<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>rootkits &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/rootkits/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Thu, 24 Apr 2025 19:35:15 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>New Linux Rootkit</title>
		<link>https://noise.getoto.net/2025/04/24/new-linux-rootkit/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 24 Apr 2025 19:35:15 +0000</pubDate>
				<category><![CDATA[linux]]></category>
		<category><![CDATA[rootkits]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70167</guid>

					<description><![CDATA[<p><a href="https://betanews.com/2025/04/24/hackers-bypass-linux-security-with-armo-curing-rootkit/">Interesting</a>:</p>
<blockquote><p>The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.</p>
<p>At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New UFEI Rootkit</title>
		<link>https://noise.getoto.net/2022/07/28/new-ufei-rootkit/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 28 Jul 2022 11:16:52 +0000</pubDate>
				<category><![CDATA[implants]]></category>
		<category><![CDATA[kaspersky]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[rootkits]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65704</guid>

					<description><![CDATA[<p>Kaspersky is <a href="https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/">reporting</a> on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an <a href="https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/">article</a>:</p>
<blockquote><p>The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Twelve-Year-Old Linux Vulnerability Discovered and Patched</title>
		<link>https://noise.getoto.net/2022/01/31/twelve-year-old-linux-vulnerability-discovered-and-patched/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 31 Jan 2022 12:18:55 +0000</pubDate>
				<category><![CDATA[linux]]></category>
		<category><![CDATA[privilege escalation]]></category>
		<category><![CDATA[rootkits]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=64959</guid>

					<description><![CDATA[<p>It’s a privilege escalation <a href="https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/">vulnerability</a>:</p>
<blockquote><p>Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system.</p>
<p>Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 24/81 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-10 04:30:32 by W3 Total Cache
-->