1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A worrying stealthy Linux security bug could put your systems at

    From TechnologyDaily@1337:1/100 to All on Fri Apr 25 17:30:07 2025
    A worrying stealthy Linux security bug could put your systems at risk -
    here's what we know

    Date:
    Fri, 25 Apr 2025 16:27:00 +0000

    Description:
    A Linux kernel, disabled on Android and ChromeOS, is causing trouble as it enables stealthy rootkits.

    FULL STORY ======================================================================A security oversight in Linux allows rootkits to bypass enterprise security solutions and run stealthily It was found in the io_uring Kernel interface Researchers built a PoC, now available on GitHub

    Cybersecurity researchers from ARMO recently discovered a security oversight in Linux which allows rootkits to bypass enterprise security solutions and
    run stealthily on affected endpoints.

    The oversight happens because the io_uring Kernel interface is being ignored by security monitoring tools. Built as a faster, more efficient way for Linux systems to talk to storage devices, io_uring helps modern computers handle lots of information without getting bogged down. It was introduced back in 2019, with the release of Linux 5.1.

    Apparently, most security tools look for shady syscalls and hooking white completely ignoring anything involving io_uring. Since the interface supports numerous operations through 61 ops types, it creates a dangerous blindspot that can be exploited for malicious purposes. Among other things, the supported operations include read/writes, creating and accepting network connections, modifying file permissions, and more.

    According to BleepingComputer, the risk is so great that Google turned it off by default both in Android and ChromeOS, which use the Linux kernel.

    Get Keeper Personal for just $1.67/month, Keeper Family for just
    $3.54/month, and Keeper Business for just $7/month

    Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

    It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
    to protect against cyber threats.

    Preferred partner ( What does this mean? ) View Deal Second increase

    To demonstrate the flaw, ARMO built a proof-of-concept (PoC) rootkit called Curing. It can pull instructions from a remote server and run arbitrary commands without triggering syscall hooks. They then tested it against
    popular runtime security tools, and determined that most of them couldnt detect it.

    The researchers claim Falco was completely oblivious to Curing, while
    Tetragon couldnt flag it under default configurations. However, the latters devs told the researchers they dont consider the platform vulnerable since monitoring can be enabled to detect the rootkit.

    "We reported this to the Tetragon team and their response was that from their perspective Tetragon is not "vulnerable" as they provide the flexibility to hook basically anywhere," they said. "They pointed out a good blog post they wrote about the subject."

    ARMO also said they tested the tool against unnamed commercial programs and confirmed that io_uring-abusing malware was not being detected. Curing is now available for free on GitHub.

    Via BleepingComputer You might also like Microsoft will now pay you even
    more to find security bugs in Copilot Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-worrying-stealthy-linux-security-bug- could-put-your-systems-at-risk-heres-what-we-know


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)