LinuxSecurity.com

IoT cybersecurity company Sternum has identified a security vulnerability affecting Zyxel Networks' Linux-operated NAS drives, including NAS326, NAS540, and NAS542 models, running on firmware version 5.21.

Canonical began the development of Ubuntu Core in 2014, to create a fully-containerised platform for IoT. In Ubuntu Core, we use the same kernel container technology that Docker and LXC are built on, to put every component of the system into a secure sandbox, with well-defined upgrade and rollback.

Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies.

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal .

An Improper Validation of Array Index vulnerability (CVE-2023-0950) was discovered in the spreadsheet component of The Document Foundation LibreOffice 7.4 versions prior to 7.4.6 and 7.5 versions prior to 7.5.1. With a low attack complexity, no privileges or user interaction required to exploit, and a high confidentiality, integrity and availability impact, this bug has received a National Vulnerability Database (NVD) severity rating of ''Critical''.

Multiple important denial of service (DoS) vulnerabilities (CVE-2023-0464 and CVE-2023-2650) have been discovered in the OpenSSL Secure Sockets Layer toolkit. These bugs are easy to exploit and have a high availability impact.

Nitrux 2.8.1, codenamed "sc" for "safer computing," has been released, offering enhanced privacy and security features. While the distribution does not claim to be impenetrable or unhackable, it aims to protect users' privacy and provide tools for online anonymization.

Several buffer overflow vulnerabilities have been identified in ntfs-3g. With a low attack complexity and a high confidentiality, integrity and availability impact, these vulnerabilities have received a National Vulnerability Database (NVD) severity rating of ''High''.

It was discovered that Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1 incorrectly handled uploading multiple files using one form field (CVE-2023-31047). With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, this vulnerability has been rated as ''Critical'' by the National Vulnerability Database (NVD).

In today's rapidly evolving digital landscape, where agility and scalability are paramount, traditional software deployment methods often fall short. Container technology is a game-changing innovation that has revolutionized how software is deployed, managed, and scaled. It offers many benefits, ensuring that applications run consistently regardless of the hosting environment.

Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center (JPCERT/CC) said in a report published today.

Red Hat President and Chief Executive Officer, Matt Hicks, shares insights and reflections from Red Hat Summit 2023.

No matter how often you go online and how or why you primarily use the Internet, you've probably seen phishing attack attempts. They're now so common and problematic that cybersecurity professionals regularly provide information to help people spot and avoid phishing attacks.

A new ransomware operation has been targeting Windows and Linux systems with a combination of payloads relying on leaked LockBit and Babuk code and custom-developed tools.

Public source code repositories, from Sourceforge to GitHub , from the Linux Kernel Archives to ReactOS.org , from PHP Packagist to the Python Package Index , better known as PyPI , are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers' toolkits that have done computer science and software engineering a world of good.

The Cybersecurity & Infrastructure Security Agency (CISA) added seven new Linux vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Friday based on evidence of active exploitation, some of which have been known for a decade:

Several important security issues have been found in the Linux kernel, including a slab-out-of-bound read problem (CVE-2023-1380), a heap out-of-bounds read/write vulnerability in the traffic control (QoS) subsystem (CVE-2023-2248), and an out-of-bounds write issue in the kernel before 6.2.13 (CVE-2023-31436). The vulnerabilities have received a National Vulnerability Database (NVD) rating of ''high-severity'' due to their high confidentiality, integrity and availability impact.

Two important ReDoS issues have been found in the Ruby programming language; one in the URI component (CVE-2023-28755) and one in the Time component (CVE-2023-28756). It was discovered that the URI parser and the Time parser mishandle invalid URLs that have specific characters, causing an increase in execution time for parsing strings to URI and Time objects.

There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.

Fedora Onyx is now approved to be an official Fedora variant. A Budgie desktop user? You will love this!