2025.0.0 release train is made of: reactor-core 3.8.0 reactor-addons 3.6.0 reactor-pool 1.2.0 reactor-netty 1.3.0 reactor-kotlin-extensions 1.3.0 Artifacts no longer included in the release train...

The newly discovered post-compromise tool, RingReaper, exploits the io_uring interface in the Linux kernel to evade detection by Endpoint Detection and Response (EDR) systems. This sophisticated tool leverages advanced techniques to hide its activities, making it difficult for traditional security solutions to detect and respond to malicious actions. The io_uring interface is a feature in the Linux kernel designed for high-performance I/O operations. It allows applications to perform I/O operations asynchronously, reducing overhead and improving efficiency. However, RingReaper exploits this interface to perform malicious activities without triggering traditional detection mechanisms. This is particularly concerning because Linux systems are widely used in servers and critical infrastructure, making them attractive targets for attackers. The technical implications of RingReaper are significant. By exploiting the io_uring interface, the tool can perform actions such as data exfiltration or lateral movement while remaining undetected. This is because traditional EDR systems may not monitor or understand the io_uring interface, creating a blind spot that attackers can exploit. The impact on the cybersecurity landscape is profound. Linux systems are often considered more secure than other operating systems, but tools like RingReaper demonstrate that they are not immune to sophisticated attacks. This highlights the need for more advanced detection mechanisms that can monitor and understand new kernel features like io_uring. For cybersecurity professionals, it is crucial to update EDR systems to include monitoring of the io_uring interface. Regular kernel updates and patches can also help mitigate vulnerabilities that could be exploited by such tools. Additionally, organizations should consider implementing behavioral analysis and anomaly detection techniques to identify unusual activities that might indicate the presence of tools like RingReaper. In conclusion, RingReaper represents a significant advancement in post-compromise tools, exploiting modern kernel features to evade detection. Cybersecurity professionals must stay vigilant and update their detection and response strategies to counter such sophisticated threats.

Origin

Origin

JUring provides Java bindings for io_uring. Contribute to davidtos/JUring development by creating an account on GitHub.

A vulnerability in the io_uring mechanism of Linux allows rootkits to bypass common detection tools. This flaw, exploited by rootkits, renders Linux security tools ineffective, enabling attackers to execute with elevated privileges without being detected. The impacts include a compromise in the security of Linux systems, with rootkits able to hide and operate freely.

The post discusses a new security threat related to io_uring, an asynchronous programming interface for Linux. This time, io_uring is being used as a rootkit to bypass Linux security measures. The rootkit exploits io_uring's features to perform input/output operations without being detected by traditional security systems.

A vulnerability in the io_uring interface of Linux allows rootkits to remain undetected, thereby bypassing modern enterprise security measures. This vulnerability was discovered by researchers from the company ARMO, who created a proof-of-concept rootkit named Curing to demonstrate attacks using io_uring.

A new rootkit called "Curing" has been released by the company ARMO. This rootkit leverages io_uring, a feature built into the Linux kernel, to perform malicious activities stealthily without being detected by many current detection solutions on the market. The issue lies in the heavy reliance on monitoring system calls, a method favored by many cybersecurity providers. Attackers can bypass these monitored calls by using io_uring, allowing them to establish network connections or manipulate files without triggering the usual alarms. The rootkit's code is available on GitHub.

A rootkit based on Linux io_uring has been discovered, capable of bypassing system call monitoring, rendering major security tools ineffective. This technique exploits the io_uring functionality of Linux to perform input/output operations asynchronously, allowing the rootkit to avoid detection by traditional security tools that monitor system calls. The impact of this discovery is significant, as it calls into question the effectiveness of current threat detection methods based on system calls.

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in

For those looking toward better I/O performance with Java, there is JUring for making use of IO_uring and the reported performance benefits are very enticing.