CyberSecurityBoard
Sponsor Register Login

Linux Rootkit Evades Elastic EDR Detection

A newly discovered Linux rootkit has demonstrated the ability to evade detection by Elastic Endpoint Detection and Response (EDR) solutions, raising significant concerns for cybersecurity professionals. This rootkit employs advanced stealth techniques that allow it to remain hidden from traditional monitoring tools, making it a formidable threat to Linux-based systems. The rootkit's evasion capabilities highlight the evolving sophistication of malware targeting enterprise environments, particularly those relying on Elastic EDR for endpoint security. Security experts emphasize the importance of adopting multi-layered defense strategies, including behavioral analysis and anomaly detection, to identify such threats effectively. Organizations using Elastic EDR are advised to update their detection rules and remain vigilant for indicators of compromise associated with this rootkit. This development underscores the ongoing arms race between attackers and defenders in the cybersecurity landscape, where continuous innovation is required to protect critical infrastructure and sensitive data from increasingly stealthy adversaries.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 31 Oct 2025 03:35:13 +0000


Cyber News related to Linux Rootkit Evades Elastic EDR Detection

Silly EDR Bypasses and Where To Find Them - One of the drawbacks of direct & indirect syscalls is that it's clear from the callstack that you bypassed the EDR's user mode hook. As you can see from the last image, when a call is done through a hooked function the return address for the EDR's ...
2 years ago Malwaretech.com
Linux Rootkit Evades Elastic EDR Detection - A newly discovered Linux rootkit has demonstrated the ability to evade detection by Elastic Endpoint Detection and Response (EDR) solutions, raising significant concerns for cybersecurity professionals. This rootkit employs advanced stealth ...
2 months ago Cybersecuritynews.com
Singularity Linux Rootkit Evades Elastic EDR - A new sophisticated Linux rootkit named Singularity has been discovered, capable of evading detection by Elastic Endpoint Detection and Response (EDR) solutions. This rootkit employs advanced stealth techniques to maintain persistence and conceal its ...
2 months ago Cybersecuritynews.com
Wormable Linux Rootkit Attack Multiple Systems to Steal SSH Keys and Privilege Escalation - Cybersecurity researchers at ANY.RUN have uncovered a sophisticated attack leveraging the Diamorphine rootkit to deploy a cryptocurrency miner on Linux systems, highlighting the growing misuse of open-source tools in malicious campaigns. By replacing ...
8 months ago Cybersecuritynews.com
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
2 years ago Darkreading.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
9 months ago Cybersecuritynews.com
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection - To effectively counter these threats, organizations must integrate Digital Forensics, Extended Detection and Response (XDR), and Endpoint Detection and Response (EDR) into a unified security framework. It involves two main components: digital ...
8 months ago Cybersecuritynews.com
Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms - Attackers likely tied the creators of the XorDdos Linux remote access Trojan have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in Thailand and maintain malicious access to infected ...
2 years ago Darkreading.com
Windows Incident Response: EDRSilencer - Going unnoticed on an endpoint when we believe or feel that EDR is prevalent can be a challenge, and this could be the reason why these discussions have taken hold. If you look at other aspects of EDR and SOC operations, there are plenty of ...
1 year ago Windowsir.blogspot.com Silence
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
6 months ago Cybersecuritynews.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
9 months ago Cybersecuritynews.com
An Introduction to Bypassing User Mode EDR Hooks - While cross-referencing notes against old blog posts, I realized that I never actually published the majority of my work on system calls and user mode hooking. System calls are the standard way to transition from user mode to kernel mode. On Windows, ...
2 years ago Malwaretech.com
EDR Redir Tool Breaks EDR - The article discusses a newly discovered tool called EDR Redir that effectively bypasses Endpoint Detection and Response (EDR) systems. EDR solutions are critical in modern cybersecurity for detecting and mitigating threats on endpoints, but ...
2 months ago Cybersecuritynews.com
LinkPro Rootkit Attacking GNU/Linux Systems - The LinkPro rootkit has emerged as a significant threat targeting GNU/Linux systems, showcasing advanced stealth capabilities and persistence mechanisms. This malware is designed to infiltrate Linux environments, often used in servers and critical ...
2 months ago Cybersecuritynews.com
LinkPro Linux Rootkit Uses eBPF to Hide From Security Tools - A new Linux rootkit named LinkPro has been discovered leveraging eBPF (extended Berkeley Packet Filter) technology to stealthily evade detection by security tools. This advanced rootkit uses eBPF programs to hook into the kernel and hide its ...
2 months ago Thehackernews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
9 months ago Cybersecuritynews.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections - This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Security experts recommend implementing application control measures, ...
5 months ago Cybersecuritynews.com
EDR Freeze Tool: How Attackers Bypass Endpoint Detection and Response Systems - The article discusses the emergence of the EDR Freeze Tool, a sophisticated method used by cyber attackers to bypass Endpoint Detection and Response (EDR) systems. EDR solutions are critical in modern cybersecurity for detecting and mitigating ...
3 months ago Cybersecuritynews.com
RingReaper - New Linux EDR Evasion Tool Using io_uring Kernel Feature - This advanced red team tool demonstrates how attackers can exploit high-performance asynchronous I/O operations to conduct stealthy operations while remaining undetected by traditional security monitoring mechanisms. A sophisticated new Linux evasion ...
6 months ago Cybersecuritynews.com
Improving Threat Detection: The Role Of MDR And XDR In Your Security Operations - MDR and XDR represent the next generation of threat detection and response, addressing the limitations of traditional security tools and enabling organizations to stay ahead of sophisticated adversaries. For organizations just beginning to mature ...
8 months ago Cybersecuritynews.com
Elastic EDR Evaded by Advanced Threat Actors: New Techniques Uncovered - Recent investigations reveal that Elastic Endpoint Detection and Response (EDR) solutions have been successfully evaded by sophisticated threat actors using novel attack techniques. This development highlights the evolving landscape of cyber threats ...
2 months ago Cybersecuritynews.com CVE-2023-12345 CVE-2024-56789 APT29 Lazarus Group
Elastic Defend for Windows Vulnerability Exposes Systems to Remote Attacks - A critical vulnerability has been discovered in Elastic Defend for Windows, a security agent used widely for endpoint protection. This flaw allows remote attackers to execute arbitrary code on affected systems, potentially leading to full system ...
2 months ago Cybersecuritynews.com CVE-2024-12345

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)