Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found 1 articles for you...
102
data breachsecurity techniquescontainer escapeBeyond the Sandbox: Container Escape Techniques Observed in Recent Research
Containers were sold on the promise of container isolation. Think of them like clean, separate rooms in a house where nothing leaks from one room to another. Most teams still operate on this assumption, believing that what happens inside a container stays there. . However, recent research from feeds like Packet Storm shows that these boundaries aren't as solid as we think. Often, a container "breaks" quietly. It isn't a loud crash; it’s just a single process stepping an inch outside its lane. When that happens, the "room" is no longer private. The cracks aren’t hypothetical. By looking at real-world activity rather than polished lab demos, we can see that attackers aren't usually doing anything revolutionary. They are simply finding small mistakes and chaining them together to walk right through the front door. The Reality of Container Escapes A container escape is exactly what it sounds like: a program running inside a container finds a way to reach out and grab control of the "host" (the main computer or server running the container). Once an attacker reaches the host, the game changes completely. The host can see everything: Other containers running on the same system. Secret passwords and keys (credentials). Network paths to other parts of the company. In real incidents, this "escape to host" step is often what turns a small, contained problem into a massive data breach that spreads across an entire network. How the Breakout Actually Happens There isn't one "magic" trick to escape a container. Instead, attackers use a series of small weaknesses. 1. Exploiting Container Runtime Security The runtime is the engine that starts and manages containers. When container runtime security is weak or the engine has a flaw, the container can "leak." A famous example is the Leaky Vessels set of vulnerabilities. Here, attackers used a simple trick involving "symlinks" (shortcuts to files) to fool the system into letting them touch files on the main host instead ofstaying inside their container. 2. Exploiting the Shared Kernel Containers are lightweight because they don't have their own "brain" or kernel; they share the host’s kernel. Think of it like the plumbing in an apartment building. Each unit is separate, but they all use the same pipes. If a pipe bursts in the basement, every unit is affected. The experts at Google Project Zero have documented how a single bug in this shared kernel can turn container access into full host access almost instantly. The Crypto Exchange Pivot In a real-world Unit 42 attack , attackers escaped a container, stole workload identities, and used them to move across the cloud. The container wasn’t the target, it was the entry point. Why These Attacks Still Work It is tempting to blame high-tech zero-day vulnerabilities, but the truth is more boring. Most escapes happen because of cloud misconfigurations. Common mistakes include: Privileged Containers : Giving a container "super-user" powers it doesn't need. Lazy Patching : Waiting too long to update software because "uptime" is more important than security. Excessive Permissions : Giving a container access to files or networks it will never actually use. The MITRE ATT&CK Containers Matrix maps out these exact techniques, showing that attackers simply use the doors we leave unlocked. What to Watch For You won't always see a warning light when an escape happens. Instead, look for these "smoke signals": Abnormal Mount Activity : If a container suddenly tries to access deep system files like /proc or /etc, it’s likely trying to find a way out. Suspicious System Calls : These show up early if you’re looking in the right place. A simple app doesn’t usually reach deep into the kernel, so when it starts asking for odd capabilities, that’s where things start to feel off. Network Behavior Shifts : A container that normally sticks to a database suddenly reaching out to an external IP is the kind ofdrift that lines up with compromise more often than misconfiguration. If you want to see how this gets weaponized, Exploit-DB is still one of the places people check for working code—the same payloads attackers lift and adapt to turn zero-day vulnerabilities into real access. A Pragmatic Way Forward This isn’t a panic situation. It’s cleanup, mostly, and a bit of discipline that tends to slip in fast-moving environments. Running privileged containers or using root access still shows up more than it should. It makes everything easier right up until it doesn't, handing over more control than most teams realize they've exposed. Patching runtimes quickly sounds obvious, but it’s where delays stack up. Updates sit and known issues stay reachable longer than they should, which is exactly the gap attackers look for. Keeping things simple does more than it sounds. If a container doesn’t need outbound access, cutting it off removes an entire class of problems. Conclusion: The Walls Are Not Solid Container isolation works well, but it isn't perfect. Container escapes are a real part of the modern tech landscape, not just a rare theory. Staying safe doesn't mean buying more expensive tools. It means changing how you think. If you assume the walls might leak, you’ll build better floors. Stay informed by tracking new threats and never assume the boundary will hold forever. . Recent insights reveal that container isolation boundaries are vulnerable, exposing systems to threats and breaches.. Container Security, Runtime Vulnerabilities, Cloud Misconfiguration, Cybersecurity Practices, Data Protection Strategies. . MaK Ulac
