Hacker News with Generative AI: Rootkits

New Linux Rootkit (schneier.com)
The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

Security, Linux, Rootkits

10 points by watermelon0 1 day ago | 1 comments

io_uring based rootkit can bypass syscall-focused Linux security tools (armosec.io)
ARMO researchers reveal a major blind spot in Linux runtime security tools caused by the io_uring interface—an asynchronous I/O mechanism that bypasses traditional system calls.

Security, Linux, Operating Systems, Rootkits, System Calls

36 points by hexhu 2 days ago | 13 comments

New Windows driver signature bypass allows kernel rootkit installs (bleepingcomputer.com)
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems.

Security, Windows, Rootkits

305 points by sandwichsphinx 182 days ago | 231 comments