THREAT REPORTS
Stay up to date on Linux Security News:
Subscribe to the Weekly Threat Roundup Newsletter

Rooting Out Trouble: How Vali Cyber’s ZeroLock® Protects against ESX Admins (CVE-2024-37085)
CVE-2024-37085, or 'ESX Admins' is an authentication bypass vulnerability that allows attackers to gain unauthorized access to ESXi hosts, potentially leading to encryption of the file system and disruption of critical virtual machines....

ZeroLock®: Locking down on XZ Utils Backdoor break-ins
Learn how you can protect your systems against the XZ Utils backdoor (CVE-2024-3094) with Vali Cyber’s ZeroLock. This significant supply chain attack is targeting Linux and Unix-like systems, specifically Debian and Red Hat distributions,...

ZeroLock®: Sealing the Cracks Against Leaky Vessels
"Leaky Vessels" (CVE-2024-21626) is targeting containerized environments and enabling attackers to escape containers and compromise host systems, presenting a critical risk to cloud-native applications. Watch as our Threat Intel Lead,...

BiBi-Linux begone: Vali Cyber’s ZeroLock® triumphs with behavioral detection
The recently discovered BiBi-Linux Wiperware overwrites files, renames them with a random string containing "BiBi," and excludes specific file types from corruption. This x64 ELF executable, devoid of obfuscation, poses a significant...

That’s all, Folks! Vali Cyber’s ZeroLock® ends Linux Looney Tunables attack
The Looney Tunables (CVE-2023-4911) vulnerability has been discovered in GNU C Library’s dynamic loader, allowing attackers to act with root privileges on any Linux distribution running glibc. Join our Threat Intel lead, Nathan Montierth,...

SprySOCKS Backdoor Malware and Vali Cyber’s ZeroLock® Defense
SprySOCKS malware is a new Linux-targeted backdoor that has combines elements from Trochilus (a Windows backdoor) and the Socket Secure (SOCKS). This threat is orchestrated by the China-linked Earth Lusca group, which has relentlessly...

VMware Aria exploit Neutralized by Vali Cyber’s ZeroLock®
VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could allow remote attackers to bypass SSH authentication and access private endpoints. Join...

Monti Ransomware vs. Vali Cyber’s ZeroLock®: Detected and Stopped
The Monti ransomware group is back and using a new Linux locker to target VMware, ESXi servers, legal, and government organizations. Watch to learn how Vali Cyber's ZeroLock detects and stops this new ransomware threat from our Threat...

GameOver(lay) gets destroyed by Vali Cyber’s ZeroLock®
CVE-2023-2640 and CVE-2023-32629 are two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu that affect 40% of Ubuntu cloud workloads. Cleverly nicknamed gameOver(lay), Vali Cyber's ZeroLock can both...

Supply Chain Attacks
Supply-chain attacks take advantage of insecure segments of the supply-chain of a target. An attacker will manipulate the elements used in the production process of the target, and thereby produce a vulnerability. In many modern examples...

Why Hash-Based Scanning: Is Not Enough
Vali Cyber Threat Intelligence Report Fileless attacks are any cyber-attack which does not write any files to disk on the target system. This kind of attack has grown in popularity over recent years due to some of the distinct advantages...

ZeroLock® Red Team Analytics: Novel Ransomeware
ZeroLock defends against many kinds of attacks, including ransomware. The Vali Cyber Threat Intelligence team regularly red teams the agent to ensure it responds effectively to sophisticated, evolving threats. The Threat Intelligence team...

BlackMatter Analysis
Summary BlackMatter is a ransomware campaign that has been terrorizing Linux users since late 2021. The variation is written in C++ and specifically targets VMWare ESXi servers. VMWare ESXi servers are a common target for ransomware...

Crytojacking and XMRig Summary
Explanation of Cryptojacking One of the most prevalent threats facing Linux systems today is cryptojacking. This attack occurs when a threat actor infiltrates a target system and re-appropriates resources to mine cryptocurrency for...

Ransomware Timing Analysis
Vali Cyber Threat Intelligence Report Ransomware is one of the most severe threats in cybersecurity today. After an intruder gains access to the target network or device, they then use malware called “ransomware” to systematically encrypt...