veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

279
active users

#io_uring

0 posts0 participants0 posts today

Just watching syscalls misses io_uring interface to the kernel allowing malware to go undetected.

On the news I missed front:
theregister.com/2025/04/29/lin

PoC Code:
github.com/armosec/curing

The article mentions a couple of endpoint detection & prevention tools, but not giant #crowdstrike
Interested to see if CrowdStrike watches io_uring calls. (I bet it will now.)

The Register · Watch out for any Linux malware sneakily evading syscall-watching antivirusBy Iain Thomson

Whoa, hold up! 🤯 There's a new Linux rootkit dubbed "Curing" out in the wild, and it's got a nasty trick: leveraging `io_uring` to slip right past traditional security tools. Why? Because most of those tools are laser-focused on system calls... which `io_uring` can bypass.

So, what's the deal with `io_uring`? Picture an application chatting directly with the kernel, essentially skipping the front desk where system calls usually check-in. "Curing" exploits this direct line for its command-and-control communication, leaving *none* of the usual suspicious system call footprints. Talk about stealth mode! And heads up – Google has actually been warning about the potential risks here for some time.

Speaking from a pentester's perspective, this is yet another stark reminder: just relying on "basic" security isn't going to cut it. We really need to dive deeper, get our hands dirty with kernel-level analysis and understanding. Let's be clear: running automated scans is *not* the same as a thorough penetration test!

What about you? Are you utilizing `io_uring` in your environment? What kind of security measures have you put in place around it? Seriously curious – how do you see kernel security evolving from here? Let's discuss! 👇

HAPPY 18TH BIRTHDAY #VarnishCache ! To celebrate this memorable occasion, we have just tagged Version 1.0.0-rc1 of gitlab.com/uplex/varnish/slash, which contains fellow, our advanced, #io_uring based, high performance, eventually persistent, always consistent #opensource storage engine.
Read the full announcement: varnish-cache.org/lists/piperm
And the changelog: gitlab.com/uplex/varnish/slash

GitLabuplex / varnish / slash · GitLabStorage Engines (stevedores) and Routers (loadmasters) for Varnish-Cache