Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Arch Linux (home-assistant, libgcrypt, libvirt, and mutt), Debian (ffmpeg, kernel, libonig, libsdl2, mariadb-10.1, and thunderbird), Fedora (chromium, firefox, jasper, libebml, mingw-python3, netpbm, opensmtpd, thunderbird, and xen), Gentoo (firefox and thunderbird), Mageia (db53, dnsmasq, kernel, kernel-linus, and php-pear), openSUSE (go1.14, go1.15, messagelib, nodejs8, segv_handler, and thunderbird), Oracle (firefox, kernel, and thunderbird), Red Hat (flatpak), SUSE (firefox and rubygem-nokogiri), and Ubuntu (mysql-5.7, mysql-8.0 and python-django).

  • Libgcrypt developers release urgent update to tackle severe vulnerability [Ed: Almost nobody used that version regardless, but the media doesn't mention that]
  • Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

    The flaw in the free-source library could have been ported to multiple applications.

    The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code.

    The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0 (released on January 19 – previous versions are not affected), which researchers said can be exploited by merely decrypting a block of data. The issue is patched (CVE pending) in Libgcrypt version 1.9.1.

  • New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

    A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research.

    Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

  • ESET discovers Kobalos: tiny yet complex Linux threat attacking supercomputers – PCR [Ed: With Windows, in order to get it infected, all you need to do it have it installed (NSA backdoors) and connected to the Internet, whereas with BSD a and GNU/Linux you typically need to install the malware]

    ESET researchers are reported to have discovered Kobalos, a malware that has been attacking supercomputers – high performance computer (HPC) clusters. ESET has worked with the CERN Computer Security Team and other organisations involved in mitigating attacks on these scientific research networks. Among other targets was a large Asian ISP, a North American endpoint security vendor as well as several privately held servers.

ESET/PCR FUD?

  • Report: Security Firm Says HPC Clusters under Attack: ‘Level of Sophistication Rarely Seen in Linux Malware’ [Ed: Neglects to say how such malware gets onto systems in the first place and who's to blame for that]

    UK technology industry publication PCR published a story today stating that an international data security firm, ESET, has reported the identification of a malware called Kobalos that targets supercomputing clusters. They also said they have been working with security experts at CERN, the European Organization for Nuclear Research and other organizations on stemming attacks.

More of ESET

ZDNet Joins the FUD

Linux Malware Kobalos Backdoors Supercomputers

More FUD

Linux malware Kobalos steals credentials using hacked OpenSSH...

  • Linux malware Kobalos steals credentials using hacked OpenSSH software

    A trojanized version of OpenSSH software is being used to steal SSH credentials from high performance computing (HPC) clusters, reports security firm ESET. The Linux malware has been dubbed Kobalos, and is described as "small, yet complex" and "tricksy".

    Despite its diminutive size, the Kobalos backdoor is hitting some major targets including government systems in the US, universities in Europe, and a major ISP in Asia. Security experts report that while the multiplatform backdoor works on Linux, FreeBSD and Solaris, "there are also artifacts indicating that variants of this malware may exist for AIX and even Windows".

The stigma

Original FUD

A New Linux Malware Targeting High-Performance Computing Cluster

  • A New Linux Malware Targeting High-Performance Computing Clusters [Ed: It is not "Linux malware" but some malware that somehow finds its way into systems that only sometimes happen to run GNU/Linux (because it dominates this space completely)]

    High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands on the systems remotely.

    Cybersecurity firm ESET named the malware "Kobalos" — a nod to a "mischievous creature" of the same name from Greek mythology — for its "tiny code size and many tricks."

This devious Linux malware is targeting supercomputers

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.