Found 127 bookmarks
Custom sorting
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022). $ pip3 uninstall -y torch torchvision torchaudio torchtriton $ pip3 cache purge PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.
#PyTorch#EN#2022#Linux#pip#Compromised#dependency#Supply-chain-security
·pytorch.org·
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
Shikitega - New stealthy malware targeting Linux
Shikitega - New stealthy malware targeting Linux
AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
#cybersecurity.att.com#AT&T-Alien-Labs#Shikitega#EN#2022#Linux#malware#Analysis
·cybersecurity.att.com·
Shikitega - New stealthy malware targeting Linux
Linux Kernel Exploit (CVE-2022-32250) with mqueue
Linux Kernel Exploit (CVE-2022-32250) with mqueue
Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.
#theori#EN#2022#exploit#Linux#mqueue#CVE-2022-32250#Kernel
·blog.theori.io·
Linux Kernel Exploit (CVE-2022-32250) with mqueue
Vulnerability in Linux containers – investigation and mitigation
Vulnerability in Linux containers – investigation and mitigation
Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther
#benthamsgaze#EN#2022#constrain#Linux#containers#investigation#Access#controls
·benthamsgaze.org·
Vulnerability in Linux containers – investigation and mitigation
[CVE-2022-34918] A crack in the Linux firewall
[CVE-2022-34918] A crack in the Linux firewall
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.
#randorisec#EN#2022#CVE-2022-34918#Linux#netfilter#Vulnerability#analysis
·randorisec.fr·
[CVE-2022-34918] A crack in the Linux firewall
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.
#Graplsecurity#en#2022#0-day#Linux#kernel#exploit#redteam#research
·graplsecurity.com·
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog
Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware's capabilities and key infection signs.
#microsoft-security-blog#2022#EN#Linux#XorDdos#botnet#malware#stealthy
·microsoft.com·
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
#Nimbuspwn#microsoft#EN#2022#CVE-2022-29799#CVE-2022-29800#vulnerability#Linux#D-Bus#TOCTOU#networkd-dispatcher
·microsoft.com·
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
On Feb. 4, Linux announced CVE-2022-0492, a new privilege escalation vulnerability in the kernel. CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers. The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users.
#paoloaltonetworks#vulnerability#CVE-2022-0492#Linux#cgroups#containers#escalation#docker
·unit42.paloaltonetworks.com·
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
SysJoker : un malware pour macOS, Windows et Linux qui opère discrètement depuis des mois
SysJoker : un malware pour macOS, Windows et Linux qui opère discrètement depuis des mois
Un inquiétant cheval de Troie très discret et multiplateformes vient d'être repéré. Baptisé SysJoker et mis en lumière par la firme de sécurité Intezer, il peut cibler autant Windows, Linux que macOS. Pire encore, celui-ci passait sous les radars des antivirus depuis un bout de temps. Les versions Linux et macOS n'étaient jusqu'à présent pas du tout détectées par des sites
#malware#macos#MacGeneration#FR#SysJoker#Windows#Linux
·macg.co·
SysJoker : un malware pour macOS, Windows et Linux qui opère discrètement depuis des mois
Shc Linux Malware Installing CoinMiner
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.
#asec#2023#EN#Shell#Script#Compiler#analysis#Linux#Malware#CoinMiner#Shc
·asec.ahnlab.com·
Shc Linux Malware Installing CoinMiner
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022). $ pip3 uninstall -y torch torchvision torchaudio torchtriton $ pip3 cache purge PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.
#PyTorch#EN#2022#Linux#pip#Compromised#dependency#Supply-chain-security
·pytorch.org·
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
Shikitega - New stealthy malware targeting Linux
Shikitega - New stealthy malware targeting Linux
AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
#cybersecurity.att.com#AT&T-Alien-Labs#Shikitega#EN#2022#Linux#malware#Analysis
·cybersecurity.att.com·
Shikitega - New stealthy malware targeting Linux
Linux Kernel Exploit (CVE-2022-32250) with mqueue
Linux Kernel Exploit (CVE-2022-32250) with mqueue
Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.
#theori#EN#2022#exploit#Linux#mqueue#CVE-2022-32250#Kernel
·blog.theori.io·
Linux Kernel Exploit (CVE-2022-32250) with mqueue
Vulnerability in Linux containers – investigation and mitigation
Vulnerability in Linux containers – investigation and mitigation
Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther
#benthamsgaze#EN#2022#constrain#Linux#containers#investigation#Access#controls
·benthamsgaze.org·
Vulnerability in Linux containers – investigation and mitigation