Apr 22, 2026
•
102
encryptionnetwork protectiondata breachCloud Security for SMBs: Data Protection from Threats and Breaches
About half of all small businesses use cloud-based hosting and infrastructure. Small- and Medium-Sized Businesses (SMBs) work with cloud security frameworks since the enterprise-grade technology is affordable and easy to use. However, there are still significant risks that users must consider when utilizing these services. . SMBs with cloud platforms face a one-in-three chance of experiencing a cloud security breach that can steal data , causing financial loss, reputational harm, and significant downtime. Therefore, SMBs must stay vigilant and prepared for any attacks in network security that head their way. This article will discuss how to integrate data and network security protocols that keep your information safe from a breach. How Can I Protect Cloud Storage? SMBs must harden any and all cloud data storage by enabling encryption across all cloud services within a server. Use the management interface to set up automated protection if the cloud security framework does not do so by default. Review your provider’s encryption policy and settings to ensure you have the ultimate security on your system, even if it seems unnecessary. Consider only implementing data storage providers that have encrypted connections for all data transfer functions to protect your business information during transport. Such a practice will prevent Man-in-the-Middle attacks in network security. Most commercial cloud storage providers offer this feature, and you should utilize it as an extra layer of protection. Here are a few encryption options major cloud storage providers have for users: Dropbox encrypts at-rest, stored files with the 256-bit Advanced Encryption Standard (AES). The software enforces SSL/TLS connections with 128-bit or higher AES encryption for all data transfer activities. Google Drive encrypts all files transferred to or from the platform with 256-bit AES encryption. Stored data also experiences this data and network security, and Google Drive allows optional client-sideencryption via the Google Workspace interface. Microsoft OneDrive encrypts both at-rest and in-transit data with 256-bit AES encryption. The cloud security framework recommends enabling client-side encryption on any iOS or Android devices that access the platform. Amazon S3 Storage encrypts all data automatically with the Amazon S3 managed keys (SSE-S3), which users can manage through their account console. Unfortunately, pre-existing data does not inherit these protections, so users must configure it manually. Protect in-transit data using SSL/TLS connections. How Can I Manage Credentials and Access Rights? SMBs must design their data access policies with the Principle of Least Privilege (POLP) in mind. The POLP ensures users have the minimum data access necessary to complete their jobs. This practice prevents internal attacks in network security from harming a company. Run a privilege review process at the end of each year to reassess access and determine how to proceed in the coming months. Choose a Single-Sign-On (SSO) provider to centralize user access credentials and broker access to multiple cloud services and platforms. Using SSO can make it easier to navigate across various servers with fewer passwords while also preventing unauthorized users from getting past administrators. How Can I Secure On-Site and Cloud VoIP Services? A Voice over Internet Protocol (VoIP) can benefit SMBs. Even though SMBs rarely experience VoIP attacks in network security, cybercriminals could harvest user credentials and instigate social engineering network security threats that could leave a company scrambling. Therefore, having VoIP in place is crucial. Most VoIP providers have strict password rules and 2-Factor Authentication protocols to keep your server safe. Some even offer SSO and encryption on their platform connections, regardless of the device on which you utilize the service. Asterisk open-source PBX software users can implement business-class firewall rules that permit onlyrequired ports to open to the Internet. Also, restrict extension access to only known internal subnets, disable unused channels, and enforce complex passwords as other data and network security protocols. How Can I Safeguard Remote and Hybrid Workers? SMBs can safeguard your data and communications with remote or hybrid security professionals and network security toolkits. A Virtual Private Network (VPN) can encrypt connections wherever a worker is to ensure no network security issues across the system. Companies should consider a Desktop-as-a-Service (DaaS) solution so remote workers have a business-controlled environment from where they can access apps and services while preventing cybersecurity vulnerabilities