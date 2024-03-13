Fear, Uncertainty, Doubt: Shifting Focus to 'Linux' 1-2 Days After Microsoft Admitted It Got Cracked, Complete Data Breach
Security Affairs ☛ Magnet Goblin group used a new Linux variant of NerbianRAT malware [Ed: Distracting from the real culprits to blacken the name of "Linux" just days after Microsoft admitted (late on Friday) it got cracked very badly]
Ars Technica ☛ Never-before-seen Linux malware gets installed using 1-day exploits | Ars Technica [Ed: But whose fault is this? Linux?]
Discovery means that NerbianRAT is cross-platform used by for-profit threat group.
CSO ☛ Magnet Goblin hackers used Ivanti bugs to drop custom Linux malware [Ed: This is the fault of proprietary software, not Linux]
TechRadar ☛ New Magnet Goblin cybercrime crew is targeting Windows and Linux devices with all-new malware [Ed: The real issue here is mostly Ivanti]
Some of the flaws Magnet Goblin was abusing includes those found in Ivanti Connect Secure (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense (CVE-2023-41265, CVE-2023-41266, CVE-2023-48365), and Magento (CVE-2022-24086).
Gray Dot Media Group ☛ Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware [Ed: The issue here is obviously not Linux but proprietary software]
InformationWeek ☛ Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence [Ed: Misplacing blame (partly on "Linux")]
Cyber Security News ☛ Magnet Goblin Hackers Exploiting 1-day Vulnerabilities To Attack Linux Servers [Ed: This is not about Linux and those things can also be installed on BSDs]
Security Week ☛ New Open Source Tool Hunts for APT Activity in the Cloud [Ed: They try to associate "open source" with bad security by using buzzwords like "clown computing". In this case, they try to associate the "clown" with "Open Source Tool", even if the "clown" itself is a proprietary, outsourced trap.]
The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments.