New Windows and #Linux Malware — Dubbed XBash — Combines #Ransomware, Coin-Mining and #Botnet Features Into One



https://thehackernews.com/2018/09/ransomware-coinmining-botnet.html



⚠️Important: Paying Ransom Will Get You Nothing!

New #Linux Kernel Root Privilege-Escalation Vulnerability (CVE-2018-14634) Affects Red Hat, CentOS, and Debian Operating Systems. Proof-of-Concept Exploits Released.

https://thehackernews.com/2018/09/linux-kernel-vulnerability.html

NEW → Critical RCE flaw (CVE-2019-3462) found in #Linux apt/apt-get, which could allow remote MiTM hackers to trick systems into installing altered or malicious packages as #root

https://thehackernews.com/2019/01/linux-apt-http-hacking.html …

Exploitation of such flaw could have been mitigated if APT was using HTTPS

New high severity "RunC" vulnerability (CVE-2019-5736) lets attackers escape #Linux container to gain root access on host machine.

Affected Systems/Services → Docker, Kubernetes, Debian, Red Hat, Ubuntu, Google Cloud, Amazon AWS and more.

https://thehackernews.com/2019/02/linux-container-runc-docker.html

Researchers from University of Minnesota apologized to #Linux Kernel Project maintainers for intentionally introducing insecure code, which led to the school being banned from further contributing to the open-source project.

Read: https://thehackernews.com/2021/04/minnesota-university-apologizes-for.html

Researchers have gained insight into a group of Romanian cybercriminals which have been identified carrying out cryptojacking attacks on #Linux machines with weak passwords.

Read: https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html

Microsoft warns of a notorious cross-platform crypto-mining malware that has refined and improved its techniques to attack Windows and #Linux operating systems.

Read details: https://thehackernews.com/2021/07/microsoft-warns-of-lemonduck-malware.html

IMPORTANT — Google has issued an emergency update (version 95.0.4638.69) for Chrome web browser for Windows, Mac, and #Linux users to patch two zero-day vulnerabilities that are being actively exploited in the wild.

https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html

⚠️ Beware of ShellBot malware! Weak SSH credentials on #Linux servers are being exploited in a new campaign. ShellBot can perform DDoS attacks & exfiltrate data.

Learn more: https://thehackernews.com/2023/03/new-shellbot-ddos-malware-targeting.html

New Linux vulnerability (CVE-2023-4911) named Looney Tunables found in the GNU C library's dynamic loader. Exploitation could lead to root privileges.

Learn how it affects major #Linux distributions: https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

New #Linux Kernel Exploitation Technique Unveiled: SLUBStick

This technique could elevate limited heap vulnerabilities to arbitrary memory read-and-write capabilities, threatening system security.

Researchers have shown SLUBStick can successfully bypass defenses like KASLR with a 99% success rate.

Read: https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html

A new #ransomware variant, Cicada3301, is making headlines for its advanced tactics and SMB focus. Cicada3301 not only targets Windows and #Linux/ESXi systems but also embeds compromised user credentials for further exploitation.

https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html

Earth Lusca's KTLVdoor malware targets Windows & #Linux, enabling file manipulation and remote scanning via 50+ command-and-control servers, likely shared with other threat actors.

Learn more: https://thehackernews.com/2024/09/new-cross-platform-malware-ktlvdoor.html

Google has just launched a Password Manager PIN feature that allows users to sync passkeys seamlessly across Windows, macOS, #Linux, ChromeOS, and Android.

Learn more: https://thehackernews.com/2024/09/chrome-users-can-now-sync-passkeys.html

Developers, beware! Poisoned Python packages are being used by North Korean attackers to spread PondRAT malware, compromising both #Linux and macOS systems.

Learn more: https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html

A new variant of the Helldown ransomware is now targeting #Linux and virtualized infrastructures via VMware, broadening its attack surface to industries like #healthcare, manufacturing, and IT services.
With evolving tactics, this marks a major shift in ransomware strategies, now focusing on virtual machines and cloud-based infrastructures.

Learn how Helldown is evolving — https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.html

🚨 New China-linked APT Gelsemium targets #Linux—The notorious group has launched a new Linux backdoor, WolfsBane, alongside another malware tool called FireWood, raising cybersecurity alarms.

WolfsBane and FireWood are targeting East & Southeast Asia, exploiting unknown vulnerabilities to steal sensitive data.

Read: https://thehackernews.com/2024/11/chinese-apt-gelsemium-targets-linux.html