#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

linux | Breaking Cybersecurity News | The Hacker News

Github Account of Gentoo Linux Hacked, Code Replaced With Malware

Github Account of Gentoo Linux Hacked, Code Replaced With Malware
Jun 29, 2018
Downloaded anything from Gentoo's GitHub account yesterday? Consider those files compromised and dump them now—as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a malicious one. Gentoo is a free open source Linux or FreeBSD-based distribution built using the Portage package management system that makes it more flexible, easier to maintain, and portable compared to other operating systems. In a security alert released on its website yesterday, developers of the Gentoo Linux distribution warned users not to use code from its GitHub account, as some "unknown individuals" had gained its control on 28 June at 20:20 UTC and "modified the content of repositories as well as pages there." According to Gentoo developer Francisco Blas Izquierdo Riera, after gaining control of the Gentoo Github organization, the attackers "repla

Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released

Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released
Apr 24, 2018
Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia's Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles. Dubbed Fusée Gelée and ShofEL2 , the exploits lead to a coldboot execution hack that can be leveraged by device owners to install Linux, run unofficial games, custom firmware, and other unsigned code on Nintendo Switch consoles, which is typically not possible. Both exploits take advantage of a buffer overflow vulnerability in the USB software stack of read-only boot instruction ROM (IROM/bootROM), allowing unauthenticated arbitrary code execution on the game console before any lock-out operations (that protect the chip's bootROM) take effect. The buffer overflow vulnerability occurs when a device owner sends an "excessive length" argument to an incorrectly coded USB control procedure, which overflows a crucial direct memory a

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Microsoft built its own custom Linux OS to secure IoT devices

Microsoft built its own custom Linux OS to secure IoT devices
Apr 17, 2018
Finally, it's happening. Microsoft has built its own custom Linux kernel to power " Azure Sphere ," a newly launched technology that aims to better secure billions of " Internet of things " devices by combining the custom Linux kernel with new chip design, and its cloud security service. Project Azure Sphere focuses on protecting microcontroller-based IoT devices, including smart appliances, connected toys, and other smart gadgets, Microsoft announced during the security-focused RSA Conference in San Francisco Monday. It is basically a security package consists of three main components: Azure Sphere-certified microcontrollers (MCUs) Azure Sphere OS Azure Sphere Security Service "Azure Sphere provides security that starts in the hardware and extends to the cloud, delivering holistic security that protects, detects, and responds to threats—so they're always prepared," Microsoft said. Internet of Things (IoT) devices are 'ridicu

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities

Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities
Mar 13, 2018
Samba maintainers have just released new versions of their networking software to patch two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users' passwords, including admin's. Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available today, including Windows, Linux, UNIX, IBM System 390, and OpenVMS. Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to share network shared folders, files, and printers with Windows operating system. The denial of service vulnerability, assigned CVE-2018-1050 , affects all versions of Samba from 4.0.0 onwards and could be exploited "when the RPC spoolss service is configured to be run as an external daemon." "Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Run 'Kali Linux' Natively On Windows 10 — Just Like That!

Run 'Kali Linux' Natively On Windows 10 — Just Like That!
Mar 06, 2018
Great news for hackers. Now you can download and install Kali Linux directly from the Microsoft App Store on Windows 10 just like any other application. I know it sounds crazy, but it's true! Kali Linux, a very popular, free, and open-source Linux-based operating system widely used for hacking and penetration testing, is now natively available on Windows 10, without requiring dual boot or virtualization. Kali Linux is the latest Linux distribution to be made available on the Windows App Store for one-click installation, joining the list of other popular distribution such as Ubuntu , OpenSUSE and SUSE Enterprise Linux . In Windows 10, Microsoft has provided a feature called " Windows Subsystem for Linux " (WSL) that allows users to run Linux applications directly on Windows. "For the past few weeks, we've been working with the Microsoft WSL team to get Kali Linux introduced into the Microsoft App Store as an official WSL distribution, and today we&#

2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw
Sep 28, 2017
A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw. Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April 2015. Since it was not recognised as a serious bug at that time, the patch for this kernel flaw was not backported to long-term Linux distributions in kernel 3.10.77. However, researchers at Qualys Research Labs has now found that this vulnerability could be exploited to escalate privileges and it affects all major Linux distributions, including Red Hat, Debian, and CentOS. The vulnerability left "all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable," Qualys said in an advisory published yesterday.

