malware on computer servers worldwide, including thousands in the United States. First spotted in 2011, Ebury is an SSH backdoor Trojan for Linux and Unix-style operating systems, like FreeBSD or Solaris, which infected more than 500,000 computers and 25,000 dedicated servers in a worldwide malware campaign called ' Operation Windigo .' Ebury backdoor gives attackers full shell control of...

" Linux doesn't get viruses " — It's a Myth. A new Trojan has been discovered in the wild that turns Linux-based devices into proxy servers, which attackers use to protect their identity while launching cyber attacks from the hijacked systems. Dubbed Linux.Proxy.10 , the Trojan was first spotted at the end of last year by the researchers from Russian security firm Doctor Web, who later identified thousand of compromised machines by the end of January this year and the campaign is still ongoing and hunting for more Linux machines. According to researchers, the malware itself doesn't include any exploitation module to hack into Linux machines; instead, the attackers are using other Trojans and techniques to compromise devices at the first place and then create a new backdoor login account using the username as " mother " and password as " fucker ." Once backdoored and the attacker gets the list of all successfully compromised Linux ma...

No software is immune to being Hacked! Not even Linux. A security researcher has discovered a critical vulnerability in Ubuntu Linux operating system that would allow an attacker to remotely compromise a target computer using a malicious file. The vulnerability affects all default Ubuntu Linux installations versions 12.10 (Quantal) and later. Researcher Donncha O'Cearbhaill discovered the security bug which actually resides in the Apport crash reporting tool on Ubuntu. A successful exploit of this CrashDB code injection issue could allow an attacker to remotely execute arbitrary code on victim's machine. All an attacker needs is to trick the Ubuntu user into opening a maliciously booby-trapped crash file. This would inject malicious code in Ubuntu OS's crash file handler, which when parsed, executes arbitrary Python code. "The code first checks if the CrashDB field starts with { indicating the start of a Python dictionary," O'Cearbhaill explain...

A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu. Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed " Dirty COW ," was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, Debian, and Ubuntu. Now, another Linux kernel vulnerability ( CVE-2016-8655 ) that dates back to 2011 disclosed today could allow an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel. Philip Pettersson, the researcher who discovered the flaw, was able to create an exploit to gain a root shell on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities. In ...

A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild. Dubbed " Dirty COW ," the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons. First, it's very easy to develop exploits that work reliably. Secondly, the Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade. And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild. Dirty COW potentially allows any installed malicious app to gain administrative (root-level) access to a device and completely hijack it within just 5 seconds. Earlier this week, Linus Torvalds admi...

An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties' communications. Even the latest Android Nougat Preview is considered to be vulnerable. The security flaw was first appeared in the implementation of the TCP protocol in all Linux systems deployed since 2012 (version 3.6 and above of the Linux OS kernel) and the Linux Foundation has already patched the Linux kernel on July 11, 2016. However, the vulnerability ( CVE-2016-5696 ) is now affecting a large portion of the Android ecosystem. According to a blog post published Monday by mobile security firm Lookout, the Linux flaw is present in Android version 4.4 KitKat and all future releases, including the latest developer preview of Android Nougat . Around 1.4 BILLLLLION Android Devices Affected This means that 80%...

Anything connected to the Internet could be hacked and so is the Internet of Things (IoTs) . The market fragmentation of IoTs or Internet-connected devices is a security nightmare, due to poor security measures implemented by their vendors. Now, the researchers at security firm ESET have discovered a piece of Malware that is targeting embedded devices such as routers, and other connected devices like gateways and wireless access points, rather than computers or smartphones. Dubbed KTN-Remastered or KTN-RM , the malware is a combination of both Tsunami (or Kaiten) as well as Gafgyt. Tsunami is a well-known IRC ( Internet Relay Chat ) bot used by miscreants for launching Distributed Denial of Service (DDoS) attacks while Gafgyt is used for Telnet scanning. KTN-RM, which researcher dubbed ' Remaiten ,' features an improved spreading mechanism by carrying downloader executable binaries for embedded platforms and other connected devices. How Does the ...

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected! Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image. Here's why: Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition . "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016. Who are affected? As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition. The situation happened last night, s...

A highly critical vulnerability has been uncovered in the GNU C Library (glibc) , a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them. Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more. The vulnerability is similar to the last year's  GHOST vulnerability (CVE-2015-0235) that left countless machines vulnerable to remote code execution (RCE) attacks , representing a major Internet threat. GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware. The recent flaw, which is indexed as CVE-2015-7547 , is a stack-based buffer overflow vulnerability in glibc's D...

