LinuxSecurity.com

OpenWRT has disclosed a data breach that occurred after a malicious hacker gained access to a forum admin account. The OpenWRT wiki, which contains the official download links, was not compromised, the project said.

Security researchers have discovered a set of seven vulnerabilities in dnsmasq - a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services - which allow attackers to redirect users or execute malicious code. This dangerous set of flaws has been named DNSpooq. Patch dnsmasq now!

A free, community-driven fork of Red Hat Enterprise Linux, AlmaLinux will serve as drop-in alternative for CentOSPALO ALTO, Calif., January 12, 2021 -- CloudLinux has named the free CentOS replacement AlmaLinux, which will be available in the first quarter this year. Previously, it was code-named Project Lenix. CloudLinux announced the drop-in CentOS alternative last month, committing $1 million annually in development.''The demise of the CentOS stable release left a very large gap in the Linux community which prompted CloudLinux to step in and launch a CentOS alternative,'' said Igor Seletskiy, CEO and founder of CloudLinux Inc.. ''For CloudLinux it was an obvious move: the Linux community was in need, and the CloudLinux OS is a CentOS clone with significant pedigree '' including over 200,000 active server instances. AlmaLinux is built with CloudLinux expertise but will be owned and governed by the community. We intend to deliver this forever-free Linux distribution this quarter.''AlmaLinux references the Latin-language word for soul. CloudLinux chose the name AlmaLinux in honor of the tireless efforts of the Linux community, efforts that started with Linus Torvalds' first Linux kernel release in 1991. The diverse individuals and organizations that constitute the Linux community have developed Linux into a flexible operating system (OS) kernel that powers everything from desktops to enterprise servers. Go to https://almalinux.org/ for more information.In delivering AlmaLinux to the community, CloudLinux pivots off its existing, established Linux expertise. The team at CloudLinux has spent 10 years building, developing, and supporting the CloudLinux OS. CloudLinux OS supports enterprise-scale server fleets in the cloud and is in itself a version of CentOS, the free RHEL fork.''Why alma? Just like every developer and every user that relies on a Linux-powered OS, we at CloudLinux benefit from the dedicated and often selfless efforts of the Linux community. This community is the soul of Linux. In the spirit of the Linux community, we decided to name our new distribution AlmaLinux'', said Seletskiy. Following Red Hat's December 2020 announcement that the CentOS stable release is no longer under development, CloudLinux launched a project to deliver a drop-in replacement. The project was code-named Project Lenix.Project Lenix has now crystallized into AlmaLinux, a 1:1 binary compatible fork of RHEL 8, with an effortless migration path from CentOS to AlmaLinux. Future RHEL releases will also be forked into a new AlmaLinux release. CloudLinux backs AlmaLinux with $1 million annual investment in development, and a commitment to supporting AlmaLinux through 2029. About CloudLinuxCloudLinux is on a mission to continually increase security, stability and availability of Linux servers and devices.Headquartered in Palo Alto, California, CloudLinux Inc. develops a hardened Linux distribution, Linux kernel live security patching, extended support options for Linux, and web server security software used by enterprises, service providers, governments and universities all over the world.CloudLinux has more than 4,000 customers and partners, more than 500,000 product installations globally, and dedicated analysts and developers that together have more than 450 years' worth of Linux experience along with a passion for delivering the best customer care.For more information, visit https://CloudLinux.com .# # #Contact:Glenn RossmanEckert Communications (for CloudLinux)glenn@eckertcomms.com914-623-8354

The Linux Mint project has patched a security flaw discovered by two kids that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops. Linux Mint is now working on adding a setting that will let users disable the on-screen keyboard, which would make mitigating future bugs in this component easier until patches are generally available.

The Linux Foundation has offered suggestions on how we can avoid SolarWinds type attacks in the future. Doing so won't be easy - but it must be done.

AlmaLinux, CloudLinux's new business Linux distro based on RHEL and CentOS, will be released in the first quarter of 2021.