Critical Code Injection Flaw In Gnome File Manager Leaves Linux Users Open to Hacking

Critical Code Injection Flaw In Gnome File Manager Leaves Linux Users Open to Hacking
Jul 20, 2017
A security researcher has discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager that could allow hackers to execute malicious code on targeted Linux machines. Dubbed Bad Taste , the vulnerability ( CVE-2017-11421 ) was discovered by German researcher Nils Dagsson Moskopp, who also released proof-of-concept code on his blog to demonstrate the vulnerability. The code injection vulnerability resides in "gnome-exe-thumbnailer"  — a tool to generate thumbnails from Windows executable files (.exe/.msi/.dll/.lnk) for GNOME, which requires users to have Wine application installed on their systems to open it. Those who are unaware, Wine is a free and open-source software that allows Windows applications to run on the Linux operating system. Moskopp discovered that while navigating to a directory containing the .msi file, GNOME Files takes the filename as an executable input and run it in order to create an image thumbna

Ubuntu Linux for Windows 10 Released — Yes, You Read it Right

Ubuntu Linux for Windows 10 Released — Yes, You Read it Right
Jul 14, 2017
Windows and Linux in the same line? Yes, you heard that right... and that too, on the same computer and within the same operating system. Two months ago, Microsoft announced its plans to let its users install three different flavours of the Linux operating system – Ubuntu , Fedora , and SUSE – directly through their Windows Store, allowing them to run Windows and Linux apps side-by-side. Now, downloading an entire operating system has just become as easy as downloading an application with the availability of popular Linux distro 'Ubuntu' in the Windows App Store . However, unlike a conventional Ubuntu installation, this Ubuntu version runs in a sandboxed alongside Windows 10 with limited interaction with the operating system and is focused on running regular command-line utilities like bash or SSH as a standalone installation through an Ubuntu Terminal. For now, Ubuntu is currently only available to Windows 10 Insiders users and would be made available to the pub

Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back

Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back
Jun 19, 2017
South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event happened on 10th June when ransomware malware hit its hosting servers and attacker demanded 550 bitcoins (over $1.6 million) to unlock the encrypted files. However, the company later negotiated with the cyber criminals and agreed to pay 397.6 bitcoins (around $1.01 million) in three installments to get their files decrypted. The hosting company has already paid two installments at the time of writing and would pay the last installment of ransom after recovering data from two-third of its infected servers. According to the security firm Trend Micro , the ransomware used in the attack was Erebus that was first spotted in September last year and was seen in February this year with Win

Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems

Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
Jun 10, 2017
Remember SambaCry ? Two weeks ago we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software (re-implementation of SMB networking protocol) that allows a remote hacker to take full control of a vulnerable Linux and Unix machines. To know more about the SambaCry vulnerability (CVE-2017-7494) and how it works, you can read our previous article . At that time, nearly 485,000 Samba-enabled computers were found to be exposed on the Internet, and researchers predicted that the SambaCry-based attacks also have potential to spread just like WannaCry ransomware widely. The prediction came out to be quite accurate, as honeypots set up by the team of researchers from Kaspersky Lab have captured a malware campaign that is exploiting SambaCry vulnerability to infect Linux computers with cryptocurrency mining software. Another security researcher, Omri Ben Bassat‏, independently discovered  the same campaign and named it "EternalMiner

High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges

High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges
Jun 01, 2017
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. Sudo, stands for "superuser do!," is a program for Linux and UNIX operating systems that lets standard users run specific commands as a superuser (aka root user), such as adding users or performing system updates. The flaw actually resides in the way Sudo parsed "tty" information from the process status file in the proc filesystem. On Linux machines, sudo parses the /proc/[pid]/stat file in order to determine the device number of the process's tty from field 7 (tty_nr), Qualys Security explains in its advisory . Although the fields in t

Microsoft Brings Ubuntu, Suse, and Fedora Linux to Windows Store

Microsoft Brings Ubuntu, Suse, and Fedora Linux to Windows Store
May 12, 2017
Microsoft has been expressing its love for Linux and Open Source for almost three years now, and this love is embracing as time passes. Just last year, Microsoft made headlines by building support for the Bash shell and Ubuntu Linux binaries into Windows 10, allowing users to run limited instances of Linux directly on top of the OS without installing any virtual machine, as well as developers to run command-line tools while building apps. Now, Microsoft has announced at its Build developer conference in Seattle that three different flavors of the free Linux operating system are coming to the company's app store, so its users can run Windows and Linux apps side-by-side. Yes, it's no joke. Three versions of Linux distributions – Ubuntu, Fedora, and SUSE – are coming to the Windows Store. Now, you'll soon be able to install these Linux operating systems on your Windows device just like any other app. While Ubuntu is already available on the Windows Store for a

Hacker Who Used Linux Botnet to Send Millions of Spam Emails Pleads Guilty

Hacker Who Used Linux Botnet to Send Millions of Spam Emails Pleads Guilty
Mar 29, 2017
A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August. Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty in a US federal court on Tuesday for his role in the development and maintenance of the infamous Linux botnet known as Ebury that siphoned millions of dollars from victims worldwide. Senakh, who was detained by Finland in August 2015 and extradition to the US in January 2016, admitted to installing Ebury malware on computer servers worldwide, including thousands in the United States. First spotted in 2011, Ebury is an SSH backdoor Trojan for Linux and Unix-style operating systems, like FreeBSD or Solaris, which infected more than 500,000 computers and 25,000 dedicated servers in a worldwide malware campaign called ' Operation Windigo .' Ebury backdoor gives attackers full shell control of

