NEWS
Intel Releases Linux Patch for Alder Lake Thread Director
The Performance and Efficiency cores within Intel's Adler Lake CPUs have received patches to dramatically increase performance with the Linux operating system.
Soon after Microsoft released Windows 11, it became clear that the Linux operating system lagged behind the competition in performance. The reason for this was because Linux lacked adequate support for Intel's Thread Director technology (created from the Enhanced Hardware Feedback Interface), which grants proper access to the high-performance Golden Cove cores and the energy-efficient Gracemont cores.
The current firmware for Linux relies on an algorithm to plan which P/E cores are utilized by the ITMT/Turbo Boost Max 3.0 driver. That method is not nearly as efficient as Intel's new patch. The company explains the patch by saying:
"The Intel Hardware Feedback Interface (HIFI) provides information about the performance and energy efficiency of each CPU in the system. It uses a table that is shared between hardware and the operating system. The contents of the table may be updated as a result of changes in the operating conditions of the system (e.g., reaching a thermal limit) or the action of external factors (e.g., changes in the thermal design power)."
The HIFI calculates the power efficiency and performance of the CPU, gives the core a numerical value, and communicates that information to the operating system.
This new set of patches is still in the revision stage and there has yet to be an announcement as to when they will be made available to the kernel (or if they'll make it into version 5.17). Read more about this update on https://lore.kernel.org/lkml/20211220151438.1196-1-ricardo.neri-calderon@linux.intel.com/.
New Multiplatform Backdoor Malware Targets Linux, macOS, and Windows
The first signs of SysJoker appeared in December 2021, when researchers at Intezer were investigating an attack on a Linux web server. This malware is written in C++ and each variant is specifically tailored for the operating system it attacks. VirusTotal was unable to detect the malware, even using 57 different detection engines.
Once the malware has been deployed, it fetches the SysJoker zip file from GitHub, unpacks it, and executes the payload. The payload gathers information about the machine, stores and encodes the results in a JSON object, creates persistence, reaches out to a C2 server (using a hard-coded Google Drive link, where the server is instructed to install additional malware), and runs commands on the infected device.
Intezer has provided a list of indicators for SysJoker for each operating system. On Linux, the files and subdirectories are created under /.Library/
and persistence is created with the cron job @reboot (/.Library/SystemServices/updateSystem)
. If you discover such a cron job, it's imperative that you kill all related processes, manually delete the files and cron job, scan the system to ensure all malicious files have been removed, and check for any weakness that might have allowed the attackers access to your server.
Find out more about SysJoker in the original Intezer report (https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/).
WhiteSource Releases Free Log4j Detection Tool
As the Log4j vulnerability continues to wreak havoc on the IT landscape, everyone is trying to prevent disaster from striking. A number of companies and development teams have released tools to help with the detection and remediation of the vulnerability. One such company is WhiteSource. Their new tool, Log4j Detect (https://github.com/whitesource/log4j-detect-distribution), is an open source command-line utility that scans your projects to detect the following known CVEs:
- CVE-2021-45046
- CVE-2021-44228
- CVE-2021-4104
- CVE-2021-45105
Once the scan is complete, it will report back the exact path of the vulnerable files as well as the fixed version you'll need to remediate the issue. Log4j Detect should be run within the root directory of your projects and will also search for vulnerable files with both the .jar
and .gem
extensions. Log4j Detect supports the Gradle, Maven, and Bundler package managers.
In order for Log4j Detect to run properly, you'll need to install either gradle
(if the project is a Gradle project) or mvn
(if the project is a Maven project). The developers have also indicated both Maven and Bundler projects must be built before scanning. Once you have Log4j Detect installed, the scan can be issued with the command log4j-detect scan -d PROJECT
(where PROJECT
is the directory housing your project).
For more information about this tool, make sure to read through the project README (https://github.com/whitesource/log4j-detect-distribution/blob/main/README).md).
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.