this post was submitted on 25 Apr 2025
30 points (91.7% liked)

Linux.zip

468 readers
49 users here now

Linux community for Lemmy.zip. ~~also this needs mods pretty bad~~ apparently not as bad as I thought (either that or this community isnt alive enough for troublemakers yet)

Community Rules:

  1. Do not violate any laws, third-party rights, and/or proprietary rights.
  2. Do not harass others, be abusive, threatening, and/or harmful.
  3. Do not be needlessly defamatory and/or intentionally misleading.
  4. Do not upload without marking obscene and/or sensitive content as such.
  5. Do not promote racism, bigotry, hatred, harm, and violence of any kind.

^i^ ^may^ ^or^ ^may^ ^not^ ^have^ ^stolen^ ^these^ ^rules^ ^from^ ^another^ ^linux^ ^community^ ^on^ ^another^ ^instance^

founded 2 years ago
MODERATORS
dabster291@lemmy.zip
30
Hackers can now bypass Linux security thanks to terrifying new Curing rootkit (betanews.com)
submitted 19 hours ago by BrikoX@lemmy.zip to c/linux@lemmy.zip
2 comments fedilink hide all child comments
 

Most Linux users assume their security tools will catch bad actors before damage is done -- but sadly, new research suggests that confidence may be misplaced. You see, ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

top 2 comments
sorted by: hot top controversial new old
[–] b_tr3e@feddit.org 11 points 17 hours ago

Read the fucking article. Even if it's undetailed and basically clickbait. io_uring does not open any security holes nor does it help to bring rootkits into the system. It might be used to hide an already installed rootkit from certain monitoring systems. Supposed that the security system they are part of was already compromised enough to allow someone to intrude and install the rootkit first of all.

[–] GroteStreet@aussie.zone 12 points 19 hours ago

This is shocking; I didn't know Betanews is still around..