Thank you to Skynats for contributing this article.This past decade has been plagued with security vulnerabilities. Let's have a look at the top vulnerabilities that have recently crippled the IT world.Badlock: Badock is a crucial security bug affecting Windows computers and Samba servers. It is identified using the following reference: (CVE-2016-0128(Microsoft) CVE-2016-2118(samba). The RPC services allowed an attacker to become a man in the middle to intercept the communication between a client and a server hosting a SAM database to exploit and force the authentication to downgrade, allowing the attackers to access the SAM database. Blueborne: Blueborne is a virus that spreads through the air. Yes, it of course through the Bluetooth on your device. Everything from your smartphone to other devices (TV, Computer, smart cars, laptops) are Bluetooth enabled and active almost all the time, leaving these devices vulnerable to malware attacks that can remotely seize them without user permission.Cloud Bleed: This was another leading cloud-based security vulnerability affecting Cloudflare's reverse proxies which was discovered on February 17, 2017. Most of the busiest websites and the apps rely on Cloudflare's protection. This security bug caused their edge server to run past the end of a buffer and then return the memory which contained private information such as: 1. HTTP cookies 2. Authentication tokens 3. HTTP post bodies 4. Tons of sensitive data and moreThe worst part was that some of this data was cached by search engines. Dirty Cow: This was another serious security problem discovered in the way the Linux kernel memory handled the copy on write (COW) that affects Linux-based OSes including Android devices that used an older version (before 2018) of the Linux kernel. Dirty Cow is a local privilege escalation vulnerability bug that exploits a rare condition by implementing the copy on write mechanism. Computers and devices that still using an older version of the Linux kernel remain vulnerable, and any user can become root in less than five seconds. The exploitation of this bug doesn't leave any trace in the log, so you can't detect if someone has used this exploit against your server. Foreshadow: This bug (L1TF or foreshadow) affecting Intel/AMD processors will allow attackers unprecedented access to sensitive information that is stored on a personal computers and cloud server. Foreshadow has two versions: the original attack which extracts data from SGX enclaves and the second version (next-generation) which targets virtual machines (VMs), hypervisors (VMM), OS Kernel memory and system management mode (SMM) memory.Foreshadow is similar to the Spectre security bug which affects the Intel and AMD chips, and the Meltdown security bug also affects Intel.Nevertheless, applying software patches may help mitigate some concern, but the users may see some considerable changes in overall PC or server power by doing so. Heartbleed: Heartbleed is a serious vulnerability in the popular open SSL cryptographic software library, used widely in implementation of the transport layer security (TLS) protocol. The Heartbleed vulnerability was publicly disclosed in April of 2014. iSee You: This is an Apple webcam vulnerability which is a silent malware attack. Apple laptops affected are capable of running all sort of operating systems, including macOS, Microsoft Windows and Linux. Researchers have released iSightDefender, a macOS kernel extension to reduce the attack surface under the macOS operating system. KRACK: (Key Reinstallation Attack) is a replay attack (a type of exploitable flaw) on the Wi-Fi protected Access protocol (WPA) used to secure the Wi-Fi connections. It was discovered in 2016 by Belgian researchers. All the major software platforms that use Wi-Fi protected access are affectedincluding Microsoft windows, macOS, iOS, Linux, Andriod and OpenBSD. Lazy: Lazy, which is also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel CPUs. The vulnerability is caused by a combination of flaws in the speculation execution technology. This vulnerability is used to leak the content of the FPU registers that belongs to another process. Lazy is related to the Spectre and Meltdown vulnerabilities which were publicly disclosed in January of 2018. Linux .encoder: This is considered to be the first ransomware Trojan targeting computers and cloud servers running Linux. There are additional variants of this Trojan that target other UNIX and UNIX-like systems which were discovered on November 5, 2015. Meltdown: Meltdown is a severe security vulnerability in tech media that is found in almost all CPUs used in modern devices. Mobile phones, laptops, systems and internet of things (IoT) devices are vulnerable. Meltdown CPU vulnerabilities and exposures will break the fundamental isolation between the user and the application. This will allows a rogue process to access the memory of other programs and the operating system. The Meltdown vulnerabilities primarily affect Intel microprocessors, but will also affect the ARM Cortex-A75 and IBM's Power microprocessors. It does not affect AMD CPUs. Microarchitectural: The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading to leak data across the protection boundaries that are architecturally supposed to be secure. After Meltdown, Spectre and Foreshadow, Microarchitectural is considered the most critical vulnerability in modern processors. The attack exploits vulnerabilities have been labeled as Fallout, RIDL (rogue in-flight Data load) and Zombiaload and allows attackers to steal sensitive data and keys.Have another vulnerability that you feel belongs on this list? Please do not hesitate to reach out and let us know!

Thank you to Skynats for contributing this article.Past many years in the computer and IT security world are manipulated with so many vulnerabilities. We can see enormous cloud computing adopters using high speed 4G LTE networks in mobile devices. Let's have a look on top vulnerabilities that crippled IT world this decade.

Linus Torvalds would love to run Linux on an M1-powered Mac, and a crowd-sourced project is trying to port Linux to Apple's newest, but top Linux kernel developer Greg Kroah-Hartman warns that it won't be easy. That being said, "With some luck and a lot of hard work, Linux users may eventually run Linux users' favorite OS on the next-generation of their favorite Apple hardware."

Microsoft Defender for Linux - Microsoft's server-based Linux security program - is now ready to protect your Linux servers, Windows desktops, and Macs with endpoint detection and response capabilities.

Exciting things are in store for Tails OS users in 2021, as the Tails OS team plans to improve some core features of the privacy- and security-focused OS, especially for censorship circumvention.

RedHat's acquisition of StackRox underscores the growing significance of DevSecOps. "DevSecOps, the best of DevOps and security operations, is becoming a top priority for enterprise customers. StackRox, with its integration with existing DevOps and CI/CD tools, delivers seamless DevSecOps for Kubernetes."

Nvidia has patched several serious security vulnerabilities affecting Windows and Linux devices. These flaws could lead to privilege escalation or denial of service if left unpatched.

Linux has become a popular target among cybercriminal groups, who have started infecting Linux machines via a fileless malware installation technique that until recently was more commonly used against Windows-based systems.

Running PHP on a Linux web server is a prerequisite for the use of many popular applications such as Wordpress, Joomla and Drupal. Linux administrators and web developers must approach PHP with caution, as new vulnerabilities in poorly written and implemented PHP code are abundant and dangerous.

Most container work is done with Linux - but the fact that some jobs are also done with Windows-based containers can't be ignored. Now Red Hat makes it possible to manage both Linux and Windows containers with Kubernetes via OpenShift.

Linux malware authors are leveraging the Ezuri Golang crypter to pack their malware with dangerous zero detection capabilities.

Meltdown and Spectre have raised awareness of the danger of hardware and firmware vulnerabilities. Here's a roundup of the ones that present the most significant threats.

Looking to improve your company's security in 2021? Open-source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.

A high-risk RCE bug impacting PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases has been discovered and disputed by Zend. Regardless of the dispute, Zend has issued a patch addressing this vulnerability which "provides type checking of the $streamName property before performing a cleanup operation (which results in an unlink() operation, which, previously, could have resulted in an implied call to an an object's __toString() method) in the Laminas\Http\Response\Stream destructor".