THREAT REPORTS

Learn how you can protect your systems against the XZ Utils backdoor (CVE-2024-3094) with Vali Cyber’s ZeroLock. This significant supply chain attack is targeting Linux and Unix-like systems, specifically Debian and Red Hat distributions,...

"Leaky Vessels" (CVE-2024-21626) is targeting containerized environments and enabling attackers to escape containers and compromise host systems, presenting a critical risk to cloud-native applications. Watch as our Threat Intel Lead,...

The recently discovered BiBi-Linux Wiperware overwrites files, renames them with a random string containing "BiBi," and excludes specific file types from corruption. This x64 ELF executable, devoid of obfuscation, poses a significant...

The Looney Tunables (CVE-2023-4911) vulnerability has been discovered in GNU C Library’s dynamic loader, allowing attackers to act with root privileges on any Linux distribution running glibc. Join our Threat Intel lead, Nathan Montierth,...

SprySOCKS malware is a new Linux-targeted backdoor that has combines elements from Trochilus (a Windows backdoor) and the Socket Secure (SOCKS). This threat is orchestrated by the China-linked Earth Lusca group, which has relentlessly...

VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could allow remote attackers to bypass SSH authentication and access private endpoints. Join...

The Monti ransomware group is back and using a new Linux locker to target VMware, ESXi servers, legal, and government organizations. Watch to learn how Vali Cyber's ZeroLock detects and stops this new ransomware threat from our Threat...

CVE-2023-2640 and CVE-2023-32629 are two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu that affect 40% of Ubuntu cloud workloads. Cleverly nicknamed gameOver(lay), Vali Cyber's ZeroLock can both...

Supply-chain attacks take advantage of insecure segments of the supply-chain of a target. An attacker will manipulate the elements used in the production process of the target, and thereby produce a vulnerability. In many modern examples...

Vali Cyber Threat Intelligence Report Fileless attacks are any cyber-attack which does not write any files to disk on the target system. This kind of attack has grown in popularity over recent years due to some of the distinct advantages...

ZeroLock defends against many kinds of attacks, including ransomware. The Vali Cyber Threat Intelligence team regularly red teams the agent to ensure it responds effectively to sophisticated, evolving threats. The Threat Intelligence team...

Summary BlackMatter is a ransomware campaign that has been terrorizing Linux users since late 2021. The variation is written in C++ and specifically targets VMWare ESXi servers. VMWare ESXi servers are a common target for ransomware...

Explanation of Cryptojacking One of the most prevalent threats facing Linux systems today is cryptojacking. This attack occurs when a threat actor infiltrates a target system and re-appropriates resources to mine cryptocurrency for...

Vali Cyber Threat Intelligence Report Ransomware is one of the most severe threats in cybersecurity today. After an intruder gains access to the target network or device, they then use malware called “ransomware” to systematically encrypt...