Interesting: > The company has released a working rootkit called “Curing” that uses io_uring, > a feature built into the Linux kernel, to stealthily perform malicious > activities without being caught by many of the detection solutions currently > on the market. > > At the heart of the issue is the heavy reliance on monitoring system calls, > which has become the go-to method for many cybersecurity vendors. The problem? > Attackers can completely sidestep these monitored calls by leaning on io_uring > instead. This clever method could let bad actors quietly make network > connections or tamper with files without triggering the usual alarms...