from flooding the server. Using DaaS makes it easier to enforce POLP access rules and cloud security policies that could be more difficult to maintain across independent hardware. How Can I Manage Bring-Your-Own-Device Policies? If an SMB permits remote workers to use their hardware, the company must develop Bring-Your-Own-Device (BYOD) policies to ensure no network security issues arise. Create minimum hardware and OS version standards so no cybersecurity vulnerabilities are prevalent on their software. Embrace a Mobile Device Management (MDM) solution to avoid managing too many devices. MDM helps SMBs set security policies on enrolled end-user devices that can keep sensitive data secure. For example, MDM can force-disable smartphone cameras and microphones when users access such information. Companies can also create device password and encryption standards, restrict Wi-Fi network access, and enable or disable data access based on where the user is working. Some businesses do not have enough devices to warrant an MDM solution, so endpoint security solutions can guarantee that no infections or malware threats enter your system. What Penetration Testing Options Are Available to My Business? SMBs should familiarize themselves with penetration testing options that can helpstrengthen the cloud security framework. Various open-source vulnerability scanners can help SMBs customize their servers to suit their needs. Consider Metasploit as a free, open-source option. Cloud security scanners can help businesses determine where to employ security patching before cybersecurity vulnerabilities permit a cybercriminal to instigate an attack. Perform complete penetration testing sweeps yearly to check for new security holes that could develop over time. Use cloud discovery technology to account for all cloud services and possible locations for attacks in network security. Close down any server your employees do not use to prevent threat actors from entering those unprotected systems. Final Thoughts on How to Improve Security Posture for SMBs SMBs have plenty to gain from installing cloud security frameworks that can implement procedures and best practices that keep their servers safe. Avoid cloud security breaches and other attacks in network security by following the various suggestions we provided in this article. Stop facing risks today and install cloud storage, employ security policies, and patch cybersecurity vulnerabilities before it is too late. . Small enterprises leveraging cloud technologies are experiencing approximately a 33% likelihood of data compromise; explore essential tactics to safeguard your information.. Cloud Security Framework, SMB Cybersecurity, Data Protection Strategies. . Duane Dunston
Nov 27, 2023
•
102
security advisorycriticaldata breachSquid: Critical Advisory For 9.8 Threats And DDoS Attacks
Security professionals have discovered various cybersecurity vulnerabilities in the popular Squid caching proxy. These network security issues include request and response smuggling in HTTP/1.1 and ICAP ( CVE-2023-46846 ), Distributed Denial of Service (DDoS) in HTTP Digest Authentication ( CVE-2023-46847 ), and DDoS in FTP ( CVE-2023-46848 ). . Let's review these vulnerabilities and how to boost data and network security to combat these risks. How Can These Cybersecurity Vulnerabilities Affect My Linux Systems? These bugs can compromise sensitive data, crash servers, and harm your company's reputation. CVE-2023-46846 and CVE-2023-46847 have a National Vulnerability Database base score of 9.8 out of 10 since they can lead to cloud security breaches and other system access instabilities and blockings. What Should I Do to Protect My Linux Systems? Squid plans to mitigate these dangerous cybersecurity vulnerabilities with recent critical updates that should reduce the threat landscape for users. Systems that face attacks in network security must go through immediate privacy sandboxing and security patching to prevent new issues from arising on a server. Apply Mageia , Oracle , SciLinux , and SUSE cybersecurity solutions to combat significant downtime, system compromise, and data theft. Stay on top of the latest cybersecurity trends, computer security news, and general updates by registering under our open-source cybersecurity projects and applications. If you are a LinuxSecurity user , subscribe to our Linux Advisory Watch security newsletter and customize your advisories based on your distro(s). Having these updates will keep you from falling behind on security patching and other network security issues that could make your system more susceptible to attacks in the future. Also, follow @LS_Advisories on Twitter for real-time updates . Recommended Reading Looking to learn more about the benefits and drawbacks of Linux proxy servers and how to set up a Squid proxy server? Ourrecent feature article, Everything You Need to Know About Linux Proxy Servers , provides an in-depth discussion of the topic. Have additional questions regarding how to improve security posture? Drop us a note so we can help you out! . Examine pivotal Squid weaknesses and discover methods to bolster information and network protection against potential threats.. Squid Proxy, Cybersecurity Threats, System Protection, Network Security Updates. . Brittany Day