A new critical zero-day vulnerability has been discovered in the Linux kernel that could allow attackers to gain root level privileges by running a malicious Android or Linux application on an affected device. The critical Linux kernel flaw ( CVE-2016-0728 ) has been identified by a group of researchers at a startup named Perception Point. The vulnerability was present in the code since 2012, and affects any operating system with Linux kernel 3.8 and higher , so there are probably tens of millions of computers, both 32-bit and 64-bit, exposed to this flaw. However, the most bothersome part is that the problem affects Android versions KitKat and higher , which means about 66 percent of all Android devices are also exposed to the serious Linux kernel flaw. Impact of the Zero-Day Vulnerability An attacker would only require local access to exploit the flaw on a Linux server. If successfully exploited, the vulnerability can allow attackers to get root access ...

Are millions of enterprise users, who rely on the next-generation firewalls for protection, actually protected from hackers? Probably Not. Just less than a month after an unauthorized backdoor found in Juniper Networks firewalls, an anonymous security researcher has discovered highly suspicious code in FortiOS firewalls from enterprise security vendor Fortinet. According to the leaked information, FortiOS operating system, deployed on Fortinet's FortiGate firewall networking equipment, includes an SSH backdoor that can be used to access its firewall equipment. Anyone can Access FortiOS SSH Backdoor Anyone with " Fortimanager_Access " username and a hashed version of the " FGTAbc11*xy+Qqz27 " password string, which is hard coded into the firewall, can login into Fortinet's FortiGate firewall networking equipment. However, according to the company's product details, this SSH user is created for challenge-and-response authenti...

So what would anyone need to bypass password protection on your computer? It just needs to hit the backspace key 28 times , for at least the computer running Linux operating system. Wait, what? A pair of security researchers from the University of Valencia have uncovered a bizarre bug in several distributions of Linux that could allow anyone to bypass any kind of authentication during boot-up just by pressing backspace key 28 times. This time, the issue is neither in a kernel nor in an operating system itself, but rather the vulnerability actually resides in Grub2 , the popular Grand Unified Bootloader , which is used by most Linux systems to boot the operating system when the PC starts. Also Read: GPU-based Linux Rootkit and Keylogger . The source of the vulnerability is nothing but an integer underflow fault that was introduced with single commit in Grub version 1.98 (December 2009) – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – affecting the grub_password...

Since past few years, Ransomware has emerged as one of the catastrophic malware programs that lets hacker encrypts all the contents of a victim's hard drive or/and server and demands ransom (typically to be paid in Bitcoin ) in exchange for a key to decrypt it. Until now cyber criminals were targeting computers, smartphones and tablets, but now it appears they are creating ransomware that makes the same impact but for Web Sites – specifically holding files, pages and images of the target website for Ransom. Dubbed Linux.Encoder.1 by Russian antivirus firm Dr.Web , the new strain of ransomware targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asking for 1 Bitcoin ( ~ $300 ) to decrypt the files. The ransomware threat is delivered to the target website through known vulnerabilities in website plugins or third-party software. Must Read: FBI Suggests Ransomware Victims — 'Just Pay th...

Can you name which Operating System is most Secure ? ...Windows, Mac, Linux or any particular Linux Distribution? Yes, we get that! It's not an easy thing to pick. Besides Windows, Even the so-called ultra-secure Linux Distros were found to be vulnerable to various critical flaws in past years. Because, almost all Linux Distros use the same Kernel, and the most number of cyber attacks target the Kernel of an operating system. So, It doesn't matter which Linux distribution you use. The kernel is the core part an operating system, which handles all the main activities and enforces the security mechanisms to the entire operating system. Making an Operating System secure requires that vulnerabilities shall not exist in the Kernel, which is the communicating interface between the hardware and the user.  To overcome the above situation, Security Researchers, Mathematicians and Aviation gurus from Boeing and Rockwell Collins joined a team of dedicated NIC...

A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely . OpenSSH servers with keyboard-interactive authentication enabled , including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post . Exploit for the Vulnerability RELEASED  Hackers could widely exploit the vulnerability because the keyboard-interactive authentication is by default enabled on most of the systems. Researcher has also released a proof-of-concept exploit code, whi...