netstat -ao | less
check your sockets in recovery and in full user mode.
Look for anything abnormal. It's good to get familiar with what your system sockets look like. dbus is pretty busy. If you can minimize sockets you minimize attack surface.
Most of the targeted libs are apache or java related. Minimalism is a good bet.
Again though a lot of linux vulnerabilities seem to happen early during boot process or in between system upgrades I imagine is when they are the most vulnerable. I am only guessing though that's when you are dealing with root kit level stuff.
Only way to get persistence as well I imagine.
https://blogs.blackberry.com/en/2022/06 … nux-threat
^ See the "Indicators of Compromise (IoCs)" section for details.
Anyway this is aimed at banks and suchlike so I don't think desktop users have to worry too much.
]]>Found this early today.
---
Symbiote Linux malware spotted, and infections are 'very hard to detect'
'Performing live forensics on an infected machine may not turn anything up' warn researchers
---
https://forums.theregister.com/forum/al … x_malware/
Anyone know about this?
Best,
A.
]]>