NSA, FBI Warn of Linux Malware Used in Espionage Attacks

UPDATE The U.S. government is warning of new malware, dubbed Drovorub, that targets Linux systems. It also claims the malware was developed for a Russian military unit in order to carry out cyber-espionage operations. The malware, Drovorub, comes with a multitude of espionage capabilities,...

On Drovorub: Linux Kernel Security Best Practices | McAfee Blogs

ARCHIVED STORY On Drovorub: Linux Kernel Security Best Practices By ATR Operational Intelligence Team/b · AUG 13, 2020 Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linu...

On Drovorub: Linux Kernel Security Best Practices | McAfee Blogs

ARCHIVED STORY On Drovorub: Linux Kernel Security Best Practices By ATR Operational Intelligence Team/b · AUG 13, 2020 Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linu...

Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. According to an analysis from BlackBerry released at Black Hat 2020 on...

CVE-2020-8607

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or...

Input validation

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or...

CVE-2020-8607

CVE-2020-8607 affects multiple Trend Micro products that use a specific rootkit protection driver. The vulnerability arises from input validation that lets a user-mode attacker with administrator privileges abuse the driver to modify a kernel address, which can crash the system or potentially ena...

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to...

UEFI scanner brings Microsoft Defender ATP protection to a new level

Microsoft Defender Advanced Threat Protection Microsoft Defender ATP is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface UEFI scanner. Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutio...

Ramsay Malware Targets Air-Gapped Networks

A cyber-espionage malware has been discovered that’s capable of collecting and exfiltrating sensitive documents from within air‑gapped networks. The malware, dubbed Ramsay, is still under active development — so far, researchers have found three different samples, with each sample adding new...

Necurs Botnet in Crosshairs of Global Takedown Offensive

A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...

Necurs Botnet in Crosshairs of Global Takedown Offensive

A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving...

Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Diamorphine Rootkit Signal Privilege Escalation', 'Description' = %q This module uses Diamorphine rootkit's privesc feature using signal 64 to...

Diamorphine Rootkit Signal Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Diamorphine Rootkit Signal Privilege Escalation', 'Description' = %q This module uses Diamorphine rootkit's privesc feature using signal 64 to...

Diamorphine Rootkit Signal Privilege Escalation

This module uses Diamorphine rootkit's privesc feature using signal 64 to elevate the privileges of arbitrary processes to UID 0 root. This module has been tested successfully with Diamorphine from master branch 2019-10-04 on Linux Mint 19 kernel 4.15.0-20-generic x64. This module requires...

How to prevent a rootkit attack

If you're ever at the receiving end of a rootkit attack, then you'll understand why they are considered one of the most dangerous cyberthreats today. Rootkits are a type of malware designed to stay undetected on your computer. Cybercriminals use rootkits to remotely access and control your machin...

Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reptile Rootkit reptilecmd Privilege Escalation', 'Description' = %q This module uses Reptile rootkit's reptilecmd backdoor executable to gain ro...

Reptile Rootkit reptile_cmd Privilege Escalation Exploit

This Metasploit module uses Reptile rootkit's reptilecmd backdoor executable to gain root privileges using the root command. This module has been tested successfully with Reptile from master branch 2019-03-04 on Ubuntu 18.04.3 x64 and Linux Mint 19 x64. This module requires Metasploit:...

Reptile Rootkit reptile_cmd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reptile Rootkit reptilecmd Privilege Escalation', 'Description' = %q This module uses Reptile rootkit's reptilecmd backdoor executable to gain ro...