Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers’ needs… Read More »
“Put another way: the ‘nobody is forced to deal with Rust’ does not imply ‘everybody is allowed to veto any Rust code.’” Maintainers might also find space in the middle, being aware of Rust bindings and working with Rust developers, but not actively involved, Torvalds writes. “Why wouldn’t we do this?” In an earlier response… Read More »
Normally, Secure Boot prevents the UEFI from running all subsequent files unless they bear a digital signature certifying those files are trusted by the device maker. The exploit bypasses this protection by injecting shell code stashed in a malicious bitmap image displayed by the UEFI during the boot-up process. The injected code installs a cryptographic key… Read More »
“Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided.” That two-line comment, submitted by major Linux kernel maintainer Greg Kroah-Hartman, accompanied a patch that removed about a dozen names from the kernle’s MAINTAINERS file. “Some entries” notably had either Russian names or .ru email… Read More »
Credit: haxrob Credit: haxrob The malware resides in the userspace portion of the interbank switch connecting the issuing domain and the acquiring domain. When a compromised card is used to make a fraudulent translation, FASTCash tampers with the messages the switch receives from issuers before relaying it back to the merchant bank. As a result,… Read More »
This Reddit comment posted to the CentOS subreddit is typical. An admin noticed that two servers were infected with a cryptocurrency hijacker with the names perfcc and perfctl. The admin wanted help investigating the cause. “I only became aware of the malware because my monitoring setup alerted me to 100% CPU utilization,” the admin wrote… Read More »
Enlarge / Cutting metal with lasers is hard, but even harder when you don’t know the worst-case timings of your code. Getty Images reader comments 45 As is so often the case, a notable change in an upcoming Linux kernel is both historic and no big deal. If you wanted to use “Real-Time Linux” for… Read More »
Enlarge / Rust never sleeps. But Rust, the programming language, can be held at bay if enough kernel programmers aren’t interested in seeing it implemented. Getty Images reader comments 143 The Linux kernel is not a place to work if you’re not ready for some, shall we say, spirited argument. Still, one key developer in… Read More »
Getty Images reader comments 26 You have to read the headline on Nvidia’s latest GPU announcement slowly, parsing each clause as it arrives. “Nvidia transitions fully” sounds like real commitment, a burn-the-boats call. “Towards open-source GPU,” yes, evoking the company’s “first step” announcement a little over two years ago, so this must be progress, right?… Read More »
Getty Images reader comments 40 The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild. The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already… Read More »