LinuxSecurity.com
OpenSSF Aimed to Stem Open Source Security Problems in 2022
In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.
Kategorie: Hacking & Security
BlackBerry: Cyberattacks Are Being Launched Once Every Minute
Threat actors are evolving to target a wide variety of systems and infrastructure, BlackBerry says in a new report. "In addition, attacks against Linux systems and cloud infrastructure will increase as threat actors look to install backdoors on target systems and gain visibility into organizations for further activities."
Kategorie: Hacking & Security
The Unrelenting Menace of the LockBit Ransomware Gang
The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs.
Kategorie: Hacking & Security
Linux Malware Rates Rise to Record Levels Amid Hacker Inconsistency
After rising and falling since 2021, new Linux malware hit record highs at year-end in 2022, growing by 117% over previous levels.
Kategorie: Hacking & Security
OpenSSF Aimed to Stem Open Source Security Problems in 2022
In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.
Kategorie: Hacking & Security
An IBM Hacker Breaks Down High-Profile Attacks
For bad actors, the more intelligence they have on their target, the better. Attackers typically gather intelligence by scraping data readily available from public sources, called open source intelligence (OSINT).
Kategorie: Hacking & Security
New Boldmove Linux Malware Used to Backdoor Fortinet Devices
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware.
Kategorie: Hacking & Security
A DevSecOps Process for Node.js Projects
Node.js is an open source development platform for running JavaScript code on the server side. Node is useful for developing applications that require a persistent browser-server connection and is often used for real-time applications such as chat, social applications, or news feeds.
Kategorie: Hacking & Security
C++ Programming Language and Safety: Here's Where It Goes Next
There's been a shift towards 'memory safe' languages. So, can updates to C++ help it catch up in the eyes of developers?
Kategorie: Hacking & Security
Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa.
Kategorie: Hacking & Security
How to Check if Your Linux System is Infected with a Virus
Linux is undoubtedly the best open-source operating system, and is arguably the most secure OS by design . Most computers these days are Linux-based. Android OS, which is the most commonly used mobile operating system, is also Linux-based. The same goes for Chromebooks and a variety of tablets.
Kategorie: Hacking & Security
Linux FU: UEFI Booting
Unless your computer is pretty old, it probably uses UEFI (Unified Extensible Firmware Interface) to boot. The idea is that a bootloader picks up files from an EFI partition and uses them to start your operating system.
Kategorie: Hacking & Security
Exploited Control Web Panel Flaw Added to CISA 'Must-Patch' List
The US government's cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.
Kategorie: Hacking & Security
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled
Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution.
Kategorie: Hacking & Security
Stealthy Malware Distribution Involves Polyglot Files
Threat actors have been leveraging polyglot and malicious Java archive files to distribute the StrRAT and Ratty remote access trojans to evade detection by security solutions, The Hacker News reports.
Kategorie: Hacking & Security
Linux Operating System Market Predicted to Grow at a CAGR of 19.8% by 2029
The global linux operating system market was valued at 5.33 Billion U.S. dollars in 2021 and is expected to grow to 22.15 Billion U.S. dollars in 2029, at a Compound Annual Growth Rate (CAGR) of 19.8% during the forecast period.
Kategorie: Hacking & Security
GhostSecs Claimed ICS Ransomware Attack Questioned
SecurityWeek reports that pro-Ukraine hacktivist group GhostSec is having its claims of launching the first-ever ransomware attack against an industrial control system device questioned by cybersecurity experts.
Kategorie: Hacking & Security
A New Privilege Escalation Vulnerability in the Linux Kernel, Enables a Local Attacker to Execute Malware on Vulnerable Systems
A new privilege escalation vulnerability has been identified in the Linux kernel by researcher Davide Ornaghi. This vulnerability might enable a local attacker to execute code on vulnerable computers with elevated rights if the kernel is installed on those systems.
Kategorie: Hacking & Security
Consider Open Source Software While Evaluating The Security Of Cloud Applications
The pace of software development is accelerating. Devops teams are under more pressure to launch products rapidly, and they are able to do so in part because of open-source software (OSS) tools.
Kategorie: Hacking & Security
OpenSSF Outlook Q1 2023: How To Avoid the Next Log4Shell and Other OSS Security Reflections
''Log4j has been around for 20 years; it's become embedded into nearly every meaningful Java application; and the Log4Shell event led to compromises in everything from iCloud to physical security systems. Moreover, malware groups are continuing to exploit unpatched Log4j instances. We will likely see additional Log4Shell-like events unless we address its root issues.''
Kategorie: Hacking & Security