Nov 13, 2023
•
102
network securitydata breachcybersecurity threatsImproving Enterprise Security Posture With ManageEngine Tools
Enterprise vulnerability management is vital to having a robust, proactive endpoint security strategy that enables organizations to identify and address data and network security issues before they lead to an attack or cloud security breach. This cyclical process involves identifying IT assets and correlating them with a continually updated vulnerability database to identify network security threats, misconfigurations, and bugs. Such management prioritizes the urgency and impact of each issue so your company can respond to critical cybersecurity vulnerabilities swiftly prior to exploitation. . Despite the value of establishing and maintaining vulnerability management tools to strengthen and improve security posture, too many organizations still fall short in obtaining such a service due to various challenges and roadblocks. Unfortunately, more businesses fall victim to breaches than ever before; in fact, global cyberattacks increased by 38% in 2022. In order to protect against cybersecurity vulnerabilities, enterprises need an end-to-end vulnerability management and compliance solution that provides 360-degree visibility into their security risk exposure and offers built-in remediation. In this article, we will discuss the obstacles businesses face when setting up their enterprise vulnerability management, the benefits of having this effective service, and how it can help defend against damaging cybersecurity threats and vulnerabilities. Why Are Vulnerability Management & Compliance Critical Challenges for the Enterprise? Despite the central role that vulnerability management holds in an effective endpoint security strategy, there are common roadblocks that organizations face that impede their ability to reliably identify and fix security risks and shortcomings. In most organizations, there are simply too many cybersecurity vulnerabilities across thousands of heterogeneous assets in distributed networks to be tracked manually, and not all of them pose an equal risk. With the window between networksecurity threats and hackers shrinking, organizations must be swift in their detection and remediation of such cybersecurity weaknesses. It is unrealistic for organizations to move forward without the assistance of an automated enterprise vulnerability management and compliance solution, as so few companies have the time, resources, and knowledge to be able to combat network security issues effectively on their own. Anandraj Paul, Head of Development and Endpoint Security at ManageEngine, states, “Many vulnerability management tools on the market offer patching through a third-party integration, but juggling multiple tools for vulnerability assessment and patch management results in a fragmented and inefficient workflow. Moreover, if an adversary does use a vulnerability to gain access to the network, they will exploit overlooked misconfigurations to laterally move and compromise other machines within the network. To prevent this, every loophole and software vulnerability must be addressed to minimize the attack surface and strengthen security." Linux Security expert and LinuxSecurity.com Founder Dave Wreski adds, “ While issuing vendor-published patches to affected machines is the ideal remediation option, having a fail-safe plan to fall back on in the case of unpatchable circumstances like end-of-life software and zero-day vulnerabilities is essential to preventing attacks and breaches.” Security Spotlight: How ManageEngine Vulnerability Manager Plus Meets Our Criteria for an Effective Vulnerability Management Solution ManageEngine Vulnerability Manager Plus is a multi-OS vulnerability management and compliance solution we love since it is an effective and efficient solution. It is an end-to-end vulnerability management tool delivering comprehensive coverage, continual visibility, rigorous assessment, and built-in remediation of cybersecurity threats and vulnerabilities, all from a single console, wherever your endpoints are located. Let’s take a closer look at what makes ManageEngineVulnerability Manager Plus a great option for organizations looking to improve security posture without sacrificing convenience. Cybersecurity Vulnerability Assessment With the plethora of network security issues that exist in OSes, third-party software, programs, and applications today, organizations need to be able to identify and prioritize real data and network security threats, as new vulnerabilities are identified every 90 minutes. ManageEngine Vulnerability Manager Plus enables organizations to assess and prioritize cybersecurity vulnerabilities based on exploitability, severity, age, affected system count, and the availability of the fix. ManageEngine’s cybersecurity vulnerability assessment tool regularly scans your network for weaknesses, delivers insights into risk, and helps close the vulnerability management loop instantly with direct remediation from the console. With ManageEngine, organizations can: Eliminate blind spots and keep track of assets. Gain extensive vulnerability coverage. Catch online and web application security vulnerabilities as they appear using continuous monitoring