Chinese hackers target Linux with new WolfsBane malware
A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group. [...]
Linux is an open-source operating system used across servers and devices, so kernel, distribution, and software vulnerabilities can affect deployed systems.
Search across headline titles and summaries.
Background for this topic.
Linux is an open-source operating-system kernel: privileged software that manages hardware, memory, processes, filesystems, and networking. Most deployments use it through a distribution that adds user-space tools, package managers, libraries, and an update policy. This distinction matters in security reporting: a kernel flaw, a distribution-package flaw, and a flaw in an application running on Linux may have different affected versions and fixes.
Material attack surfaces include kernel code, loadable modules and device drivers, network services, local privilege boundaries, and third-party packages. Vulnerabilities can enable denial of service, information disclosure, or escalation from an unprivileged account to root, depending on configuration and exploitability. Administrators should track upstream and distribution advisories, apply security updates, and reboot when a running kernel remains vulnerable. Mandatory access-control systems such as SELinux or AppArmor can restrict compromised processes; signed repositories, audit logs, and tested configuration baselines support package integrity and investigation. Open source does not itself guarantee security: exposure depends on code, configuration, maintenance, and the surrounding software stack.
A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group. [...]
In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.
New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia
Update now: Qualys says flaws give root to local users, are 'easily exploitable' Researchers at Qualys refuse to release exploit code for five bugs in the Linux world's needrestart utility that allow unprivileged local attackers to gain root access without any user interaction.…
Update now: Qualys says vulnerabilities give root and are 'easily exploitable' Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server's needrestart utility that allow unprivileged attackers to gain root access without any user interaction.…
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]
Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction
Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.
Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus
Event The security landscape is constantly shifting. If you're running Linux, staying ahead may rely on understanding the challenges - and opportunities - unique to Linux environments.…