HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers.

Read more in my article on the Tripwire State of Security blog.

Uh-oh. How just inserting a USB drive can pwn a Linux box

Give a USB drive a volume name like this, hand it to a friend who runs KDE Plasma on their Linux box, and they won’t be your friend much longer.

Read more in my article on the Hot for Security blog.

Spectre? Meltdown? F*CKWIT? Calm down and make yourself some tea

There is not much that consumers can do other than wait for security patches and mitigations to be released, and then apply them as a matter of priority.

The F*CKWIT Intel chip flaw. Ready yourself for patches

A newly-discovered design flaw has been found on Intel CPU hardware that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory.

New Linux malware hijacks one vendor’s IoT devices by exploiting CGI bug

A new form of Linux malware is hijacking Internet of Things (IoT) devices made by one Chinese vendor by exploiting a common gateway interface (CGI) vulnerability.

David Bisson reports.

Holding down the Enter key can smash through Linux’s defenses

An attacker can abuse a vulnerability to launch a shell with root privileges on most Linux machines… just by holding down the ‘Enter’ key for 70 seconds.

David Bisson reports.

Dirty COW Linux vulnerability – what you need to know

A newly discovered vulnerability in virtually all versions of the Linux operating system has been discovered.

NyaDrop exploiting Internet of Things insecurity to infect Linux devices with malware

A Linux threat known as NyaDrop is exploiting a lack of security in Internet of Things (IoT) devices to infect them with malware.

David Bisson reports.

48 characters enough to crash most Linux distros, says sysadmin

You’ll be surprised to hear that there is a disagreement in the world of Linux admins about how serious a systemd vulnerability really is.

David Bisson reports.

Taking umbrage at Umbreon, the Linux rootkit that likes to hide

A Pokémon-themed rootkit called Umbreon is targeting Linux systems.

David Bisson reports.

Linux trojan takes screenshots every 30 seconds, has ability to record sound

Researchers at Russian anti-virus firm Dr Web have uncovered a new Trojan horse for Linux that takes screenshots every 30 seconds and is capable of recording sound.

David Bisson reports.

Website files encrypted by Linux.Encoder.1 ransomware? There is now a free fix

Researchers have exploited a flaw in the encryption procedure used by the Linux.Encoder.1 – the first ransomware targeting the Linux platform – to develop a decryption tool for victims.

Guest contributor David Bisson reports.

Hackers break into Linux Australia server, plant malware, steal personal information

Linux Australia has warned its members and conference attendees that their personal information may have fallen into the hands of online criminals, following a breach of the organisation’s servers.

SEANux – a version of Linux from the Syrian Electronic Army

Would you trust an operating system built by a group of malicious hackers?

The Shellshock Bash bug – What is it, and are your computers vulnerable?

A critical vulnerability has been discovered in the widely used Bash command processor, present in most Linux and UNIX distributions and Mac OS X.

And from the sound of things, it could be worse than Heartbleed.

Over 500,000 PCs attacked every day after 25,000 UNIX servers hijacked by Operation Windigo

Malware researchers at ESET have uncovered a widespread cybercriminal operation that has seized control of tens of thousands of Unix servers.

Learn more in my guest article on the We Live Security blog.