| Fred Stluka via plug on 29 Mar 2021 06:45:56 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Chinese state hackers - new linux malware |
Michael, Good points! Thanks! --Fred ------------------------------------------------------------------------ Fred Stluka -- http://bristle.com -- Glad to be of service! Open Source: Without walls and fences, we need no Windows or Gates. ------------------------------------------------------------------------ On 3/24/21 4:41 PM, Michael Lazin via plug wrote:
Usually, the first targets are web servers. This is for two reasons. Internet-facing servers are obviously outside the DMZ and open to attacks. Internal web servers can be targets if they are already inside because they are easy launching pads for launching internal to internal attacks to make a lateral movement. Web exploits are common.Michael Lazin .. τὸ γὰραὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.On Wed, Mar 24, 2021 at 3:59 PM Fred Stluka via plug <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> wrote:Jeff, Any idea how this attack gets in to a Linux server? Or is it only a threat once it has broken in through some other exploit? Also, any easy way to scan a system to see if it's there? I didn't see answers to these questions at the link you posted, and didn't easily google answers either. Thanks! --Fred ------------------------------------------------------------------------ Fred Stluka -- http://bristle.com <http://bristle.com> -- Glad to be of service! Open Source: Without walls and fences, we need no Windows or Gates. ------------------------------------------------------------------------ On 3/11/21 2:37 PM, jeffv via plug wrote: > https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-linux-systems-with-new-malware/ <https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-linux-systems-with-new-malware/> > > > Security researchers at Intezer have discovered a previously > undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored > hacking group and used in ongoing attacks targeting Linux systems. > > ___________________________________________________________________________ > > Philadelphia Linux Users Group -- http://www.phillylinux.org <http://www.phillylinux.org> > Announcements - > http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org <http://www.phillylinux.org> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug