The Qualys Research Team has discovered multiple critical vulnerabilities in the popular Exim mail server, which they have named 21Nails. Some of these flaws can be chained together to obtain full remote unauthenticated code execution and gain root privileges. With 60 percent of the world’s public email servers worldwide running on Exim, this set of flaws represents a serious threat to many organizations.
Discover LinuxSecurity Features
On Saturday, April 24th, 2021, the computer security world was shaken by the news of the sudden death of Dan Kaminsky, a renowned hacker best known for his contributions in the realm of DNS security. Kaminsky was 42 years old.
The CrowdSec team is expanding the capabilities of their open-source and free security solution by finalizing the release of its brand new application bouncer on the WordPress marketplace. This new bouncer is compatible for versions 1.0.x and beyond. Given that the vast majority of websites in the world are hosted on WordPress, this addition will improve CrowdSec's defense arsenal in its mission to defend the greatest number.
Operational security at least seemed so much easier back when traditional 9-to-5 office life was still dominant. Talk of professionals taking their work home with them was largely metaphorical, with only occasional instances of C-suite types dragging their laptops everywhere they went. Business hardware and systems would be shielded through physical security and isolated networks. One office (or office complex), one place to guard: entirely straightforward.
Openwall recently announced the release of LKRG (Linux Kernel Runtime Guard) 0.9.0, featuring a host of major changes and improvements, as well as fixes for multiple security bugs. LKRG is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.
Running PHP on a Linux web server is a prerequisite for the use of many popular applications such as Wordpress, Joomla and Drupal. Linux administrators and web developers must approach PHP with caution, as new vulnerabilities in poorly written and implemented PHP code are abundant and dangerous.
On April 12, 2021, the Apache SpamAssassin Project announced the release of Apache SpamAssassin Version 3.4.6 mitigating two small but potentially annoying bugs introduced in Version 3.4.5, which was created to fix a few security vulnerabilities just a few weeks ago.
There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.
Greetings fellow Linux users!
Thank you to everyone who took part in our LinuxSecurity User Survey. As you may be aware of, LinuxSecurity.com is currently in the final stages of a major redesign in an effort to enhance user experience on the site, and your input is invaluable in the remainder of this process. It’s because of active, insightful community members like you that we have been able to remain the Linux community’s central resource for security news, advisories and HOWTOs for over two decades.
Greetings fellow Linux security enthusiasts!
We’re rebuilding our site and need your help! LinuxSecurity is currently undergoing a major overhaul and we would like your input. Got a new feature idea? See something about the current site you don’t like?