🌈 vanta rainbow black: editor-in-chief 🌈<p>remember 20 years ago when Sony had the galaxy brain DRM idea of "fuck it let's rootkit our customers"</p><blockquote><p>In 2005, it was revealed that the implementation of copy protection measures on about 22 million CDs distributed by Sony BMG installed one of two pieces of software that provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware. </p><p>One of the programs would install and "phone home" with reports on the user's private listening habits, even if the user refused its end-user license agreement (EULA), while the other was not mentioned in the EULA at all. Both programs contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.</p><p>Sony BMG initially denied that the rootkits were harmful. It then released an uninstaller for one of the programs that merely made the program's files visible while also installing additional software that could not be easily removed, collected an email address from the user and introduced further security vulnerabilities. </p></blockquote><p><a href="https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/Sony_BMG</span><span class="invisible">_copy_protection_rootkit_scandal</span></a></p><p><a href="https://cyberpunk.lol/tags/sony" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sony</span></a> <a href="https://cyberpunk.lol/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://cyberpunk.lol/tags/scandal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scandal</span></a></p>
sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!
Administered by:
Server stats:
533active users
sigmoid.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.8
#rootkit
1 post · 1 participant · 0 posts today
The New Oil<p>Hackers exploit <a href="https://mastodon.thenewoil.org/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cisco</span></a> <a href="https://mastodon.thenewoil.org/tags/SNMP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SNMP</span></a> flaw to deploy <a href="https://mastodon.thenewoil.org/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> on switches</p><p><a href="https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
maniabel<p>Heute ist es einfach zu viel...</p><p>FunkSec’s <strong>FunkLocker</strong> Ransomware: mit Hilfe von AI zusammengestoppelt<br><a href="https://any.run/cybersecurity-blog/funklocker-malware-analysis/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/cybersecurity-blog/fun</span><span class="invisible">klocker-malware-analysis/</span></a><br><a href="https://www.einnews.com/pr_news/854223893/any-run-exposes-funklocker-ai-generated-ransomware-threatens-global-organizations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">einnews.com/pr_news/854223893/</span><span class="invisible">any-run-exposes-funklocker-ai-generated-ransomware-threatens-global-organizations</span></a></p><p>Rootkit-Variante <strong>FlipSwitch</strong> zielt auf den Linux-Kernel:<br><a href="https://www.elastic.co/security-labs/flipswitch-linux-rootkit" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">elastic.co/security-labs/flips</span><span class="invisible">witch-linux-rootkit</span></a></p><p>DNS-Malware <strong>Detour Dog</strong> verbreitet Strela Stealer mithilfe von DNS-TXT-Einträgen:<br><a href="https://blogs.infoblox.com/threat-intelligence/detour-dog-dns-malware-powers-strela-stealer-campaigns/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.infoblox.com/threat-inte</span><span class="invisible">lligence/detour-dog-dns-malware-powers-strela-stealer-campaigns/</span></a></p><p>Und für Gockel-Nutzende gibt es auch eine frische Malware-Kampagne: <strong>MatrixPDF</strong>.<br><a href="https://www.varonis.com/blog/matrixpdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">varonis.com/blog/matrixpdf</span><span class="invisible"></span></a> </p><p>Aber das ist heute noch nicht alles!<br>Gewaltiges <strong>Adobe Analytics Datenleck</strong>. Wegen eines falsch konfigurierten API -Endpunktes flossen Daten an Dritte. Es beträfe 15 Millionen Nutzende in Nordamerika und Europa. Wie kann ein routinemäßiges Update zu einer solch massiven Datenpanne führen?<br><a href="https://thedefendopsdiaries.com/adobe-analytics-data-leak-exposes-15-million-users-in-major-2025-breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/adobe-</span><span class="invisible">analytics-data-leak-exposes-15-million-users-in-major-2025-breach/</span></a></p><p><a href="https://mastodon.de/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.de/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://mastodon.de/tags/FunkLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FunkLocker</span></a> <a href="https://mastodon.de/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://mastodon.de/tags/flipswitch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>flipswitch</span></a> <a href="https://mastodon.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.de/tags/DetourDog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetourDog</span></a> <a href="https://mastodon.de/tags/matrixpdf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>matrixpdf</span></a> <a href="https://mastodon.de/tags/Dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dataleak</span></a> <a href="https://mastodon.de/tags/BeDiS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BeDiS</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/SonicWall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SonicWall</span></a> releases <a href="https://mastodon.thenewoil.org/tags/SMA100" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMA100</span></a> <a href="https://mastodon.thenewoil.org/tags/firmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmware</span></a> update to wipe <a href="https://mastodon.thenewoil.org/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://autistics.life/@Uair" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Uair</span></a></span> Yeah, I also remember <a href="https://infosec.space/tags/MagicLantern" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MagicLantern</span></a>, tho <a href="https://infosec.space/tags/Carnivore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Carnivore</span></a> was a <a href="https://infosec.space/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> if I'm not mistaken...</p><p>Granted, the <a href="https://infosec.space/tags/NRO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NRO</span></a> <a href="https://en.wikipedia.org/wiki/Thuraya#Thuraya_2" rel="nofollow noopener" target="_blank">literally put</a> <a href="https://infosec.space/tags/USA202" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA202</span></a> <a href="https://en.wikipedia.org/wiki/USA-202" rel="nofollow noopener" target="_blank">aka.</a> <a href="https://infosec.space/tags/MENTHOR4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MENTHOR4</span></a> next to <a href="https://infosec.space/tags/Thuraya" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thuraya</span></a>-2...</p><ul><li>Again: Cold OSINT...</li></ul>
