Kali Linux team emphasizes on a major visual changes to their 20xx.1 release, that is the first release of every year. And Kali Linux 2022.1 release brings in new visual refresh and a new flavor known as offline ISO.

There are several other improvements with Linux Kernel upgrade, some new hacking tools, live VM support, Apple M1 support, and more. Let us look at the major highlights for Kali Linux 2022.1.

What's new in Kali Linux 2022.1 Release?

Kali Linux features like drag ‘n’ drop, copy/paste have now been enabled by default to give users a better experience in a VM with i3.

And the new flavor, that comes as a standalone offline ISO includes everything from “kali-linux-everything” packages, offering you the ability to download an offline ISO without needing the packages installation separately.

Kali Linux 2022.1 brings new tools with some worthy of them highlighted below:

  • New packages for ARM64 architecture including feroxbuster
  • Enable legacy algorithms, ciphers, SSH using a setting in kali-tweaks
  • Accessibility improvements for speech synthesis in the Kali Linux
  • Introduction of some new tools like email2phonenumber, dnsx, naabu, and proxify

Also, there are tweaks to remove the exit code, skull icon, and number of background processes, with significant improvements for desktop and Raspberry Pi.

How to Download and Install Kali Linux 2022.1 Release?

For existing users of Kali Linux, a quick update can be performed using the following commands:
echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" | sudo tee /etc/apt/sources.list sudo apt update && sudo apt -y full-upgrade cp -rbi /etc/skel/. ~ [ -f /var/run/reboot-required ] && sudo reboot -f

And for new users, its ISO is available in the official site for download, but note that ‘Everything’ flavor is available only via Torrents.

Kali Linux 2022.1 Release: New Everything Offline ISO

Privacy Sandbox is a set of security features that will phase out cookies and fingerprinting, by reducing the amount of user information sites can access in order to keep tabs on users' privacy.

Google has announced a multi-year initiative to setup Privacy Sandbox on Android, with more private advertising solutions. These solutions will limit the sharing of users data with third parties and operate without cross-app identifiers, like advertising ID.

According to the company, Mobile apps as core part of everyday lives, with over 90% of the apps on Google Play being free, offering access to valuable content and services to billions of users and digital advertising plays a key role in making this possible.

A different Approach to ads privacy, bluntly restricting existing technologies

The goal of the Privacy Sandbox on Android is to develop effective privacy and enhancing advertising solutions, whereby users can know that their information is protected, and developers have the tools to succeed on mobile.

Google plans to support existing ads platform features for at least two years, and intend to provide substantial notice ahead of any future changes. This initiative needs input from across the industry to succeed. The company already heard from many partners on their interest in working to improve ads privacy on Android, and more organizations are invited to participate.

Developers can review the initial design proposals and share feedback on the Android developer website. There is plan to release developer previews over the course of the year, with a beta release by the end of the year. With regular updates provided on designs and timelines, so you can also sign up to receive updates.

Privacy Sandbox coming to Android for User Data protection

A joint security advisory from CISA, FBI, NSA warns of increase in sophisticated, high-impact ransomware attacks that target critical organization's infrastructure across the world.

The advisory highlighted a broad range of industries targeted, which include agriculture, defense, emergency services, government facilities, IT, healthcare, financial services, legal institutions, public services, education, and energy. The common infection techniques employed are spear-phishing, brute-forced Remote Desktop Protocol (RDP) credentials stealing, and exploitation of software bugs, with the infection vectors used to deploy ransomware on compromised networks.

According to the Cybersecurity authorities, the market for ransomware became increasingly “professional” in 2021, with cybercriminal using services-for-hire business model now well established.

Tactics, Techniques, and Procedures (TTPs) used by criminals for Ransomware attacks?

The major tactics among cyber criminals in gaining access to networks are via phishing, stolen RDP credentials or brute force, and exploiting known vulnerabilities in software.

While phishing emails, RDP and exploitation of vulnerabilities remained the top infection vectors for ransomware incidents in 2021. And if a threat actor gains code execution on a device or network, ransomware can be easily deployed. These infection vectors remain popular because of their increased use starting in the previous year and continuing into 2021.

The expanded remote attack surface leave network defenders struggling to keep pace with routine security patching, and as ransomware groups share victim information with each other, diversifying the security threat on targeted organizations.

