• Buffalox@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 month ago

    This story reeks of FUD.

    exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets,

    Because a “common misconfiguration” will absolutely make your system vulnerable!?!
    OK show just ONE!

    This is FUD to either prevent people from using Linux, or simply a hoax to get attention, or maybe to make you think you need additional security software.

  • CyberSeeker@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    Shouldn’t be this hard to find out the attack vector.

    Buried deep, deep in their writeup:

    RocketMQ servers

    • CVE-2021-4043 (Polkit)
    • CVE-2023-33246

    I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.

    Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.

    • nyan@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      There’s also a buried reference to using a several-years-patched gpac bug to gain root access before this thing can do most of its stealth stuff.

      Basically, it needs your system to already have a known, unpatched RCE bug before it can get a foothold, and if you’ve got one of those you have problems that go way beyond stealth crypto miners stealing electricity.

  • zante@lemmy.wtf
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    No mention of transmission methods as far as I understand the article

    • Buffalox@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      The whole thing sounds fishy. Like it’s trying to convince people Linux is inherently vulnerable.

      exploiting more than 20,000 common misconfigurations

      Like WTF?

      • Buelldozer@lemmy.today
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 month ago

        Like it’s trying to convince people Linux is inherently vulnerable.

        I’m typing this reply from a machine running KDE Plasma on top of Linux Mint 22.

        I’m not sure what precisely what you mean by “inherently” but I’d like to point that “Linux” has security problems all over the place; the kernel has issues, the DEs have issues, the applications have issues. It’s more secure than Windows but that’s not a very high bar.

        • Buffalox@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 month ago

          I’ve been using Linux since 2005, and I’ve heard all sorts of stories about Linux having “security problems”, and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.
          The only exception I can recall is the zx util compression tool, which was detected before it was rolled out.

          Zero day vulnerabilities have been non existent for 20 years to my knowledge.

          • Buelldozer@lemmy.today
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 month ago

            I’ve been using Linux since 2005

            Okay, so as a n00b you can be somewhat forgiven. As someone who started with Slack in 1997 I don’t have that excuse.

            …and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.

            Since when did chaining vulnerabilities make something not a problem? Are you claiming that the CUPS vulnerability announced in late September isn’t an issue simply because it takes multiple steps?

            The only exception I can recall is the zx util compression tool…

            I don’t mean to be an ass but were you asleep December 2021 through January 2022? Log4Shell was a 10 of 10 critical vulnerability!

            What about CVE-2022-47939 from December 2022?

            I can keep going if needed but I think my point is made. The vulnerabilities, even true kernel level stuff, are out there.