MalwareLab<p>Analysis of <a href="https://infosec.exchange/tags/Koske" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Koske</span></a> <a href="https://infosec.exchange/tags/miner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>miner</span></a>.</p><p>It is an AI-generated <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> which was hidden in images with pandas. It supports wide variety of coinminers for various cryptocurrencies and for GPU and different CPU architectures. Its another component, <a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://infosec.exchange/tags/hideproc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hideproc</span></a>, tries to hide the Koske miner from file listings and processes.</p><p><a href="https://malwarelab.eu/posts/koske-panda-ai/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malwarelab.eu/posts/koske-pand</span><span class="invisible">a-ai/</span></a></p><p>Video from <a href="https://infosec.exchange/tags/anyrun" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anyrun</span></a> analysis:</p><p><a href="https://www.youtube.com/watch?v=1OSPp996XQ4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=1OSPp996XQ4</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/koskeminer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>koskeminer</span></a> <a href="https://infosec.exchange/tags/coinminer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coinminer</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareanalysis</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineering</span></a></p>
Ray Canzanese<p>Fake DeepSeek installers are delivering the Sainbox RAT and Hidden rootkit. Our latest blog details how this campaign, attributed to the Silver Fox group, works. <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p><p><a href="https://www.netskope.com/blog/deepseek-deception-sainbox-rat-hidden-rootkit-delivery" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">netskope.com/blog/deepseek-dec</span><span class="invisible">eption-sainbox-rat-hidden-rootkit-delivery</span></a></p>
Kevin Karhan :verified:<p><em>"<a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> maker sponsors a <a href="https://infosec.space/tags/shitpost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shitpost</span></a> by a <a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> n0ob to sell their <a href="https://infosec.space/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> to <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a>"</em> would'nt be as clickbaity but a <a href="https://infosec.space/tags/HonestVideoTitle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HonestVideoTitle</span></a> instead...</p><p><a href="https://www.youtube.com/watch?v=UKLTGoftJi8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=UKLTGoftJi8</span><span class="invisible"></span></a></p><p><a href="https://infosec.space/tags/Lienus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lienus</span></a> <a href="https://infosec.space/tags/LinusTechTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinusTechTips</span></a> <a href="https://infosec.space/tags/LienueStechTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LienueStechTips</span></a> <a href="https://infosec.space/tags/Clickbait" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clickbait</span></a> <a href="https://infosec.space/tags/YouTube" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YouTube</span></a></p>
Ivo Limmen<p>Nice how site refers to the application features "monitor employee productivity" back in my day this was called spying using a rootkit.</p><p>RE: <a href="https://sfba.social/@twrling/114419685349438823" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sfba.social/@twrling/114419685</span><span class="invisible">349438823</span></a></p><p><a href="https://toot.community/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://toot.community/tags/monitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monitoring</span></a> <a href="https://toot.community/tags/spying" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spying</span></a> <a href="https://toot.community/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://toot.community/tags/leak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leak</span></a></p>
WinFuture.de<p>Sicherheitsforscher haben ein <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>-<a href="https://mastodon.social/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> entwickelt, das die <a href="https://mastodon.social/tags/Kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kernel</span></a>-<a href="https://mastodon.social/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> io_uring ausnutzt, um unentdeckt zu bleiben. Überwachungstools erkennen etwaige Angriffe darüber nicht. <a href="https://winfuture.de/news,150557.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">winfuture.de/news,150557.html?</span><span class="invisible">utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia</span></a></p>
PrivacyDigest<p><a href="https://mas.to/tags/Hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackers</span></a> can now bypass <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> thanks to terrifying new Curing <a href="https://mas.to/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> </p><p><a href="https://betanews.com/2025/04/24/hackers-bypass-linux-security-with-armo-curing-rootkit/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">betanews.com/2025/04/24/hacker</span><span class="invisible">s-bypass-linux-security-with-armo-curing-rootkit/</span></a></p>
heise Security<p>"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware</p><p>Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.</p><p><a href="https://www.heise.de/news/Passwort-Folge-25-Staatlich-sanktionierte-Schnueffelsoftware-10271855.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Passwort-Folge-2</span><span class="invisible">5-Staatlich-sanktionierte-Schnueffelsoftware-10271855.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.heise.de/tags/PasswortPodcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswortPodcast</span></a> <a href="https://social.heise.de/tags/Pegasus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pegasus</span></a> <a href="https://social.heise.de/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spyware</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
