Fear, Uncertainty, Doubt: Shifting Focus to 'Linux' 1-2 Days After Microsoft Admitted It Got Cracked, Complete Data Breach
-
Security Affairs ☛ Magnet Goblin group used a new Linux variant of NerbianRAT malware [Ed: Distracting from the real culprits to blacken the name of "Linux" just days after Microsoft admitted (late on Friday) it got cracked very badly]
-
Ars Technica ☛ Never-before-seen Linux malware gets installed using 1-day exploits | Ars Technica [Ed: But whose fault is this? Linux?]
Discovery means that NerbianRAT is cross-platform used by for-profit threat group.
-
CSO ☛ Magnet Goblin hackers used Ivanti bugs to drop custom Linux malware [Ed: This is the fault of proprietary software, not Linux]
-
TechRadar ☛ New Magnet Goblin cybercrime crew is targeting Windows and Linux devices with all-new malware [Ed: The real issue here is mostly Ivanti]
Some of the flaws Magnet Goblin was abusing includes those found in Ivanti Connect Secure (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense (CVE-2023-41265, CVE-2023-41266, CVE-2023-48365), and Magento (CVE-2022-24086).
-
Gray Dot Media Group ☛ Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware [Ed: The issue here is obviously not Linux but proprietary software]
-
InformationWeek ☛ Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence [Ed: Misplacing blame (partly on "Linux")]
-
Cyber Security News ☛ Magnet Goblin Hackers Exploiting 1-day Vulnerabilities To Attack Linux Servers [Ed: This is not about Linux and those things can also be installed on BSDs]
-
Security Week ☛ New Open Source Tool Hunts for APT Activity in the Cloud [Ed: They try to associate "open source" with bad security by using buzzwords like "clown computing". In this case, they try to associate the "clown" with "Open Source Tool", even if the "clown" itself is a proprietary, outsourced trap.]
The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments.
Update
3 more examples a day later:
-
KrustyLoader Backdoor Attack Both Windows & Linux Systems [Ed: This is a proprietary software issue]
The group exploited two critical vulnerabilities, CVE-2024-21887 and CVE-2023-46805, which allowed for unauthenticated remote code execution (RCE) or authentication bypass on Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway devices.
-
Hackers leverage 1-day vulnerabilities to deliver custom Linux malware [Ed: The issue here is not Linux, the issue is proprietary stuff like Ivanti]
Magnet Goblin – as the threat actor has been dubbed by Check Point researchers – has been targeting unpatched edge devices and public-facing servers for years.
-
New KrustyLoader Backdoor Threatens GNU/Linux & backdoored Windows Systems
The emergence of the KrustyLoader backdoor, with its variants targeting both backdoored Windows and GNU/Linux systems, has caught the attention of cybersecurity experts. This critical analysis will delve into the implications of this sophisticated backdoor, raise questions about its long-term consequences, and explore its impact on GNU/Linux admins, information security professionals, internet security enthusiasts, and sysadmins.
One more the day after:
-
New Rust-based Backdoor Attacking Windows and Linux Systems [Ed: It is a proprietary software issue, not Linux or Rust. Bad or malicious "reporting" here.]
Exploiting CVE-2024-21887 and CVE-2023-46805, they targeted Ivanti Connect Secure and Policy Secure Gateway.