LinuxSecurity.com

In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.

Threat actors are evolving to target a wide variety of systems and infrastructure, BlackBerry says in a new report. "In addition, attacks against Linux systems and cloud infrastructure will increase as threat actors look to install backdoors on target systems and gain visibility into organizations for further activities."

The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs.

After rising and falling since 2021, new Linux malware hit record highs at year-end in 2022, growing by 117% over previous levels.

In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.

For bad actors, the more intelligence they have on their target, the better. Attackers typically gather intelligence by scraping data readily available from public sources, called open source intelligence (OSINT).

Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware.

Node.js is an open source development platform for running JavaScript code on the server side. Node is useful for developing applications that require a persistent browser-server connection and is often used for real-time applications such as chat, social applications, or news feeds.

There's been a shift towards 'memory safe' languages. So, can updates to C++ help it catch up in the eyes of developers?

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa.

Linux is undoubtedly the best open-source operating system, and is arguably the most secure OS by design . Most computers these days are Linux-based. Android OS, which is the most commonly used mobile operating system, is also Linux-based. The same goes for Chromebooks and a variety of tablets.

Unless your computer is pretty old, it probably uses UEFI (Unified Extensible Firmware Interface) to boot. The idea is that a bootloader picks up files from an EFI partition and uses them to start your operating system.

The US government's cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.

Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution.

Threat actors have been leveraging polyglot and malicious Java archive files to distribute the StrRAT and Ratty remote access trojans to evade detection by security solutions, The Hacker News reports.

The global linux operating system market was valued at 5.33 Billion U.S. dollars in 2021 and is expected to grow to 22.15 Billion U.S. dollars in 2029, at a Compound Annual Growth Rate (CAGR) of 19.8% during the forecast period.

SecurityWeek reports that pro-Ukraine hacktivist group GhostSec is having its claims of launching the first-ever ransomware attack against an industrial control system device questioned by cybersecurity experts.

A new privilege escalation vulnerability has been identified in the Linux kernel by researcher Davide Ornaghi. This vulnerability might enable a local attacker to execute code on vulnerable computers with elevated rights if the kernel is installed on those systems.

The pace of software development is accelerating. Devops teams are under more pressure to launch products rapidly, and they are able to do so in part because of open-source software (OSS) tools.

''Log4j has been around for 20 years; it's become embedded into nearly every meaningful Java application; and the Log4Shell event led to compromises in everything from iCloud to physical security systems. Moreover, malware groups are continuing to exploit unpatched Log4j instances. We will likely see additional Log4Shell-like events unless we address its root issues.''