Linux

Malware & Threats

Issued by: Malwarebytes

Symbiote, a new “nearly impossible to detect” Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. These findings were revealed in a recent report, a joint effort between the Blackberry Research Team and Dr. Joakim Kennedy, a security researcher with Intezer. Despite its name, this Trojan—first…

Vulnerabilities

Issued by: Dark Reading

When it comes to security, there are some low-lying threats that can cause big problems. One important example is malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. And, as the Linux footprint continues to expand, so, too, will attacks against it. Researchers from FortiGuard Labs noted…

Malware & Threats

Issued by: Security Week

Dubbed FontOnLake, the malware family employs a rootkit to conceal its presence and uses different command and control servers for each sample, which shows how careful its operators are to maintain a low profile. What’s more, the malware developers are constantly modifying the FontOnLake modules, and use three categories of components that have been designed…

Vulnerabilities

Issued by: Kaspersky Blog

News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs the Open Management Infrastructure (OMI) agent on the machine. The user won’t know it. Although a stealth installation might sound terrible on its face, this…

Vulnerabilities

Issued by: Security Week

The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions. The security hole was discovered by Kevin Backhouse of the GitHub Security Lab. On Thursday, the researcher published a blog post detailing his findings, as well as a video showing the…

Software Security

Issued by: Security Week

With this funding, Silva and Chancellor will dedicate their work to improving kernel security, as well as to associated initiatives, so that the open source software project remains sustainable in the long run. The pervasive Linux operating system, according to a recent report from the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory…

Network Security

Issued by: Security Intelligence

From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights into the cyber threat landscape. Every year, X-Force collates billions of data points to assess cybersecurity threats to our customers. This report — the X-Force Threat Intelligence Index 2021 — represents our latest edition…

Network Security

Issued by: Security Week

A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service (DoS) issues. The impacted products were found to leverage outdated versions of third-party components that were known to have vulnerabilities, including PHP, OpenSSL,…