LinkedIn today announced that since October it has been running a private bug bounty, and to date has patched 65 bugs and paid out $65,000 in rewards.
Tag Archives: security research
New Linux Rootkit Exploits Graphics Cards
A rootkit PoC for Linux systems that runs on the processors and RAM of the graphics cards, Jellyfish is able to access the computer’s memory without having to route through the computer’s CPU. As CPUs are slower than GPUs for making calculations, GPUs are already used partially by some cryptocurrency-mining malware (e.g. to steal Bitcoins). But Jellyfish is the first malware to run entirely via the GPU, and works with Nvidia, AMD, and even Intel, if the latter is “supported through the AMD APP SDK, a software development kit that allows GPUs to be used for accelerating applications,” says Constantin.
As graphics-card-only malware has never been an exploitable area before, security software developers like Avira would need to engineer security efforts in yet another new direction. Although early reports indicate that Jellyfish is in a beta stage, unfinished, with some bugs, and currently requires OpenCL drivers installed on the targeted system in order to work, it could inspire future variants by those looking to exploit such vulnerabilities for personal gain (AKA cybercriminals).
After a 2013 research paper (pdf) titled “You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger,” the same research team behind Jellyfish has also developed a keylogger called ‘Demon’, which also works via the GPU.
Security firms may definitely have our hands full in coming months, it seems.
The post New Linux Rootkit Exploits Graphics Cards appeared first on Avira Blog.
Researcher Tries to Get Ahead of CFAA Changes, Dumps 10M Sanitized Passwords
A dump of 10 million sanitized usernames and passwords was released online, sparking debate over its legality in light of proposed changes to the Computer Fraud and Abuse Act.