Tag Archives: vulnerable

Breaking: Stealth „Turla“ Malware Infects Unknown Number of Linux Systems | Softpedia

Linux is attacked

Linux is attacked

A new threat has been found by Kasperky Labs

 

The Linux Turla is a new piece of malware designed to infect only Linux computers, which has managed to remain relatively hidden until now and has the potential of doing a lot of harm. Unfortunately, very little is known about it or how to fix it.

 

[…]

 

It doesn’t need root

 

One of the most interesting aspects of this Turla cd00r-based malware is that is doesn’t require elevated privileges, which is probably one of the reasons it’s so dangerous. It needs to be activated remotely with a „magic packet“ (similar to port knocking) and it needs existing network interface name. The end result is that it provides a backdoor to the user’s computer, and that the attacker can send commands with „/bin/sh -c “ script.“. It’s a little bit more complicated than this, but that is just the summary of it.

via

CVE-2014-4877: Wget FTP Symlink Attack Vulnerability | The Hacker News

 

The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw.

 

GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS.

 

When a recursive directory fetch over FTP server as the target, it would let an attacker „create arbitrary files, directories or symbolic links“ due to a symlink flaw.

via

Android „Fake ID“ Vulnerability Allows Malware to Impersonate Trusted Apps | The Hacker News

 

[…]

 

Researchers at BlueBox security, who identified the vulnerability, dubbed the flaw as Fake ID, which affects all versions of Android operating system from 2.1 (released in 2010) up to Android 4.4, also known as KitKat.

 

ALL VERSIONS ARE VULNERABLE UPTO KITKAT

via 

s.a.: Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications, Puts All Android Users Since January 2010 At Risk – Bluebox Security.