CyberSecurityBoard
Sponsor Register Login

Singularity Linux Rootkit Evades Elastic EDR

A new sophisticated Linux rootkit named Singularity has been discovered, capable of evading detection by Elastic Endpoint Detection and Response (EDR) solutions. This rootkit employs advanced stealth techniques to maintain persistence and conceal its presence on infected systems, posing a significant threat to Linux environments. The Singularity rootkit's ability to bypass Elastic EDR highlights the evolving challenges in endpoint security and the need for continuous improvement in detection technologies. Organizations using Elastic EDR should be aware of this threat and consider additional monitoring and mitigation strategies to protect their Linux infrastructure. This article delves into the technical details of the Singularity rootkit, its evasion methods, and recommendations for security teams to enhance their defenses against such advanced threats.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 31 Oct 2025 12:25:15 +0000


Cyber News related to Singularity Linux Rootkit Evades Elastic EDR

Singularity Linux Rootkit Evades Elastic EDR - A new sophisticated Linux rootkit named Singularity has been discovered, capable of evading detection by Elastic Endpoint Detection and Response (EDR) solutions. This rootkit employs advanced stealth techniques to maintain persistence and conceal its ...
2 months ago Cybersecuritynews.com
Silly EDR Bypasses and Where To Find Them - One of the drawbacks of direct & indirect syscalls is that it's clear from the callstack that you bypassed the EDR's user mode hook. As you can see from the last image, when a call is done through a hooked function the return address for the EDR's ...
2 years ago Malwaretech.com
Linux Rootkit Evades Elastic EDR Detection - A newly discovered Linux rootkit has demonstrated the ability to evade detection by Elastic Endpoint Detection and Response (EDR) solutions, raising significant concerns for cybersecurity professionals. This rootkit employs advanced stealth ...
2 months ago Cybersecuritynews.com
Wormable Linux Rootkit Attack Multiple Systems to Steal SSH Keys and Privilege Escalation - Cybersecurity researchers at ANY.RUN have uncovered a sophisticated attack leveraging the Diamorphine rootkit to deploy a cryptocurrency miner on Linux systems, highlighting the growing misuse of open-source tools in malicious campaigns. By replacing ...
8 months ago Cybersecuritynews.com
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
2 years ago Darkreading.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
SentinelOne vs Palo Alto Cortex XDR: Which Tool is Best? - SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. SentinelOne's Singularity platform offers four subscription tiers that include their ...
1 year ago Techrepublic.com
Windows Incident Response: EDRSilencer - Going unnoticed on an endpoint when we believe or feel that EDR is prevalent can be a challenge, and this could be the reason why these discussions have taken hold. If you look at other aspects of EDR and SOC operations, there are plenty of ...
1 year ago Windowsir.blogspot.com Silence
Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms - Attackers likely tied the creators of the XorDdos Linux remote access Trojan have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in Thailand and maintain malicious access to infected ...
2 years ago Darkreading.com
An Introduction to Bypassing User Mode EDR Hooks - While cross-referencing notes against old blog posts, I realized that I never actually published the majority of my work on system calls and user mode hooking. System calls are the standard way to transition from user mode to kernel mode. On Windows, ...
2 years ago Malwaretech.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
CVE-2022-23538 - github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by ...
2 years ago
Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections - This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Security experts recommend implementing application control measures, ...
5 months ago Cybersecuritynews.com
EDR Redir Tool Breaks EDR - The article discusses a newly discovered tool called EDR Redir that effectively bypasses Endpoint Detection and Response (EDR) systems. EDR solutions are critical in modern cybersecurity for detecting and mitigating threats on endpoints, but ...
2 months ago Cybersecuritynews.com
LinkPro Linux Rootkit Uses eBPF to Hide From Security Tools - A new Linux rootkit named LinkPro has been discovered leveraging eBPF (extended Berkeley Packet Filter) technology to stealthily evade detection by security tools. This advanced rootkit uses eBPF programs to hook into the kernel and hide its ...
2 months ago Thehackernews.com
LinkPro Rootkit Attacking GNU/Linux Systems - The LinkPro rootkit has emerged as a significant threat targeting GNU/Linux systems, showcasing advanced stealth capabilities and persistence mechanisms. This malware is designed to infiltrate Linux environments, often used in servers and critical ...
2 months ago Cybersecuritynews.com
EDR Freeze Tool: How Attackers Bypass Endpoint Detection and Response Systems - The article discusses the emergence of the EDR Freeze Tool, a sophisticated method used by cyber attackers to bypass Endpoint Detection and Response (EDR) systems. EDR solutions are critical in modern cybersecurity for detecting and mitigating ...
3 months ago Cybersecuritynews.com
Windows Incident Response: Round Up - MSSQL is still a thingTheDFIRReport recently posted an article regarding BlueSky ransomware being deployed following MSSQL being brute forced. I'm always interested in things like this because it's possible that the author will provide clear ...
2 years ago Windowsir.blogspot.com
Elastic Defend for Windows Vulnerability Exposes Systems to Remote Attacks - A critical vulnerability has been discovered in Elastic Defend for Windows, a security agent used widely for endpoint protection. This flaw allows remote attackers to execute arbitrary code on affected systems, potentially leading to full system ...
2 months ago Cybersecuritynews.com CVE-2024-12345
RingReaper - New Linux EDR Evasion Tool Using io_uring Kernel Feature - This advanced red team tool demonstrates how attackers can exploit high-performance asynchronous I/O operations to conduct stealthy operations while remaining undetected by traditional security monitoring mechanisms. A sophisticated new Linux evasion ...
6 months ago Cybersecuritynews.com
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
9 months ago Cybersecuritynews.com
Elastic EDR Evaded by Advanced Threat Actors: New Techniques Uncovered - Recent investigations reveal that Elastic Endpoint Detection and Response (EDR) solutions have been successfully evaded by sophisticated threat actors using novel attack techniques. This development highlights the evolving landscape of cyber threats ...
2 months ago Cybersecuritynews.com CVE-2023-12345 CVE-2024-56789 APT29 Lazarus Group
SonicWall releases SMA100 firmware update to wipe rootkit malware - SonicWall has released a critical firmware update for its SMA100 series appliances to address a severe rootkit malware infection. This update is designed to completely remove the malicious rootkit that had compromised the devices, ensuring enhanced ...
3 months ago Bleepingcomputer.com
SonicWall Firmware Update Contains Rootkit Malware, Warns Security Researchers - SonicWall, a leading cybersecurity company, recently issued a critical firmware update that was found to contain a rootkit malware. This alarming discovery was made by security researchers who warned users to be cautious when applying the update. The ...
3 months ago Cybersecuritynews.com CVE-2023-3519

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)