NEWS
Intel Releases Linux Patch for Alder Lake Thread Director
The Performance and Efficiency cores within Intel's Adler Lake CPUs have received patches to dramatically increase performance with the Linux operating system.
Soon after Microsoft released Windows 11, it became clear that the Linux operating system lagged behind the competition in performance. The reason for this was because Linux lacked adequate support for Intel's Thread Director technology (created from the Enhanced Hardware Feedback Interface), which grants proper access to the high-performance Golden Cove cores and the energy-efficient Gracemont cores.
The current firmware for Linux relies on an algorithm to plan which P/E cores are utilized by the ITMT/Turbo Boost Max 3.0 driver. That method is not nearly as efficient as Intel's new patch. The company explains the patch by saying:
"The Intel Hardware Feedback Interface (HIFI) provides information about the performance and energy efficiency of each CPU in the system. It uses a table that is shared between hardware and the operating system. The contents of the table may be updated as a result of changes in the operating conditions of the system (e.g., reaching a thermal limit) or the action of external factors (e.g., changes in the thermal design power)."
The HIFI calculates the power efficiency and performance of the CPU, gives the core a numerical value, and communicates that information to the operating system.
This new set of patches is still in the revision stage and there has yet to be an announcement as to when they will be made available to the kernel (or if they'll make it into version 5.17). Read more about this update on https://lore.kernel.org/lkml/20211220151438.1196-1-ricardo.neri-calderon@linux.intel.com/.
New Multiplatform Backdoor Malware Targets Linux, macOS, and Windows
The first signs of SysJoker appeared in December 2021, when researchers at Intezer were investigating an attack on a Linux web server. This malware is written in C++ and each variant is specifically tailored for the operating system it attacks. VirusTotal was unable to detect the malware, even using 57 different detection engines.
Once the malware has been deployed, it fetches the SysJoker zip file from GitHub, unpacks it, and executes the payload. The payload gathers information about the machine, stores and encodes the results in a JSON object, creates persistence, reaches out to a C2 server (using a hard-coded Google Drive link, where the server is instructed to install additional malware), and runs commands on the infected device.
Intezer has provided a list of indicators for SysJoker for each operating system. On Linux, the files and subdirectories are created under /.Library/
and persistence is created with the cron job @reboot (/.Library/SystemServices/updateSystem)
. If you discover such a cron job, it's imperative that you kill all related processes, manually delete the files and cron job, scan the system to ensure all malicious files have been removed, and check for any weakness that might have allowed the attackers access to your server.
Find out more about SysJoker in the original Intezer report (https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/).
WhiteSource Releases Free Log4j Detection Tool
As the Log4j vulnerability continues to wreak havoc on the IT landscape, everyone is trying to prevent disaster from striking. A number of companies and development teams have released tools to help with the detection and remediation of the vulnerability. One such company is WhiteSource. Their new tool, Log4j Detect (https://github.com/whitesource/log4j-detect-distribution), is an open source command-line utility that scans your projects to detect the following known CVEs:
- CVE-2021-45046
- CVE-2021-44228
- CVE-2021-4104
- CVE-2021-45105
Once the scan is complete, it will report back the exact path of the vulnerable files as well as the fixed version you'll need to remediate the issue. Log4j Detect should be run within the root directory of your projects and will also search for vulnerable files with both the .jar
and .gem
extensions. Log4j Detect supports the Gradle, Maven, and Bundler package managers.
In order for Log4j Detect to run properly, you'll need to install either gradle
(if the project is a Gradle project) or mvn
(if the project is a Maven project). The developers have also indicated both Maven and Bundler projects must be built before scanning. Once you have Log4j Detect installed, the scan can be issued with the command log4j-detect scan -d PROJECT
(where PROJECT
is the directory housing your project).
For more information about this tool, make sure to read through the project README (https://github.com/whitesource/log4j-detect-distribution/blob/main/README).md).
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Armbian 23.05 is Now Available
Based on Debian 12, the latest version of the ARM/RISC-V distribution is now available to download and install.
-
Linux Mint Finally Receiving Support for Gestures
If you use the Linux Mint Cinnamon desktop, you'll be thrilled to know that 21.2 is getting support for gestures on touchscreen devices and touchpads.
-
An All-Snap Version of Ubuntu is In The Works
Along with the standard deb version of the open-source operating system, Canonical will release an-all snap version.
-
Mageia 9 Beta 2 Ready for Testing
The latest beta of the popular Mageia distribution now includes the latest kernel and plenty of updated applications.
-
KDE Plasma 6 Looks to Bring Basic HDR Support
The KWin piece of KDE Plasma now has HDR support and color management geared for the 6.0 release.
-
Bodhi Linux 7.0 Beta Ready for Testing
The latest iteration of the Bohdi Linux distribution is now available for those who want to experience what's in store and for testing purposes.
-
Changes Coming to Ubuntu PPA Usage
The way you manage Personal Package Archives will be changing with the release of Ubuntu 23.10.
-
AlmaLinux 9.2 Now Available for Download
AlmaLinux has been released and provides a free alternative to upstream Red Hat Enterprise Linux.
-
An Immutable Version of Fedora Is Under Consideration
For anyone who's a fan of using immutable versions of Linux, the Fedora team is currently considering adding a new spin called Fedora Onyx.
-
New Release of Br OS Includes ChatGPT Integration
Br OS 23.04 is now available and is geared specifically toward web content creation.