Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
application securitysocial engineeringpatch managementCybersecurity Trends from Black Hat USA 2021 and DEF CON 29 Highlights
Black Hat USA 2021 and DEF CON 29 have come to an end, and this year’s events did not disappoint, generating plenty of cybersecurity news, highlighting key industry trends and introducing some exciting new products. LinuxSecurity has been following both conferences, speaking with expert trainers and presenters and keeping our followers up-to-date on Twitter. Here are the highlights, key takeaways and notable trends we identified as Black Hat USA 2021 and DEF CON 29 unfolded that you should be aware of. . What Are Black Hat and DEF CON? Black Hat USA, a renowned event that features briefings and trainings taught by experts from around the globe, providing offensive and defensive hackers of all levels with invaluable opportunities for firsthand technical skill-building, celebrated its 24th anniversary this year. Black Hat USA 2021 was conducted in a unique hybrid format, which began with fourdays of real-time online Virtual Trainings, followed by the two-day main conference (both a Vitual and Live at the Mandalay Bay in Las Vegas. Each year, Black Hat USA is immediately followed by DEF CON, an infamous hacker conference also held in Las Vegas. The event consists of several tracks of speakers with expertise in the realm of computer security and hacking, as well as cybersecurity challenges and competitions (known as hacking “wargames”). Black Hat USA 2021 & DEF CON 29 Highlights, Announcements & Notable Trends As Cloud & Container Adoption Continues to Increase, Security Falls Behind & Ransomware Risk Skyrockets Cloud, Container, Kubernetes and Serverless environments have become the norm in modern infrastructure. Cloud and container adoption is rapidly increasing, as these technologies and frameworks enable organizations to grow and evolve at a very high velocity compared to the traditional workloads. In an recent interview with LinuxSecurity, Cloud Native Security Architect and instructor of the Black Hat USA 2021 course A Practical Approach to Breaking & Pwning Kubernetes ClustersMadhu Akula explained, “The challenges we see mostly arise from misconfiguration issues, which can have a big impact like the compromise of data and infrastructure. The recent Red Hat State of Kubernetes Security Report states that 94% of respondents experienced at least one security incident in their Kubernetes environments in the last 12 months, and concludes that security misconfigurations are to blame for the majority of these issues.” He elaborates, “These past few months have shown that supply chain attacks have serious implications when it comes to the security of modern infrastructure, as everything is codified including policies, infrastructure, applications - even security. With the ever-changing technology landscape, it’s hard for organizations and teams to keep up with securing Cloud and container environments, as doing so requires them to understand the latest technology prior to solving security problems.” In the wake of the Colonial Pipeline ransomware outbreak and other recent supply chain attacks, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released Kubernetes hardening guidance which includes various tips and best practices for securing Kubernetes. NSA & CISA Kubernetes Hardening Advice Scan containers and pods for vulnerabilities or misconfigurations. Run containers and pods with the least privileges possible. Use network separation to control the amount of damage a compromise can cause. Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality. Use strong authentication and authorization to limit user and administrator access and limit the attack surface. Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity. Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for, and security patches are applied. However, security researcher and DEFCON 29speaker Robert Graham doesn't necessarily think that hardening defenses is the best approach to protecting against ransomware and other persistent cyber threats. Graham explains, “The way you secure a bank is not by locking the front door; the bank has to be open for business and you have to have people come in. It's the same thing with networks.” He also believes that awareness is not enough without a comprehensive understanding of the threats organizations face and the security defenses required to combat them, stating, “So the approach to ransomware is that we're aware, but we're not actually aware of the details.” Guardian Digital , the open source email security company, also recognizes this growing issue, and has created a free toolkit to help businesses understand their email risk profile and how they can bolster their email security strategy to repel ransomware and other dangerous email-borne attacks in less than two minutes. Madhu Akula’s A Practical Approach to Breaking & Pwning Kubernetes Clusters Black Hat USA 2021 course covered multiple real-world security issues by showcasing hands-on labs for participants to teach and assess for security issues, misconfigurations and insecure defaults, going beyond basic attacks to privilege escalation, exploitation, lateral movement, persistence, defense evasion and many other advanced techniques. OSINT Powers Social Engineering Attacks & Security Awareness Training Designed to Combat Them OSINT (Open Source Intelligence) is the foundation on which all engagements are built. Without credible, actionable information, social engineering attacks designed to manipulate psychology can neither be developed nor performed effectively. All forms of social engineering, be it phishing, vishing, or impersonation, begin with information gathering in order to understand the target and tailor attacks that are meaningful and relevant enough to generate engagement. In a recent interview with LinuxSecurity for this article, Social-Engineer, LLC ChiefOperating Officer and instructor of the Black Hat USA 2021 course Practical OSINT for Social EngineersRyan MacDougall explained the importance of social engineering in modern cyberattacks, “Social engineering is the mechanism behind the great success of phishing, BEC, and other email threats. Without purposeful social engineering, attackers are just sending emails to targets that will likely be ignored. Real world attackers do not have to train their targets after an attack, so they can employ malicious and manipulative techniques to induce strong negative emotions in their targets, which leads to compromise.” He elaborates, “From the ethical social engineering standpoint, once you employ scientifically proven techniques to influence a target, that is where you construct the teachable moment to train employees to critically think about a possible attack while in the moment, and still preserve their dignity and integrity. Without the information obtained via OSINT that is required to build a realistic attack, there is no training that can be provided after the engagement.” Qualys Demonstrates CSAM & Zero Touch Patch Management Qualys is demonstrating Cybersecurity Asset Management (CSAM) to help users detect security gaps and respond to risk and Zero Touch Patch Management , which helps organizations to “proactively patch prioritized vulnerabilities with ‘intelligent’ automation – before attacks can exploit them,” the company asserts. At this year’s Black Hat USA event, the leading provider of disruptive cloud-based IT, security and compliance solutions, announced its collaboration with Red Hat to drive greater security for both the container and host operating system for Red Hat OpenShift. Built on the Qualys Cloud Platform, the solution seamlessly integrates with customers’ vulnerability management workflows, reporting and metrics to help reduce risk. Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS on Red Hat OpenShift helps customers: See the Full Inventory –Continuous visibility of installed software, open ports, and Red Hat Security Advisories (RHSA) for all Red Hat Enterprise Linux CoreOS nodes with comprehensive reporting. Manage Host Hygiene – Fully integrated on the Qualys Cloud Platform to automatically detect and manage host status related to patches and compliance adherence for known vulnerabilities. Easily Deploy to the Host - Simplified deployment via the Qualys Cloud Agent to secure the host operating system. This approach eliminates the need to modify the host, open ports, or manage credentials. Get Complete Coverage – Full coverage of Red Hat OpenShift and Qualys Container security delivers comprehensive visibility from the host operating system through to images and containers running on OpenShift. Sparrow Co. Introduces Two New AppSec Solutions Sparrow Co. introduced two new application security solutions at this year’s Black Hat USA conference — Sparrow Cloud and Sparrow SCA. Sparrow Cloud offers application security as a service by “performing static and dynamic analysis anytime and anywhere at minimum cost.” Sparrow SCA is an open-source management solution that “automatically identifies open-source software in use and detects security vulnerabilities in the source code and binary,” the company says. Atakama & Spirion Showcase a Joint Multi-Level File Encryption Solution Atakama and Spirion showcased a joint solution for classifying and protecting sensitive data through multi-factor file-level encryption at Black Hat USA 2021. The passwordless encryption solution is cross-compatible with all major OSes, and eliminates one of the biggest threats facing organizations today - data exfiltration. Atakama explains, “Each encrypted file receives its own unique AES encryption key with 256 bits, which is fragmented into components and distributed across multiple physical devices. The file is available only to authorized users, which they can unlock through a multi-factor approval process. By encryptingevery file with its own unique encryption key, Atakama renders a breach almost completely useless.” Optiv Security Launches a MXDR Service, Exabeam Unveils its XDR Alliance & SecureWorks Showcases its XDR Services Optiv Security launched a technology-independent Managed Extended Detection and Response (MXDR) service which the company states “enables clients to take rapid and decisive action against today’s most critical cyberattacks and strengthen their security posture.” Cloud-native logging and security analytics provider Devo has been a foundational partner in Optiv MXDR. Exabeam also unveiled its XDR Alliance at this year’s Black Hat USA event. The cybersecurity leader states that the alliance seeks to “foster an open approach to XDR (eXtended Detection and Response), which is essential to enable organizations everywhere to protect themselves against the growing number of cyberattacks, breaches, and intrusions.” Secureworks also showcased its innovation and expertise in the realm of cloud-bases XDR products and services at the conference. The MSSP showed how Taegis XDR, Taegis VDR and Threat Intelligence