An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.

The campaign was detected by security researchers from F5 Networks, who named it Zealot, after zealot.zip, one of the files dropped on targeted servers. According to Maxim Zavodchik and Liron Segal, two security researchers for F5 Networks, the attackers are scanning the Internet for particular servers and using two exploits, one for Apache Struts and one for the DotNetNuke ASP.NET CMS, to get a foothold on unpatched machines.

Almost two months ago, we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software, allowing a hacker to remotely take full control of a vulnerable Linux and Unix machines.

We dubbed the vulnerability as SambaCry, because of its similarities to the Windows SMB vulnerability exploited by the WannaCry ransomware that wreaked havoc across the world over two months ago. Despite being patched in late May, the vulnerability is currently being leveraged by a new piece of malware to target the Internet of Things (IoT) devices, particularly Network Attached Storage (NAS) appliances, researchers at Trend Micro warned.

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.

Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS.

Security experts are warning of a bug that could allow hackers to craft TCP packets that fool Linux's initialization deamon systemd, which could cause systems to crash or make them run malicious code.

Ubuntu maker Canonical has released a patch to address the issue discovered by Chris Coulson, a software engineer at the firm. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," Coulson wrote. The bug could be used by a remote attacker to cause a denial of service in the daemon or execute arbitrary code.

WikiLeaks has just published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems.

Dubbed OutlawCountry, the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data. The OutlawCountry Linux hacking tool consists of a kernel module, which the CIA hackers load via shell access to the targeted system and create a hidden Netfilter table with an obscure name on a target Linux user.

Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The flaw can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met.

Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it.

Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.

Over a decade old Linux Kernel bug has been discovered by security researcher Andrey Konovalov in the DCCP implementation using Syzkaller, a kernel fuzzing tool released by Google. The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket."

What will you do if Ransomware infects you? Should you pay or not to recover your files? The FBI advises - Pay off the criminals to get your files back if you don't have a backup. But paying off a ransom to cyber criminals is not a wise option because there is no guarantee that you'll get the decryption key in return.

In the latest incident, the new variant of KillDisk ransomware has been found encrypting Linux machines, making them unbootable with data permanently lost. What is KillDisk? It is a destructive data wiping malware that has previously been used to sabotage companies by randomly deleting files from the computers.

Security company ESET discovered a new form of malware that’s specifically targeting embedded Linux devices with the purpose of infecting them and providing hackers with full control, while also leaving the door open for a series of other dangerous tasks, including launching DDoS attacks.

Called Rakos, the new malware launches attacks at embedded devices and servers with an open SSH port and uses brute force attempts to crack the password. Rakos creators want to infect as many systems as possible to create a botnet that could be then used for other malicious attacks.

A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds.

The result? The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine. The security issue relies due to a vulnerability in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup, which is the standard implementation of disk encryption on a Linux-based operating system. The flaw actually is in the way the Cryptsetup utility handles password failures for the decryption process when a system boots up.