Pulse of Truth

1851 readers

67 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

New Linux Rootkit (www.schneier.com)

submitted 8 months ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

1 comments fedilink hide all child comments

Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms...

top 1 comments

sorted by: hot top controversial new old

[–] manxu@piefed.social 1 points 8 months ago

Sadly, nothing new. The vulnerability of io_uring has been well know for a while now: https://en.wikipedia.org/wiki/Io_uring#Security