can help organizations reduce the risks and consequences of a breach. The leading cybersecurity provider also discussed a new Taegis XDR Adversary Software Coverage (ASC) tool, which the MSSP says “allows users to interactively explore how Secureworks Taegis XDR maps coverage and countermeasures to the tactics and techniques used by over 500 adversarial software types against the MITRE ATT&CK framework, including ATT&CK v9”. CrowdSec Wins a Black Unicorn Award as One of the Top 10 Cybersecurity Companies of the Year CrowdSec was named a winner for the Top 10 Cybersecurity Startups for 2021 at the Black Unicorn Awards for cybersecurity innovators, which are hosted by Cyber Defense Magazine and take place each year during the Black Hat USA conference. The judging panel announced, “We’re pleased to name CrowdSec as a Winner for the Top 10 Cybersecurity Startups for 2021among a small, elite group of startups in our third annual Black Unicorn awards.” On July 8, 2021, the CrowdSec team released CrowdSec v1.1.x - the latest version of their free and open-source cybersecurity solution designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent - with new packages and repositories, as well as improvements to to the CrowdSec agent itself. In a recent interview with LinuxSecurity, CrowdSec CEO and co-founder Philippe Humeau explains the company’s mission, “The goal is to leverage the power of the crowd to create a real-time IP reputation database. Ultimately, CrowdSec harnesses the power of the community to create an extremely accurate IP reputation system that benefits all its users. With its collaborative, transparent roots, Open Source has provided and continues to provide our team with the optimal framework to accomplish this mission”. DEF CON 29 Badge Embraces the New Normal DEF CON 29 was an event to remember, with its unique hybrid format due to the pandemic. Following this theme, the DC29 badge doubles as a practical tool for virtual attendees and an electronic puzzle for those who are able to bring a few of them together physically. On its own, the DC29 badge is a four-key RGB mechanical macro pad that connects to your computer over USB-C. Featuring highly configurable software, hot-swappable switches, and customizable keycaps, the DC29 badge is a surprisingly robust and flexible little macro pad. While a DC29 badge is quite useful on its own, it’s also designed to work in conjunction with other badges, as the edge connectors and silkscreen messages hint. Multiple badges can either snap together or be interlinked via USB cables, and they conveniently do not need to be tethered to the computer for power. DEF CON 29 attendees: Have you tried connecting your badge with others? If so, share a picture or a video of what happened when you did with us on Twitter - we’ll share it withour followers and give you a shoutout. Did you attend, showcase a product, or speak at Black Hat USA or DEF CON this year? We want to hear about your experience. Have a trend, highlight, or story from Black Hat USA 2021 or DEF CON 29 that was not covered in this article. Please share it with us on Twitter and we will share it with the community. Vendors and security experts: Don’t miss out on the opportunity to be featured in future LinuxSecurity articles and social media posts! Connect with us on Twitter and share your story. . Discover key trends from Black Hat USA 2021 and DEF CON 29, emphasizing cybersecurity innovations and practices.. black, year’s, events, disappoint. . Brittany Day
Aug 08, 2021
•
102
data protectioncybersecurity trendsnetwork threatIoT Cybersecurity: Protect Your Router With Open-Source Firmware
The Internet of Things (IoT) is rapidly growing, connecting more devices each day, making it a huge aspect of modern cyber security trends. It is projected that by 2025, the world will have an astounding 64 billion IoT devices. . IoT expansion offers significant benefits, including connected healthcare devices, which provide people with better insight into their health than ever before, and the implementation of smart lighting, which can reduce energy consumption and lower your electric bill. However, with this increased connectivity also comes increased digital risk, as malicious hackers and cybercriminals have more entry points and exploits in cybersecurity they can utilize to instigate attacks and cloud security breaches. Web crawlers like Shodan and BinaryEdge, which are intended to aid in security research, make it easy for threat actors to identify cyber security vulnerabilities in Internet systems in order to compromise a server and introduce it to a botnet. IoT introduces a few privacy concerns, as new Fraunhofer Institute for Communication (FKIE) research examined in this feature article reveals that your wireless router could very well be the biggest network security threat in your Linux system. These routers could be left exposed 24/7, leaving them susceptible to malware infections and other network security issues that could be the result of poor safety configurations and outdated policies. Luckily, there are various measures that Linux users can take to secure their wireless routers and protect their systems, such as a Linux firmware replacement. This article will explore the benefits of “flashing” your wireless router with alternative open-source firmware as well as introduce some great alternative firmware and single-purpose OSes to consider. What Are the Benefits of Open-Source Router Firmware on Data and Network Security? Using open-source firmware instead of stock router firmware is fundamental in securing your network against malware and other exploits in cybersecurity. Stock router firmware is limited in functionality, generally unreliable, and susceptible to dangerous cyber security vulnerabilities. Wireless router manufacturers frequently fail to utilize security patching to take care of critical flaws in the system, leaving devices exposed and defenseless. Conducting a firmware replacement can mitigate this risk. Alternative open-source firmware is vetted and tested by a vibrant global community to detect and eliminate network security threats like bugs and potential backdoors by implementing the latest cybersecurity trends. Open-source firmware provides exceptional security and product quality. Flashing the firmware in your wireless router also results in superior performance, network stability, and a wider range of advanced features, including VPN integration, bandwidth monitoring, VLAN Support, and Advanced Wireless Setups. While flashing your wireless router with open-source firmware can help mitigate network security issues posed within your system, firmware replacements do not make you immune to cyber security vulnerabilities. You should still integrate as many basic practices as possible to improve security posture, such as changing default passwords and keeping on top of firmware upgrades. Router Firmware Alternatives to Mitigate Network Security Threats Flashing wireless routers has become an increasingly common way to improve security posture, and fortunately, there is a wide selection of open-source router firmware alternatives available for users to consider. Each firmware alternative offers similar advantages but also contains a few unique characteristics that should be looked into based on your company's needs and priorities. Here are the five greatest options: DD-WRT DD-WRT is the most popular Linux-based alternative open-source firmware and is well-sui ted for a variety of wireless routers and embedded systems. The freely available firmware supports a wide range of functionality, including IPv6, DNS caching, and adblocking, and iseasy to manage. DD-WRT is a highly reliable firmware that often reduces the number of aggravating router connectivity issues that users would experience elsewhere. This is in part due to the fact that DD-WRT is a Linux-based program, and the transparency of its source code enables developers worldwide to collaborate in continually updating its code. Moreover, no corporation has the ability to modify the firmware to increase profits. DD-WRT is also highly customizable, providing users with increased control over their router so they can use the privacy-enhancing technology and security controls as needed. Other key benefits of flashing your WLAN router with DD-WRT firmware include increased power from your router through overclocking, improved Quality of Service (QoS), more insight into your router’s performance, faster connection speeds, and better VPN support. Learn how to install DD-WRT on your router in this detailed tutorial . What Makes DD-WRT So Great: Supports over 200 wireless routers and IoT devices Highly reliable and customizable Provides easy handling Supports all current WLAN standards Offers a wide range of advanced functionalities, including bandwidth management IPv6, DNS caching, and adblocking Improved VPN support and QoS Increased power from your router and faster connection speeds Helpful Resources: Explore DD-WRT and look at Supported Devices Learn how to install DD-WRT on your router in this informative YouTube video OpenWrt OpenWrt is a single-purpose Linux OS that focuses on embedded devices, most commonly wireless routers. OpenWrt provides a fully writable filesystem with package management rather than static firmware and is both stable and full-featured. Besides the fact that it is closely monitored by the open-source community, the OS keeps software components up-to-date, a task that is often neglected in the industry, resulting in serious network security issues. One of the most attractive features of OpenWrt is the levelof customization that it offers through the use of packages. For developers, OpenWrt provides the framework to build an application without having to develop a complete firmware around it. For users, the OS makes it possible to use IoT devices in ways that they may have previously written off as unthinkable. Another key benefit of flashing your router with OpenWrt is the ability to use its SSH server for SSH tunneling. By exposing the SSH server to the Internet, users can access it remotely and use SSH tunneling to securely access websites from public Wi-Fi. This feature also makes it possible to visit websites that can typically only be accessed in your home country while traveling abroad, demonstrating the software’s capabilities as privacy-enhancing technology. Finally, if you’re already using a router, why not have that same router also function as a server? OpenWrt makes it possible for a router to also function as a server, whether it is a web server, an IRC server, a BitTorrent tracker, or something else. What Makes OpenWrt So Great: Provides a fully writable filesystem with package management Offers a high level of customization through the use of packages Eliminates the need for application selection and configuration Enables developers to build applications without needing to build firmware around them Allows users to securely access websites over public Wi-Fi and abroad by using its SSH server for SSH