Tag: linux

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
News

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

Three new malicious packages that can install a Bitcoin miner on vulnerable Linux computers have been found in the Python Package Index (PyPI) open-source repository. Before being removed, the three malicious packages—driftme, catme, and modulareven—had received 431 downloads in the previous month. The campaign has similarities to a previous campaign that used a program named culture streak to run a cryptocurrency miner. "These packages, upon initial use, deploy a CoinMiner executable on Linux devices," Fortinet FortiGuard Labs researcher Gabby Xiong said. The malicious code is contained in the init.py file, which decodes and receives the first stage from a remote server read more Malicious PyPI Packages Found Targeting Linux with Crypto Miners. Get up to date on the latest cy...
Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
News

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

Ncurses, short for "new curses," is a programming library that contains a number of memory corruption problems that could be used by threat actors to execute malicious code on Linux and macOS systems. Researchers from Microsoft Threat Intelligence Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse wrote in a technical report released today: "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the context of the targeted program or perform other malicious actions." As of April 2023, the vulnerabilities, collectively tracked as CVE-2023-29491 (CVSS score of 7.8), have been fixed. Microsoft claimed that it also collaborated with Apple to fix the macOS-specific problems caused by these weaknesses read more Microsoft Un...
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
News

ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC

A new development in the ChamelGang threat actor's capabilities is the observation of the threat actor deploying a previously unreported implant to backdoor Linux systems. The malware is a C++-based tool for interacting via DNS-over-HTTPS (DoH) tunnelling and is known as ChamelDoH by Stairwell. In September 2021, the Russian cybersecurity company Positive Technologies revealed ChamelGang for the first time, revealing its attacks on the production of gasoline, electricity, and aviation in Russia, the United States, India, Nepal, Taiwan, and Japan read more ChamelDoH New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awareness, and the...
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems
News

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

A zero-day vulnerability in VMware ESXi hosts has been discovered to be used by the Chinese state-sponsored outfit UNC3886 to backdoor Windows and Linux computers. Known as CVE-2023-20867 (CVSS score: 3.9), the VMware Tools authentication bypass vulnerability "enabled the execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," according to Mandiant. In September 2022, the Google-owned threat intelligence company first identified UNC3886 as a cyber espionage actor who had infected systems running read more Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems. Stay one step ahead of cyber threats with ReconBee.com. ...
Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm
Risk, Security

Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

With a flawed encryption method that allowed for reverse engineering, the first-ever Linux form of the Clop ransomware has been found in the public. In a report shared with The Hacker News, SentinelOne researcher Antonis Terefos stated that "the ELF executable features a faulty encryption scheme making it easy to decode encrypted files without paying the ransom." The cybersecurity company, which has released a decryptor, reported observing the ELF version on December 26, 2022, and also noted that it is comparable to the Windows flavour in that it uses the same encryption technique. The discovered sample is reportedly part of a broader attack against Colombian educational institutions read the complete article Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Al...
New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
Risk, Security

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

On infected systems, a new Linux malware that was created with the help of the shell script compiler (shc) has been seen installing a cryptocurrency miner. According to a study released today by AhnLab Security Emergency Response Center (ASEC), "it is suspected that following successful authentication using a dictionary attack on poorly managed Linux SSH servers, various viruses were installed on the target machine." Shell scripts can be easily translated into binaries with the help of shc, providing security against unwanted source code alterations. It is comparable to Windows' BAT2EXE application, which can turn any batch file into an executable read the complete article New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner.
Business

Nmap – Port Scanner

Overview Nmap is a popular tool used by both beginners and professional penetration testers for information gathering. Nmap is mainly used as a port scanner, finding open and closed ports and what services are running on them. But Nmap also has many scanning features such as identifying the geolocation of the device, scanning for vulnerabilities (like SSL Heartbleed) and more. Nmap Cheat sheet (Most relevant port scanning commands) -O (OS detection) –sV (returns the version of the applications/service running on the port) -sT (TCP connect port scan, full three-way handshake scan) -p <port number/range> (allows specifying ports to scan) -n (do not resolve the domain name) -sn (Disable port scanning) -sP (ping the hosts only) -f (Request with fragmen...
Business

Nessus – Free Security Scanner

Overview Nessus is a proprietary vulnerability scanner developed by Tenable. It is a free security scanner that can assess the modern attack surface and find vulnerabilities. It also uses the CVE architecture for easy cross-linking between compliant security tools. Nessus has multiple scanning options such as: Hosts discovery Basic network scan  Web application scan Advance Scan Malware Scan etc In this article, we will discuss how to install and use Nessus. We will also discuss its configurations and automation abilities. Nessus Installation (Kali Linux) Nessus is compatible with Linux and Windows Operating systems. This installation guide will be done on a Kali Linux machine. To use Nessus, you need an activation code. This can be acqu...
Business

DNS Blacklists – Block Spam and Malicious Entities

Overview DNS blacklists are a database that holds a list of IP address or URLs of spam emails and malicious websites and more. They are used to filter out spam and malicious websites from reaching end users. For example, they are usually used by ISPs or mail servers to prevent spam from getting to their users. There are hundreds of DNS blacklists that exist and spam is only one type of DNS blacklist. There are many types of DNS blacklists such as: Spam Image Spam Malware/Virus Phishing Botnet Compromised Machines Bogon etc Some DNS blacklists are even country-based. In this article, we will discuss how to use DNS blacklists and how they can improve the security of your network. Type of DNSblacklists How to use a DNS Blacklist To check if th...
Business

Nikto – Web Application Vulnerability Scanner

Overview Nikto is an open-source command-line web application vulnerability scanner that scans for 6700 potentially dangerous files/programs. It also looks for misconfigurations, checks for outdated versions of over 1250 servers, and find version-specific problems on over 270 servers. Nikto is a loud tool so it will get logged and flagged by IDS/IPS. Note that not every "problem" found is a security issue. You will need to confirm the vulnerability manually. Nikto has features such as: Easily updatable CSV-format checks database Output reports in plain text or HTML Available HTTP versions automatic switching Generic as well as specific server software checks SSL support (through libnet-ssleay-perl) Proxy support (with authentication) Cookies support Nik...