Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

CISA issues Linux ransomware attack warning.

Getty

Admit it: the first thing you think of when ransomware is mentioned is likely Microsoft Windows as an attack surface. The second might be that ransomware is in decline and no longer a significant threat. The thought that Linux could be caught somewhere in all this probably doesn’t enter your head, but it should. The Cybersecurity and Infrastructure Security Agency has issued a timely reminder that Linux can be exploited, as it warns federal agencies to update within days, following confirmation of a Linux vulnerability being used in active ransomware attacks. Here’s what you need to know.

ForbesLinkedIn DM Attack Warning — What Users Need To KnowBy Davey Winder

Linux Kernel Vulnerability Exploited By Ransomware Attackers

The CVE-2024-1086 Linux Kernel use-after-free vulnerability “allows a normal user to become an administrator (root), allowing them to change files, disable security, or install malware,” Immersive Security said, adding that “the flaw occurs when the system mishandles memory, allowing attackers to gain complete system control. But that was, checks date, almost two years ago. Indeed, the thing was fixed in January 2024. So, what’s the fuss all of a sudden? Self-described America’s Security Agency, CISA, has issued a binding directive and warning that ransomware threat actors are actively exploiting CVE-2024-1086, giving federal agencies until November 20 to apply the necessary fix or “discontinue use of the product.”

But this isn’t a warning just for those federal agencies, it’s one that all businesses need to take note of. The cost of not doing so could be high as ransomware groups look to exploit this old vulnerability in “certain older versions of the Linux operating system,” as Immersive put it. You can see a complete list of impacted versions here, as published by the US Department of Commerce National Institute of Standards and Technology.

ForbesNew Proton Research Exposes 300 Million Stolen CredentialsBy Davey Winder

This isn’t theoretical; this is real life. If you are using any of these Linux platform versions, then you need to update as soon as possible. Ransomware actors can use CVE-2024-1086, alongside standard phishing techniques, to cause significant harm to businesses if not. Proof-of-concept code is not difficult to find on the dark web and assorted criminal marketplaces. So, what are you waiting for?

Source: https://www.forbes.com/sites/daveywinder/2025/11/02/ongoing-ransomware-attacks-exploit-linux-vulnerability-cisa-warns/

Wormhole’s native token has had a tough time since launch, debuting at $1.66 before dropping significantly despite the general crypto market’s bull cycle. Wormhole, an interoperability protocol facilitating asset transfers between blockchains, announced updated tokenomics to its native Wormhole (W) token, including a token reserve and more yield for stakers. The changes could affect the protocol’s governance, as staked Wormhole tokens allocate voting power to delegates.According to a Wednesday announcement, three main changes are coming to the Wormhole token: a W reserve funded with protocol fees and revenue, a 4% base yield for staking with higher rewards for active ecosystem participants, and a change from bulk unlocks to biweekly unlocks.“The goal of Wormhole Contributors is to significantly expand the asset transfer and messaging volume that Wormhole facilitates over the next 1-2 years,” the protocol said. According to Wormhole, more tokens will be locked as adoption takes place and revenue filters back to the company.Read more