kriware :verified:<p>The Art of Linux Kernel Rootkits</p><p>An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.</p><p><a href="https://inferi.club/post/the-art-of-linux-kernel-rootkits" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">inferi.club/post/the-art-of-li</span><span class="invisible">nux-kernel-rootkits</span></a></p><p><a href="https://infosec.exchange/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kernel</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a></p>
heise Security<p>"Passwort" Folge 23: Schnitzeljagd um ein Linux-Bootkit </p><p>Sicherheitsforscher finden zufällig die Malware "Bootkitty" und analysieren sie. Was kann sie und wer steckt dahinter? Christopher und Sylvester rätseln mit.</p><p><a href="https://www.heise.de/news/Passwort-Folge-23-Schnitzeljagd-um-ein-Linux-Bootkit-10236522.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Passwort-Folge-2</span><span class="invisible">3-Schnitzeljagd-um-ein-Linux-Bootkit-10236522.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/PasswortPodcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswortPodcast</span></a> <a href="https://social.heise.de/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/UEFI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UEFI</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
w00p<p>"The Art of Linux Kernel Rootkits"</p><p><a href="https://inferi.club/post/the-art-of-linux-kernel-rootkits" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">inferi.club/post/the-art-of-li</span><span class="invisible">nux-kernel-rootkits</span></a></p><p>(Originally shared by Craig Rowland, Sandfly Security)</p><p><a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/ebpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ebpf</span></a></p>
Alexandre Borges<p>BlackPill is a stealthy Linux rootkit made in Rust.</p><p><a href="https://github.com/DualHorizon/blackpill" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/DualHorizon/blackpi</span><span class="invisible">ll</span></a></p><p><a href="https://mastodon.social/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rust</span></a> <a href="https://mastodon.social/tags/hypervisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hypervisor</span></a></p>
Alexandre Borges<p>BlackPill is a stealthy Linux rootkit made in Rust.</p><p><a href="https://github.com/DualHorizon/blackpill" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/DualHorizon/blackpi</span><span class="invisible">ll</span></a></p><p><a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rust</span></a> <a href="https://infosec.exchange/tags/hypervisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hypervisor</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.hackingand.coffee/@hon1nbo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hon1nbo</span></a></span> <span class="h-card" translate="no"><a href="https://digipres.club/@foone" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>foone</span></a></span> As a matter if fact, <em>both</em> <a href="https://infosec.space/tags/Valve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Valve</span></a> and <a href="https://infosec.space/tags/cheaters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cheaters</span></a> are looking into that already as a means to [combat / do] <a href="https://infosec.space/tags/cheating" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cheating</span></a> in games, as a external machine that intercepts <a href="https://infosec.space/tags/HDMI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HDMI</span></a> / <a href="https://infosec.space/tags/DisplayPort" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DisplayPort</span></a> & <a href="https://infosec.space/tags/USB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USB</span></a> could make <em>"undetectable"</em> cheats except if it's resulting in players to become <em>too good to be true</em>... </p><ul><li>After all, dedicaded <a href="https://infosec.space/tags/hardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardware</span></a> using <a href="https://infosec.space/tags/DMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DMA</span></a> on <a href="https://infosec.space/tags/PCIexpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIexpress</span></a> to workaround <a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>-<a href="https://infosec.space/tags/Anticheat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anticheat</span></a> (cuz there is no <em>'legitimate reason'</em> to demand someone to install a <a href="https://infosec.space/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> into their System <a href="https://infosec.space/tags/Kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kernel</span></a>) already exists for some time...</li></ul>
Rene Robichaud<p>Pumakit se faufile dans Linux avec une attaque furtive par rootkit<br><a href="https://www.lemondeinformatique.fr/actualites/lire-pumakit-se-faufile-dans-linux-avec-une-attaque-furtive-par-rootkit-95547.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lemondeinformatique.fr/actuali</span><span class="invisible">tes/lire-pumakit-se-faufile-dans-linux-avec-une-attaque-furtive-par-rootkit-95547.html</span></a></p><p><a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/CeptBiro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CeptBiro</span></a> <a href="https://mastodon.social/tags/Pumakit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pumakit</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/AttaqueFurtive" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttaqueFurtive</span></a> <a href="https://mastodon.social/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://mastodon.social/tags/ElevationDePrivileges" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ElevationDePrivileges</span></a> <a href="https://mastodon.social/tags/LKM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LKM</span></a> <a href="https://mastodon.social/tags/EvasionAvancees" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EvasionAvancees</span></a></p>
Alexandre Cheron :verified:<p>New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://thehackernews.com/2024/12/new-linux-rootkit-pumakit-uses-advanced.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2024/12/new-</span><span class="invisible">linux-rootkit-pumakit-uses-advanced.html</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload