Language Selection

English French German Italian Portuguese Spanish

Security FUD From ESET Against So-called 'Linux'

Filed under
Security

From Germany

More FUD

  • ESET Research uncovers FontOnLake: Targeted malware attacking Linux in Southeast Asia [Ed: This is not actually a Linux issue or Linux's fault, it's just ESET marketing itself]

    ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting operating systems running Linux. Modules used by this malware family, which ESET dubbed FontOnLake, are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server. The location of the C & C server and the countries from which the samples were uploaded to VirusTotal might indicate that its targets include Southeast Asia.

Microsoft-connected publishers

Microsoft-connected publishers

Slashdot joins the FUD

ESET is wrong to blame "Linux"

ZDnet joins the anti-Linux FUD attack of ESET

  • FontOnLake malware strikes Linux systems in targeted attacks

    According to researchers from cybersecurity firm ESET, the malware, named FontOnLake, appears to be well-designed and while under active development already includes remote access options, credential theft features, and is able to initialize proxy servers.

    FontOnLake samples first appeared on VirusTotal in May 2020 but the command-and-control (C2) servers linked to these files are disabled, which the researchers say may be due to the uploads.

FontOnLake: "Sophisticated" malware targets Linux systems

  • FontOnLake: "Sophisticated" malware targets Linux systems [Ed: ESET FUD as marketing]

    Security researchers have uncovered new malware dubbed “FontOnLake” that is being used in a new campaign that targets Linux systems.

    Present since at least May 2020, according to samples uploaded to VirusTotal, the malware stands out for its ability to maintain persistence on the infected system and for the sophistication of its design.

Another one

  • Beware - a brand new malware family is infecting Linux systems | TechRadar

    There’s a new malware family in town - and one that attacks Linux systems by concealing itself in legitimate binaries to deliver several backdoor and rootkits.

    Dubbed FontOnLake, by cybersecurity researchers at ESET, samples of the malware date as far back as May 2020.

    According to the researchers, the malware makes use of several carefully crafted modules that not just collect credentials, but also give remote access to the threat actors.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Thunderbird 102 Gets Makeover with New Colourful Icons, Redesigned UI

Release highlights of open-source email client Thunderbird 102 which brings revamped UI, fresh icons, Matrix chat support and more. Read more

today's leftovers

  • Greece about to secure Router Freedom but leaves fiber out

    Greece is one step closer to securing Router Freedom, but regulators are excluding fiber (FTTH) connections from the legislation. A coalition of organisations, allies of the FSFE, is now requesting that lawmakers reconsider this and thus safeguard the freedom of all users. Since 2021, the regulatory process that defines the network termination point (the NTP) in Greece has been carried out by the Hellenic Telecommunications and Post Commission (EETT). Defining the NTP is necessary to determine whether users have the right to choose their own router and modem or if their Internet Service Providers (ISPs) have the final say over network equipment. In April 2022, we welcomed that the Greek regulator proposed legislation safeguarding Router Freedom for common networks, such as DSL and coaxial. This is a leap forward in safeguarding consumer rights. However, in the same proposal, EETT has explicitly excluded fiber connections (FTTH), a decision that has the potential of negatively impacting end-users’ rights. The proposed regulation sets the NTP for fiber connections in a position that would make the optical terminal equipment part of the ISPs’ networks, making home network access equipment the property of the ISP. The FSFE assisted a coalition of organisations to respond to the EETT’s public consultation, supporting the regulator to implement Router Freedom for all types of internet connection, including FTTH.

  • Sentry: Why we support OSI

    Sentry is a developer-first application monitoring tool that allows development teams to holistically monitor their application health from frontend to backend. Used by 3.5 million developers and 85,000 organizations including some of the world’s best-known companies including GitHub, Peloton, Cloudflare and more.

  • IBM’s AI-powered Mayflower ship crosses the Atlantic [Ed: This was a complete failure. It did not even reach its destination.]

    A groundbreaking AI-powered ship designed by IBM has successfully crossed the Atlantic, albeit not quite as planned. The Mayflower – named after the ship which carried Pilgrims from Plymouth, UK to Massachusetts, US in 1620 – is a 50-foot crewless vessel that relies on AI and edge computing to navigate the often harsh and unpredictable oceans.

  • HPE Allies With Red Hat and SUSE on Containers - Container Journal

    At the HPE Discover 2022 conference, Hewlett-Packard Enterprise (HPE) today expanded its reach into container environments via separate alliances with Red Hat and SUSE. The Kubernetes-based Red Hat OpenShift platform along with Red Hat Enterprise Linux (RHEL) operating system and Red Hat Ansible automation platform will be made available via the HPE GreenLake managed service, HPE said.

  • Bishop AI: A JavaScript-based Virtual Assistant With Natural Language Processing

    It was created in 2018, making it one of the newest open source software. And it is also released under the MIT license. The program is written in JavaScript, and built to handle Q/A style conversation. [...] Bishop AI is a MIT project; that’s why it is very likely that you will find it already packaged and available to install.

  • AI Based Virtual Assistant in Python

    Many automation tools aims to help user in many fields in their life such as opening any application on the system, play and control music, solve mathematical expressions, getting weather details, and more.

today's howtos

  • Notes on running containers with bubblewrap

    Hello! About a year ago I got mad about Docker container startup time. This was because I was building an nginx playground where I was starting a new “container” on every HTTP request, and so for it to feel reasonably snappy, nginx needed to start quickly. Also, I was running this project on a pretty small cloud machine (256MB RAM), a small CPU, so I really wanted to avoid unnecessary overhead. I’ve been looking for a way to run containers faster since then, but I couldn’t find one until last week when I discovered bubblewrap!! It’s very fast and I think it’s super cool, but I also ran into a bunch of fun problems that I wanted to write down for my future self.

  • Fix: Why Isn’t Linux Detecting My Wi-Fi Adapter?

    Historically, Linux has had a somewhat strained relationship with Wi-Fi cards. In recent years, the situation has changed considerably—and for the better—but it is still possible to boot into your new Linux installation and get that sinking feeling when you realize you’ve got no Wi-Fi. Installation routines are very good at identifying the various components of the target computer and configuring itself to work with that hardware. But problems can still happen. Troubleshooting hardware issues is difficult, especially if the only computer you have on hand is the broken device. Obviously, not everything presented here will be applicable to all cases. But hopefully, something below will either fix your issue or point you in the right direction.

  • Open-sourced tool speeds up Linux scripts via parallelization | Network World

    MIT has open-sourced pa.sh (also called pash), a tool that can dramatically speed up Linux scripts by using parallelization, saving time and without risk of introducing errors. The process of parallelization first examines a script for code that can be run separately and independently, so not all scripts can benefit from the tool. But when pa.sh does find portions that can run independently, it runs them in parallel on separate CPUs. It also uses other techniques to get the code to run faster. Below is a demonstration I ran on my home Fedora box, first running a script on its own and then again using pa.sh. Note that this script was provided with the pa.sh tool and lends itself to parallelization. It’s not nearly as demanding as scripts that might process gigabytes of data in a scientific or artificial-intelligence lab, so the results are not dramatic.

  • [GSoC 2022] ARM port and device tree support Phase 1

    The following will show how to compile haiku on osx and run it on qemu (my version: hrev56168)

  • Building in Kubernetes Using Tekton

    Continuous integration/continuous delivery (CI/CD) principles offer multiple benefits to software organizations, including faster time to market, higher-quality code, and simpler and faster fault isolation. Applications built using CI/CD pipeline best practices tend to see a huge increase in users over time, necessitating a migration from a large codebase and low-scalability monolithic architecture to a more manageable and efficient microservice architecture. Kubernetes is one of the most popular platforms for automating the management, deployment, and scaling processes of microservice applications. Because Kubernetes is complex, though, a framework can help developers and operations teams use the platform to follow CI/CD practices in building applications. This is where Tekton comes in.

  • Hetzner cloud and DragonFly

    When you are setting up a DragonFly machine on Hetzner, pay attention to this bug report for dhcp setup. The short answer is “use dhcpcd”.

Security Leftovers

  • Tencent admits to poisoned QR code attack on QQ account
  • Sysdig Adds Ability to Make Container Runtimes Immutable - Container Journal

    Sysdig today added a Drift Control capability to its container security platform that makes it possible to lock down runtime environments. Daniella Pontes, senior manager for product marketing at Sysdig, says IT teams can now maintain immutable instances of runtimes in production environments that can’t be modified. At the same time, Sysdig says it is partnering with Proofpoint to make threat intelligence feeds available to IT teams that have deployed its container security platform. The Sysdig container platform is built on Falco, an open source container runtime security platform that is being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).

  • Best ways to incorporate security into the software development life cycle

    The software development life cycle is not a one-off process that software developers can implement in a linear form. Instead, there are phases of the SDLC that intertwine into many loops where thorough checks are carried out to ensure the proper outcome of the software. However, it’s not just enough to loop through the phases of SDLC without the proper integration of security checks in each phase. So, what, then, makes a secure software development life cycle?

  • CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks [Ed: Well, CISA and the media also downplay all the actively-exploited holes in Windows]

    The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks. The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by other Linux distributions. PwnKit has been described as a memory corruption issue that can be exploited for privilege escalation — it allows any unprivileged local user to elevate permissions to root.