THN Deal: Complete Linux Certification Training (Save 97%)

THN Deal: Complete Linux Certification Training (Save 97%)
Mar 01, 2017
If you are also searching for the answers to what skills are needed for a job in cyber security, you should know that this varies widely based upon the responsibilities of a particular role, the type of company you want to work with, and especially on it's IT architect. However, Linux is the most required skills in information technology and cyber security, as Linux are everywhere! Whether you know it or not you are already using Linux every day – when you Google, you use Linux; when you buy metro tickets, you use Linux; It powers your smart devices; most airplane or automobile entertainment systems are also running on Linux; even your Android phone is Linux. Moreover, nearly all of the hacking and penetration testing tools are developed specifically for Linux. In fact, one of the popular operating systems of hackers, KALI, is also a Linux distro that comes with over 300 tools for penetration testing, forensics, hacking and reverse engineering. So, due to the rapid growth of Li

KasperskyOS — Secure Operating System released for IoT and Embedded Systems

KasperskyOS — Secure Operating System released for IoT and Embedded Systems
Feb 21, 2017
Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS , a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating system is not made for your average home PC; instead, it is meant to protect industrial systems and embedded devices from cyber attacks by preventing any third-party or malicious code from executing. Kaspersky Lab CEO Eugene Kaspersky confirmed the rumors of a new operating system on his official blog published on Monday, saying this project under the codename 11-11 has been in the works for 14 years and has been designed from scratch. The reason behind developing KasperskyOS is simple: Growing Internet-of-Things and embedded devices in industrial control systems (ICS) to power critical infrastructure. It's quite easy for most companies to get rid of the virus-infected computer,

North Korea's Linux-based Red Star OS can be Hacked Remotely with just a Link

North Korea's Linux-based Red Star OS can be Hacked Remotely with just a Link
Dec 06, 2016
North Korea's own homegrown computer operating system, that's supposed to be fully hacker proof and more secure than foreign OS, like Microsoft's Windows, can easily be hacked remotely. A group of hackers managed to break into Red Star OS — North Korea's government sanctioned Linux-based OS — using just a link. Red Star OS is North Korea's own homegrown OS that looks remarkably just like Apple's OS X and gives North Korean authorities more control over the computers, providing not only security but also spying tools that help track files in a way that if the government wants, every bit of user's data can be traced easily. According to the information security company Hacker House , Red Star OS contains a critical vulnerability that makes it possible for hackers to gain remote access to any PC running North Korea's OS just by tricking victims into opening a hyperlink. The latest version of Red Star OS ships with a Firefox-based web browser cal

Microsoft Joins The Linux Foundation — Turns Love Affair Into a Relationship

Microsoft Joins The Linux Foundation — Turns Love Affair Into a Relationship
Nov 16, 2016
You won't believe your eyes while reading this, but this is true. Microsoft just joined the Linux Foundation as a high-paying Platinum member. Microsoft's love with open source community is embracing as time passes. At its first Connect event in 2013, the company launched Visual Studio 2013. A year later, Microsoft open sourced .NET, and last year, it open sourced the Visual Studio Code Editor, as well. Not just that, Microsoft partnered with Canonical to bring Ubuntu on Windows 10 , worked with FreeBSD to develop a Virtual Machine image for its Azure cloud , and chosen Ubuntu as the OS for its Cloud-based Big Data services. And the big news for this year is… At its 2016 Connect developer event in New York today, Microsoft announced that the company is joining the Linux Foundation as a Platinum member – the highest level of membership, which costs $500,000 annually. Besides this, Microsoft also announced that tech giant Google has also joined on with the indepen

New IoT Botnet Malware Discovered; Infecting More Devices Worldwide

New IoT Botnet Malware Discovered; Infecting More Devices Worldwide
Nov 01, 2016
The whole world is still dealing with the Mirai IoT Botnet that caused vast internet outage last Friday by launching massive distributed denial of service (DDoS) attacks against the DNS provider Dyn, and researchers have found another nasty IoT botnet. Security researchers at MalwareMustDie have discovered a new malware family designed to turn Linux-based insecure Internet of Things (IoT) devices into a botnet to carry out massive DDoS attacks. Dubbed Linux/IRCTelnet , the nasty malware is written in C++ and, just like Mirai malware , relies on default hard-coded passwords in an effort to infect vulnerable Linux-based IoT devices. The IRCTelnet malware works by brute-forcing a device's Telnet ports, infecting the device's operating system, and then adding it to a botnet network which is controlled through IRC (Internet Relay Chat) – an application layer protocol that enables communication in the form of text. So, every infected bot (IoT device) connects to a mali

Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild
Oct 21, 2016
A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild. Dubbed " Dirty COW ," the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons. First, it's very easy to develop exploits that work reliably. Secondly, the Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade. And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild. Dirty COW potentially allows any installed malicious app to gain administrative (root-level) access to a device and completely hijack it within just 5 seconds. Earlier this week, Linus Torvalds admi
Cybersecurity Resources