this post was submitted on 07 Oct 2024
78 points (96.4% liked)

Cybersecurity

5866 readers
139 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
 

cross-posted from: https://group.lt/post/2667251

Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday.

The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33426, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.

top 1 comments
sorted by: hot top controversial new old
[–] sun_is_ra@sh.itjust.works 31 points 2 months ago

TLDR; main attack vector is misconfigured rabbitmq. Malware target mainly servers. Easiest way for detection is noticing unsually high cpu usage that stops when u ssh to the server

here is more detailed article https://web.archive.org/web/20241006122240/https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/