Security Scares Around "Linux" (Not Even Linux's Fault in Some Cases)
-
Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) Alert [Ed: Pseudonymous reporter, could even be on Microsoft's payroll]
NSFOCUS CERT has detected that details and a proof-of-concept (PoC) tool for a Linux kernel privilege escalation vulnerability CVE-2024-1086, have been publicly disclosed recently.
-
Hacker News ☛ New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking [Ed: Good timing to distract from Microsoft's Exchange blunder (loads of servers cracked or severely vulnerable)]
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions.
-
TechRadar ☛ An ancient Linux flaw might be opening up users to dangerous cyberattacks
Many versions of Linux may be vulnerable to a flaw that allowed hackers to steal passwords, or change the contents of their clipboard.
-
The Register UK ☛ Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
Running the exploit as a normal user on a vulnerable machine will grant you root access to the box, allowing you to do whatever you want on it. This can be used by rogue insiders or malware already on a computer to cause further damage and problems.
This affects Debian, Ubuntu, Red Hat, Fedora, and no doubt other Linux distributions. The flaw finder, known by the handle Notselwyn, issued a highly detailed technical report of the bug this week, and said their exploit had a success rate of 99.4 percent on kernel 6.4.16, for instance.
-
CyberRisk Alliance LLC ☛ DinodasRAT Linux malware leveraged in global cyberattacks
China, Turkey, Taiwan, and Uzbekistan have been targeted with attacks deploying a Linux variant of the C++-based DinodosRAT malware since October, according to The Hacker News.
Aside from conducting file operations and command-and-control address modifications, DinodasRAT has also been enabling running process enumeration and termination, shell command execution, updated backdoor downloads, and self-uninstallation while leveraging the Tiny Encryption Algorithm to conceal malicious activity, a report from Kaspersky revealed.
-
India Times ☛ This Linux malware is targeting users in China, Taiwan, and other countries: All the details [Ed: The issue here is not Linux and they do not specify where the hole actually is ]