Archive for the ‘Linux Security’ Category

A New Linux Flaw Lets Attackers Gain Full Root Privilege

The Threat Research Unit at Qualys’ has revealed how a new Linux flaw tracked as (CVE-2022-3328),  may be combined with two other, seemingly insignificant flaws to gain full root rights on a compromised system. The Linux snap-confine function, a SUID-root program installed by default on Ubuntu, is where the vulnerability is located. The snap-confine program is used internally by […]

Leave a Comment

5 Kali Linux tools you should learn how to use

Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing. Kali Linux also comes with several hundred specialized tools for carrying out penetration testing, security research, computer forensics, reverse engineering, vulnerability management, and red team testing. Here are 5 you should learn […]

Leave a Comment

5 Kali Linux books you should read this year

Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering. Here is a selection of books for different experience levels, you can either start from scratch or get advanced tips – there’s something for everyone. Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book […]

Comments (1)

Parrot Security OS 5.1 Release

Parrot 5.1 – What’s New? Parrot created the latest release of the operating system to ensure it was as stable and adaptable as possible. There are a number of factors that have contributed to the success of this project. Here below we have mentioned all the new additions:- New kernel 5.18 Updated docker containers Updated backports System […]

Leave a Comment

5 Kali Linux books you should read this year

Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) frameworks In-depth network scanning Web app pentesting Advanced techniques like “Living off the Land” AV […]

Leave a Comment

Latest OpenSSL version is affected by a remote memory corruption flaw

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory […]

Leave a Comment

Symbiote, a nearly-impossible-to-detect Linux malware

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with the infected systems. For this […]

Leave a Comment

Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats

Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities can be chained […]

Leave a Comment

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an […]

Leave a Comment

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape

A Linux kernel flaw, tracked as CVE-2022-0492, can allow an attacker to escape a container to execute arbitrary commands on the container host. A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0), can be exploited by an attacker to escape a container to execute arbitrary commands on the container host. The issue is a privilege […]

Leave a Comment

New Book: Advanced Security Testing with Kali Linux!

In Advanced Security Testing with Kali Linux you will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) Frameworks Indepth Network Scanning Web App Pentesting Advanced Techniques like “Living off the Land” AV Bypass Tools Using IoT Devices in Security and much, much more!! Learning attacker Tactics, Techniques and Procedures (TTPs) are imperative in defending […]

Leave a Comment

CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager

Canonical’s Snap software packaging and deployment system are affected by multiple vulnerabilities, including a privilege escalation flaw tracked as  CVE-2021-44731  (CVSS score 7.8). Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range […]

Leave a Comment

Kali Linux 2021.4 released: Wider Samba compatibility, The Social-Engineer Toolkit, new tools, and more!

Samba Client, Kaboxer theme support Starting Kali Linux 2021.4, the Samba client is now configured for Wide Compatibility so that it can connect to pretty much every Samba server out there, regardless of the version of the protocol in use. This change should make it easier to discover vulnerable Samba servers “out of the box”, […]

Leave a Comment

Can *YOU* blow a PC speaker using only a Linux kernel driver?

We don’t often put out programming appeals on Naked Security, especially when the code that we’re looking for is dangerous and destructive. But this time we’re prepared to make an exception, given that it’s a rainy Friday afternoon where we are, and that this issue is now in its fifteenth consecutive year. Our attention was […]

Leave a Comment

Serious Security: The Linux kernel bugs that surfaced after 15 years

Researchers at cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel… …in code that had been sitting there inconspicuously for some 15 years. Fortunately, it seemed that no one else had looked at the code for all that time, at least not diligently enough to spot the bugs, so they’re […]

Leave a Comment

Developing a Strong Security Posture in the Era of Remote Work

Leave a Comment

Why enterprises need rugged devices with integrated endpoint management systems

Paired longevity solutions in hardware and software There is a solution to both these issues – durability and security. Rugged devices are designed specifically for your hardworking enterprise operations. They integrate seamlessly into UEM and MDM platforms, can be trained to only engage with secure networks, and can be geofenced to turn themselves into expensive […]

Leave a Comment

Windows and Linux servers targeted by new WatchDog botnet for almost two years

Due to the recent rise in cryptocurrency trading prices, most online systems these days are often under the assault of crypto-mining botnets seeking to gain a foothold on unsecured systems and make a profit for their criminal overlords. The latest of these threats is a botnet named WatchDog. Discovered by Unit 42, a threat intelligence division […]

Leave a Comment

LINUX GAME HACKING GUIDE 2021

Leave a Comment

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. Source: FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up! DISC InfoSec 🔒 […]

Leave a Comment