How to Mitigate against Ransomware attacks?

It is recommended that network defenders should apply the following mitigations to reduce the likelihood or impact of ransomware attacks:

Keep all software up to date: including timely security patching which is the most efficient and cost-effective step to minimize exposure to security threats.

Also, if your organization uses RDP or other potentially high risk service, there is need to secure and monitor them closely, with regular checking for notifications, and prioritize applying patches for known vulnerabilities. And automate security scanning and testing, when possible if upgrading hardware or software, to take advantage of vendor-provided security capabilities.

Cybersecurity Authorities warns of Sophisticated, High-impact Ransomware attacks

Slackware, one of the oldest Linux distribution, has received a new update after several years, with the latest version having been released in 2016.

The Slackware team starting with an alpha release, went on to release candidates (Two), and finally Slackware Linux 15.0 is now available for the public. Slackware 15.0 has undergone a lot of changes, such as the addition of the latest Linux Kernel 5.15 LTS and KDE Plasma 5.23, which brings enhanced NTFS driver and Apple’s M1 chip support, among others.

Indeed, Slackware 15.0 is an exciting release, as it also offers support for Intel 12th gen processors. Let’s dive into what’s new in Slackware 15.0.

What’s New in Slackware 15.0 Release?

Slackware 15.0 has the major addition of the latest Linux Kernel 5.15 LTS, which guarantees a great hardware compatibility experience for what's perhaps the oldest running Linux distro.

The KDE Plasma packages has been updated to 5.23, with KDE Frameworks updated to version 5.88; and KDE Plasma 5.23 included several UI improvements, and a range of cosmetic changes that improves the user experience. Also, the updated Xfce 4.16 comes bundled with Slackware 15.0, among the desktop environment options.

Highlighted below are other important additions:

  • From Qt4 to Qt5
  • Support for Wayland
  • Improvements in the Slackware pkgtools
  • Includes a “make_world.sh” script for rebuilding the OS from source code
  • SMP and non-SMP kernels for single-core and multi-core processors
  • Support for Privileged Access Management (PAM)
  • Support for UEFI and old systems
  • GCC compiler upgraded to version 11.2.0
  • Support for PipeWire

Furthermore, all the essential packages like Krita, Network Manager, OpenSSH, and Ocular also got an upgrade. With important apps like Firefox, Falkon browser and Thunderbird updated to their latest available releases as well.

How to Download and Install Slackware 15.0?

Kindly note that upgrading from older versions such as Slackware 14.2 isn't feasible, it is advised that you do a fresh installation.

And for a fresh installation, you should checkout the upgrade instructions available here, and you can install the new ISO from the official website.

Slackware 15.0 Release: What’s New?

SEO poisoning involves creating malicious websites loaded with keywords, and other search engine optimization techniques to make the pages show up prominently in search results.

There's an ongoing SEO poisoning attack campaign, according to researchers at Mandiant, that abuse trusted legitimate software utilities to trick web users into downloading the infamous malware, BATLOADER, on their machines.

The team also observed a crafty defense evasion technique employed by the hackers using mshta.exe, a Windows-native utility designed to execute Microsoft HTML Application (HTA) files.

How Hackers use SEO Poisoning to Distribute BATLOADER malware?

In the SEO poisoning campaign, the hackers often use “free productivity apps installation” or “free software development tools installation” as keywords to lure unsuspecting users to a compromised website to download a malicious installer.

While the installer contains a compromised version of the legitimate software bundled with the BATLOADER malware, and the malware is executed during the software installation process. This initial phase is the beginning of a multi-stage infection chain which provides the hackers with a strong foothold within the target organization.

And such legitimate tools as Msiexec.exe, PowerShell, and Mshta.exe allow proxy execution of the malicious payloads which enables the hackers to avoid detection.

How to Mitigate against SEO Poisoning Attack?

The public release of this information, means that other unaffiliated threat actors would be replicating the techniques for their own malicious motives and objectives.

Therefore, organizations are recommended to follow a holistic security system that mapped to the MITRE ATT&CK framework and includes related intelligence so they can take decisive action throughout their environment.

Hackers resort to SEO Poisoning to Distribute BATLOADER malware