Most Linux users assume their security tools will catch bad actors before damage is done – but sadly, new research suggests that confidence may be misplaced. You see, ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.
This is shocking; I didn’t know Betanews is still around…
Read the fucking article. Even if it’s undetailed and basically clickbait. io_uring does not open any security holes nor does it help to bring rootkits into the system. It might be used to hide an already installed rootkit from certain monitoring systems. Supposed that the security system they are part of was already compromised enough to allow someone to intrude and install the rootkit first of all.
