Language Selection

English French German Italian Portuguese Spanish

Linux under attack: Compromised SSH keys lead to rootkit

Filed under
Linux
Security

The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls “active attacks” against Linux-based computing infrastructures using compromised SSH keys.

The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed, US-CERT said in a note on its current activity site.

Phalanx, which dates back to 2005, is a self-injecting kernel rootkit designed for the Linux 2.6 branch. It allows an attacker to hide files, processes and sockets and includes a tty sniffer, a tty connectback-backdoor, and auto injection on boot.

More Here




More in Tux Machines

EXT4 fscrypt vs. eCryptfs vs. LUKS dm-crypt Benchmarks

Given the recent advancements of the EXT4 file-system with its native file-system encryption support provided by the fscrypt framework, here are benchmarks comparing the performance of an EXT4 file-system with no encryption, fscrypt-based encryption, eCryptfs-based encryption, and a LUKS dm-crypt encrypted volume. Read more

Debian GNU/Linux 8 "Jessie" Has Reached End of Security Support, Upgrade Now

Released more than three years ago, on April 25, 2015, Debian GNU/Linux 8 "Jessie" is currently considered the "oldstable" Debian branch since the release of the Debian GNU/Linux 9 "Stretch" operating system series precisely a year ago, on June 17, 2017. As such, Debian GNU/Linux 8 "Jessie" has now reached end of life and will no longer receive regular security support beginning June 17, 2018. Security support for Debian GNU/Linux 8 "Jessie" will be handed over to the Debian LTS team now that LTS (Long Term Support) support has ended for Debian GNU/Linux 7 "Wheezy" on May 31, 2018. Debian GNU/Linux 8 "Jessie" will start receiving additional support from the Debian LTS project starting today, but only for a limited number of packages and architectures like i386, amd64, armel, and armhf. Read more

openSUSE Tumbleweed Is Now Powered by Linux Kernel 4.17, KDE Plasma 5.13 Landed

As of today, the openSUSE Tumbleweed rolling operating system is now powered by the latest and most advanced Linux 4.17 kernel series, which landed in the most recent snapshot released earlier. Tumbleweed snapshot 20180615 was released today, June 17, 2018, and it comes only two days after snapshot 20180613, which added the Mesa 18.1.1 graphics stack and KDE Plasma 5.13 desktop environment, along with many components of the latest KDE Applications 18.04.2 software suite. Today's snapshot 20180615 continued upgrading the KDE Applications software suite to version 18.04.2, but it also upgraded the kernel from Linux 4.16.12 to Linux 4.17.1. As such, OpenSuSE Tumbleweed is now officially powered by Linux kernel 4.17, so upgrading your installs as soon as possible would be a good idea. Read more

today's howtos and leftovers