Summary: The UK’s National Cyber Security Centre (NCSC) has analyzed a Linux malware named “Pigmy Goat,” which backdoors Sophos XG firewall devices as part of attacks attributed to Chinese threat actors. The malware employs advanced techniques for persistence and remote access, highlighting a significant threat to network security.…
Tag: UNIX
Summary: APT36, a Pakistani threat group, has enhanced its ElizaRAT malware and introduced a new stealer payload, ApoloStealer, targeting Indian government and military entities. The group employs advanced evasion techniques and legitimate services for command-and-control communications, complicating detection efforts.
Threat Actor: APT36 | APT36 Victim: Indian government and military entities | Indian government and military entities
Key Point :
APT36 has deployed multiple versions of ElizaRAT, utilizing various command-and-control infrastructures including Slack and Google Drive.…Use Cases of Linux Audit system:
Watching file access Monitoring system calls Recording commands run by a user Recording security events Searching for events Running summary reports Monitoring network accessList of Linux directories:
DirectoriesDetails inside the directory/var/log/syslog or /var/log/messagesDisplays system-wide messages and information. Essentially, it’s a data log of every activities across the entire global system.…
Summary:
This article discusses a newly discovered malware that disguises itself as a WhatsApp Web client, capable of deleting files while masquerading within trusted authentication processes. The malware employs a multi-stage attack, utilizing data exfiltration and a destructive payload to compromise systems. Its stealthy approach highlights the risks associated with messaging platforms and the importance of scrutinizing third-party packages.…
Read More
Summary: The Pylons Project has issued a security advisory for a critical vulnerability (CVE-2024-49768) in the Waitress WSGI server, which could allow unauthorized request processing due to a race condition. Users are urged to upgrade to version 3.0.1 to mitigate this risk, with a temporary workaround available for those unable to update immediately.…
Summary: A critical vulnerability, tracked as CVE-2024-9632, has been identified in the X.Org Server, affecting numerous Linux and Unix-like systems for the past 18 years. This flaw could allow local attackers to execute arbitrary code, escalate privileges, or cause denial of service by exploiting a buffer overflow in the server’s keyboard compatibility handling function.…
Short Summary: Trend Micro researchers reported an attack exploiting the Atlassian Confluence vulnerability CVE-2023-22527, allowing remote code execution for cryptomining via the Titan Network. The attacker utilized various system commands to gather information and executed multiple shell scripts to install Titan binaries, connecting compromised machines to the Titan Network for financial gain.…
Read More
Short Summary
Read More
Sophos has been actively combating multiple threat actors based in China who target perimeter devices, particularly Sophos firewalls. This article outlines a timeline of notable activities by these actors, detailing their tactics, techniques, and procedures (TTPs), as well as Sophos’s responses and collaboration with third-party reports for attribution and context.…
Short Summary: In July 2024, Google introduced Application-Bound Encryption for cookies in Chrome on Windows, prompting infostealer malware to develop new techniques to bypass this security feature. Elastic Security Labs has tracked various infostealer families, including STEALC/VIDAR, METASTEALER, PHEMEDRONE, XENOSTEALER, and LUMMA, that have adapted to these changes, employing methods such as remote debugging and memory reading to extract sensitive cookie data.…
Read More
Relentless Pungsan: A DPRK Threat Actor Associated with Contagious Interview | Datadog Security Labs
Short Summary
Read More
In September 2024, Datadog Security Research uncovered three malicious npm packages linked to the BeaverTail malware, associated with North Korean threat actors. The packages, passports-js, bcrypts-js, and blockscan-api, were discovered to be backdoored versions of legitimate packages, targeting job-seekers in the US tech industry through a campaign called Contagious Interview.…
Short Summary:
Trend Micro researchers have identified a malicious actor exploiting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attack leverages the gRPC protocol over h2c to bypass security measures, allowing the attacker to manipulate Docker functionalities and deploy the cryptominer from GitHub.…
Read More
Short Summary:
We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware. The attack involves creating a Docker container, executing a Base64 encoded payload, and employing evasion techniques to avoid detection. This article highlights the attack sequence and emphasizes the need for securing Docker Remote API servers.…
Read More
Summary: The transition to hybrid work models has revealed significant vulnerabilities in corporate print infrastructure, leading to increased security risks and data breaches. Organizations are urged to prioritize print security as attackers exploit these weaknesses, particularly in unmanaged and legacy printing environments.
Threat Actor: Nation-state actors | nation-state actors Victim: Organizations with hybrid work models | organizations with hybrid work models
Key Point :
Hybrid work has led to increased use of insecure and unmanaged printers, raising security risks.…
Short Summary: BPFDoor is a stealthy backdoor malware that utilizes the Berkeley Packet Filter (BPF) to operate without needing to connect to a command and control server. It has been used by the China-based threat actor Red Menshen in attacks targeting the Middle East and Asia since its discovery in 2021.…
Read More
Short Summary
Read More
IBM X-Force has identified Hive0147 as a prominent threat actor in the Latin American cyber landscape, particularly focusing on phishing and malware distribution. Recently, they have introduced a new downloader named “Picanha” to deploy the Mekotio banking trojan, alongside other banking trojans like Banker.FN.…
Summary: North Korean hackers have developed a new Linux variant of the FASTCash malware, targeting financial institutions’ payment switch systems to facilitate unauthorized cash withdrawals. This new variant, discovered by security researcher HaxRob, allows the hackers to manipulate transaction messages and evade detection by standard security tools.…
Short Summary
Read More
This article discusses a newly identified variant of FASTCash malware targeting the Linux operating system, specifically designed to manipulate card transaction messages for unauthorized cash withdrawals from ATMs. The Linux variant, developed for Ubuntu 20.04, shares similarities with previous Windows and AIX variants, including the ability to intercept and modify transaction messages.…
Threatwire Summary
Threatwire SummaryThe video discusses a record-setting DDoS attack mitigated by Cloudflare, reaching peaks of 3.8 terabits per second and affecting various sectors without interrupting service. Additionally, new vulnerabilities in the Common Unix Printing System (CUPS) have been found that could be exploited for DDoS attacks, emphasizing the need for timely software updates.…
Summary: A critical security vulnerability, CVE-2024-45720, has been discovered in Apache Subversion, affecting Windows platforms and allowing for command line argument injection that could lead to the execution of unintended programs. The vulnerability has been patched in Subversion 1.14.4, and users are advised to upgrade immediately.…
Short Summary: The article discusses a newly discovered stealthy malware named perfctl that targets Linux hosts. The malware has been analyzed in a lab environment, revealing its ability to run without root privileges, utilize Tor for communication, implant backdoors, and exfiltrate sensitive data. The analysis also highlights the malware’s use of various techniques to gather information and replicate itself.…
Read More