tunneling Makes it possible to perform traffic-shaping and QoS on the packets traveling through a router, prioritizing certain types of traffic Offers increased stability and improved performance Helpful Resources: Explore OpenWrt and look at Supported Devices Connect with OpenWrt on Facebook Learn how to install OpenWrt on an x86 router in this brief YouTube video AdvancedTomato AdvancedTomato is a small, lean, open-source alternative firmware for Broadcom-based routers. The firmware features a user-friendly GUI, making it ideal for userswho have never flashed their router before. As its name suggests, AdvancedTomato offers a selection of advanced features, including QoS, a new bandwidth usage monitor, a wireless distribution system (WDS), wireless client modes, and increased P2P maximum connection limits. The firmware also provides users with the ability to run custom scripts, reprogram the SES/AOSS button, and perform a wireless site survey. What Makes AdvancedTomato So Great: Has a user-friendly GUI Offers new and improved features, including a bandwidth usage monitor, WDS, and wireless client modes Provides advanced QoS and password access restrictions Increases the P2P maximum connection limit Gives users the ability to run custom scripts, connect via Telnet/SSH, reprogram the SES/AOSS button, and perform a wireless site survey Configurable buttons and LEDs Helpful Resources: Explore AdvancedTomato and look at Supported Devices Learn how to install AdvancedTomato on your wireless router in this YouTube video . FreshTomato FreshTomato , a fork of the AdvancedTomato firmware, is another alternative open-source firmware for Broadcom-based routers. Like AdvancedTomato, this firmware offers a particularly user-friendly interface, making it another great option for inexperienced users. FreshTomato is ideal for privacy-conscious users - as protecting privacy online is where the firmware truly shines. FreshTomato features a built-in OpenVPN server and client, a built-in Tor client, and a built-in Ad-block. The firmware also provides bandwidth and IPTraffic monitoring and support for a selection of wireless modes, among a plethora of other useful features. FreshTomato version 2020.5, the latest stable version, was released on July 17, 2020. What Makes FreshTomato So Great: Offers built-in privacy-protecting features, including an OpenVPN server and client, a Tor client and an Ad-block The very user-friendly interface makes the firmware ideal for inexperienced users Provides IPTraffic andbandwidth monitoring Support for various wireless modes Advanced QoS is accompanied by the ability to configure labels for QoS classes Enabled SSH/Telnet protocols Helpful Resources: Explore FreshTomato and Supported Devices Install FreshTomato on a Linksys E1200 router in this informative YouTube video Gargoyle Gargoyle is a free open-source firmware upgrade for wireless routers based on the OpenWRT firmware. Like AdvancedTomato , Gargoyle is heralded for its ease of use and reliability. Gargoyle offers a multitude of benefits, including abilities such as monitoring bandwidth usage for every computer in your system, configuring a wireless bridge that connects two networks and blocks forbidden websites, and blocking everything except for a list of allowed addresses for security-conscious users. With Gargoyle, everyone can set quotas and throttles to ensure that data and network security are maintained through all resources, which are then allocated fairly. What Makes Gargoyle So Great: Reliable and easy to use Gives users the ability to monitor bandwidth usage for each computer in their system Simplifies configuring a wireless bridge between two networks Allows users to block forbidden websites or restrict access to only a list of allowed addresses if they wish to do so Quotas and throttles can be set to ensure that network resources are allocated fairly Helpful Resources: Explore Gargoyle and look at Supported Devices Use YouTube to install Gargoyle on a TP-Link TL-WR1043ND V2 router in three minutes Final Thoughts on Preventing Cybersecurity Vulnerabilities from Harming Your Router Recent security research has made it clear that router manufacturers are losing interest in implementing proper security measures, which is a terrible bout of security news to swallow. It is imperative that users assume responsibility for their data and network security through the wireless users they utilize. Dave Wreski, the founder of LinuxSecurity.com , provided some valuable insight on the topic of cybersecurity vulnerabilities, pulling knowledge from his expertise on open-source security and his experience working with wireless routers: “Engaging in general router security best practices such as keeping firmware updated, changing default passwords and doing adequate research prior to purchasing a router can help mitigate the risk that your wireless router poses to your system and protect your security and privacy online. That being said, flashing the likely-vulnerable stock firmware in your router with alternative open-source firmware is the single most effective way to secure your router against the prevalent and serious firmware vulnerabilities present in many leading wireless router brands.” . The growth of IoT devices brings challenges yet presents opportunities via collaborative software to safeguard systems against vulnerabilities.. IoT Security, Open Source Routers, Firmware Replacement, Network Safety. . Brittany Day
Aug 03, 2020
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More