A vulnerability in the USBCreator D-Bus interface allows an attacker with access to a user in the sudoer group to bypass the password security policy imposed by the sudo program. The vulnerability allows an attacker to overwrite arbitrary files with arbitrary content, as root – without supplying a password. This trivially leads to elevated privileges, for instance, by overwriting the shadow file and setting a password for root. The issue was resolved in June when Ubuntu patched the relevant packages in response to a vulnerability disclosure from Unit 42.
The newly discovered Linux vulnerabilities, CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479, affect all Linux operating systems newer than kernel 2.6.29 (released on March 2009) or above can cause a kernel panic to systems with services listening on TCP connection. This remote attack can put a server into Denial of Service (DoS) state, but remote code execution is not of concern.
Executive Summary The Hide ‘N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots. Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
Our researchers have discovered a new Mirai variant that uses 8 new vulnerabilities and targets new IoT devices.
Unit 42 discovers new samples of Mirai compiled for additional processors, Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze, potentially increasing the DDoS firepower of Mirai.
Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it’s also associated with the Xbash malware we reported on in September of 2018.
Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers
Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.
Unit 42 documents the emergence of three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploits affecting Internet of Things (IoT) device.
Get an overview of the Meltdown and Spectre vulnerabilities including a risk assessment and calls to action.
Unit 42 researchers have identified a new variant of the IoT/Linux botnet “Tsunami”, which we are calling “Amnesia”.
Introduction The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, with a focus on government, defense organizations and various Eastern European governments. There have been numerous reports on their activities, to the extent
Around 6:00 am PST on September 24, the details of a vulnerability in the widely used Bourne Again Shell (Bash) were disclosed by multiple Linux vendors. The vulnerability, assigned CVE-2014-6271 by Mitre, was originally discovered by Stephane Chazelas, a Unix and Linux network and telecom administrator and IT manager at UK robotics company SeeByte, Ltd.
A backdoor implant is an increasingly common mechanism for maintaining unauthorized access and control over a computer asset. The terms remote administration tool (RAT) and trojan downloader are often used synonymously with such implants. Once installed (i.e. implanted on a system), the modern backdoor typically offers much more than simple (i.e. command line) access to