LinuxSecurity.com

Syndikovat obsah LinuxSecurity - Security Articles
The central voice for Linux and Open Source security news.
Aktualizace: 32 min 54 sek zpět

Linux Mint 22: Elevating Security and Usability for Admins

26 Červenec, 2024 - 14:59
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and security practitioners. Due to its stability, ease of use, and robust support system, the distro has quickly established itself in professional environments where reliability and performance are crucial.
Kategorie: Hacking & Security

Recent OpenSSH RCE Bug Explained: Impact & Mitigations

24 Červenec, 2024 - 13:00
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys' Threat Research Unit (TRU) demands the open source community's immediate attention. Dubbed as "regreSSHion" and assigned the identifier CVE-2024-6387 , this vulnerability stands out not merely because of its potential to enable unauthenticated, remote attackers to execute arbitrary code as root, but also due to its broad impact, affecting millions of OpenSSH server instances globally.
Kategorie: Hacking & Security

Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security

24 Červenec, 2024 - 13:00
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of the Internet email infrastructure.
Kategorie: Hacking & Security

Play Ransomware Group's New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

23 Červenec, 2024 - 15:12
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This development represents a significant evolution of ransomware strategies, and admins and businesses must understand these threats to implement effective defenses against them.
Kategorie: Hacking & Security

Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems

22 Červenec, 2024 - 14:42
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft Azure cloud systems in Ubuntu 16.04 (Extended Security maintenance) and Ubuntu 1804 ESM.
Kategorie: Hacking & Security

The Risks Inherent in Including Security Modules At Kernel Level: Lessons From CrowdStrike Incident

21 Červenec, 2024 - 15:43
Balancing strong security measures while minimizing operational risks is a constant juggling act in cybersecurity. The recent global outage caused by that bad CrowdStrike update underscores the risks of relying on kernel-level modules for security.
Kategorie: Hacking & Security

Navigating the Cybersecurity Maze: Advanced Linux Security Practices for Professionals

20 Červenec, 2024 - 13:00
As cyber threats rapidly advance, Linux administrators and InfoSec professionals are essential defenders against increasingly sophisticated threats. Protectors of critical infrastructure and sensitive data, these experts must implement a wide array of security practices designed specifically to their unique challenges.
Kategorie: Hacking & Security

Open Source Vulnerability Assessment Tools & Scanners

20 Červenec, 2024 - 13:00
Computer systems, software, applications, and other interfaces are vulnerable to network security threats. Failure to find these cybersecurity vulnerabilities can lead to the downfall of a company. Therefore, businesses must utilize vulnerability scanners regularly within their systems and servers to identify existing loopholes and weaknesses that can be resolved through security patching.
Kategorie: Hacking & Security

The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry

18 Červenec, 2024 - 16:13
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024 Survey''Understanding Current Needs." This report highlights the urgent need for formalized training and education in secure software development. It was derived from an industry survey of nearly 400 software developers, which revealed significant knowledge gaps.
Kategorie: Hacking & Security

Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems

18 Červenec, 2024 - 13:00
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its Known Exploited Vulnerabilities (KEV) catalog . This bug is being actively exploited in the wild, and federal organizations have been given a deadline of June 20th to patch it, suggesting that private organizations follow suit.
Kategorie: Hacking & Security

Google Boosts Linux Security with Array Checks

17 Červenec, 2024 - 14:20
As the cybersecurity landscape continues to evolve, developers and system administrators have faced several challenges in ensuring the safety of systems written using C. This is due to their vulnerability to buffer overflows.
Kategorie: Hacking & Security

Exploring Linux 6.10: Guide to Key Security Enhancements & Updates for Admins

16 Červenec, 2024 - 18:20
The Linux 6.10 release has generated considerable interest in the technology community. This is especially true among system administrators responsible for maintaining and securing networks and systems.
Kategorie: Hacking & Security

Securing IT Assets: Practical Strategies for Linux Admins & IT Teams

16 Červenec, 2024 - 15:11
Have you ever wondered why your organization needs IT asset management? ITAM or IT asset management ensures your organization's assets are deployed, upgraded, maintained, accounted for, and disposed of in due time. It ensures that your organization's valuable items (both tangible and intangible) are being used and tracked.
Kategorie: Hacking & Security

How to Secure Your Data Warehouse in a Linux System

16 Červenec, 2024 - 14:26
The world of enterprise solutions relies heavily on effective data management. Standard systems, which work great for small businesses, simply break down once you have thousands of moving components operating worldwide - if not hundreds of thousands. Maintaining unstructured data, primarily if your business operates on a global scale, isn't just a waste of resources; it's also a risk to your company.
Kategorie: Hacking & Security

Introducing NethSecurity 8.1: Open-Source Firewall Spearheads Improved Linux Network Protection

11 Červenec, 2024 - 14:40
NethSecurity is a Linux firewall that has been gaining traction in the open-source Linux space. Its proactive approach to network management and security has set it apart.
Kategorie: Hacking & Security

CISA Adds New Chromium Zero-Day Bug to its Known Exploited Vulnerability Catalog

11 Červenec, 2024 - 13:00
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi. CISA has added this Type Confusion bug, exploited in the wild, to its Known Exploited Vulnerability Catalog . CISA has stated, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.", underscoring the significance of this flaw for impacted organizations.
Kategorie: Hacking & Security

The Hidden Dangers in Your Dependencies: Responding to Trojanized jQuery Attacks

10 Červenec, 2024 - 17:25
Security professionals and system administrators face growing cyber threats in today's digital environment, making defending systems increasingly challenging. A recent discovery by Phylum revealed a sophisticated large-scale operation targeting Node Package Manager (npm) , GitHub repositories, and Content Delivery Networks (CDNs) via trojanized versions of the jQuery JavaSecript library .
Kategorie: Hacking & Security

Closing the Door on CVE-2024-29510: Understanding and Mitigating Ghostscript's Latest RCE Threat

9 Červenec, 2024 - 19:02
Recently, open-source security was rocked by the discovery of an alarming Remote Code Execution (RCE) vulnerability within the Ghostscript document conversion toolkit '' CVE-2024729510 . This security breach poses a severe threat and can compromise countless Linux systems worldwide. To help you understand and protect against this threat, I'll walk you through how this flaw works, its impact, and practical strategies for mitigating your risk.
Kategorie: Hacking & Security

The Rise of Eldorado: Addressing the New Wave of Ransomware-as-a-Service Threats Targeting Linux Systems

9 Červenec, 2024 - 14:00
Cybersecurity has always been dynamic, and threats are evolving rapidly. One of the latest entrants into this dangerous arena is Eldorado, a ransomware-as-a-service (RaaS) that targets Windows and Linux systems. As revealed by Group-IB's recent discovery , this new ransomware has been making waves since it was first discovered in March 2024.
Kategorie: Hacking & Security

A Deep Dive into the HTTP File Server Vulnerability: Strategies to Shield Your System

7 Červenec, 2024 - 02:11
An aggressive cyber threat targeting HTTP File Server (HFS) users has emerged recently. A Remote Code Execution (RCE) vulnerability known as CVE-2024-23692 , first disclosed in May 2024, has been exploited by hackers worldwide to install malware onto systems and gain unwarranted control over them.
Kategorie: Hacking & Security