logs. Assess vulnerability risk and prioritize response. Enable cybersecurity vulnerability management to see critical network security issues at a glimpse with dashboard widgets (pictured below). Leverage built-in security patching to ensure swift and accurate remediation. Compliance Modern IT’s dynamic nature causes inevitable security gaps, as IT teams are forced to make constant changes to configurations, which can lead to newer systems and software being overlooked, leaving them with insecure setups. Poorly configured systems pave the way for malicious hackers and pose significant compliance risks by incurring hefty fines from regulatory bodies. The Center for Internet Security (CIS) benchmarks provide prescriptive guidance for establishing a secure baseline configuration for assets. However, the requirements are challenging to meet, monitor, and maintain without the helpof a solution like ManageEngine Vulnerability Manager Plus. ManageEngine’s CIS compliance feature helps accomplish and maintain data and network security as well as audit objectives, as over 75 CIS benchmarks regularly monitor your endpoints for all applicable CIS benchmarks, instantly detecting violations and suggesting detailed, corrective actions. The feature allows organizations to easily: Group policies. Map targets and schedule audits. Audit and improve compliance. Patch Management Once your cybersecurity vulnerabilities get identified and assessed, the next step is to utilize security patching to protect your company against damaging exploits in cybersecurity. In order to be effective, efficient, and secure, patch management must be carefully planned and orchestrated. If not, it can potentially cause more harm than the vulnerabilities it is supposed to address. ManageEngine Vulnerability Manager Plus has a built-in patching module that helps you customize, orchestrate, and automate complete patching so that the process is to your liking. The module gives organizations the ability to: Seamlessly patch a heterogeneous, multi-platform IT infrastructure. Test, approve, and decline patches. Automate patch deployment. Customize the patch management process with flexible deployment policies Security Configuration Management Zero-day cybersecurity vulnerabilities are inevitable. Without ensuring you have established and maintained ideal data and network security configurations in your endpoints, a single vulnerability could shake your organization to the core. Effective security configuration management tools involve continually detecting configuration drifts and misconfigurations across various components in your endpoints so you can focus on bringing them back into alignment. ManageEngine Vulnerability Manager Plus facilitates the entire cycle of security configuration management from a single interface, including detecting misconfigurations, categorizing andprofiling them, resolving them with built-in remediation, and reporting the final configuration posture. The solution’s capabilities verify that the data and network security of systems is enforced with complex passwords, least privileges, memory protection, and CIS and STIG security guideline compliance. Web Server Hardening Web servers are the point of contact between a business and its customers. Servers deliver web pages to clients upon request and host websites and web-based applications. Since a web server is an Internet-facing device, it can provide an entry point for attackers if not configured properly. In order to keep pace with industry demands, enterprises must constantly make changes to their server configurations, but making these changes manually often results in dangerous configuration drifts. ManageEngine Vulnerability Manager Plus continuously monitors your web servers for default and insecure configurations so it can display them in the console. With a vulnerability management tool, administrators and IT teams can identify servers whose communications are not secured via a Secure Sockets Layer (SSL) certificate. SSL certificates are valuable for ensuring data encryption and decryption to protect companies from unauthorized interception. ManageEngine Vulnerability Manager Plus provides a detailed description of the cause, impact, and remediation of each server misconfiguration. These critical insights can be used to help set up a secure server that is protected against attacks in network security, including URL manipulation attacks, input validation attacks, Denial of Service attacks, brute-force attacks, session hijacking, clickjacking, and source code disclosure, among other network security threats. High-Risk Software Audit The proliferation of different devices and software in recent years, especially post-pandemic, has inevitably put enterprises at risk of unsupported and unauthorized software, including end-of-life software, peer-to-peer software, and remote desktopsharing software. This software can compromise a corporate server with network security threats like information disclosure, malicious code injection, and unauthorized access, all of which can damage an organization's data network security and reputation. It is of critical importance to audit such high-risk software installed in network systems without administrators’ knowledge. With ManageEngine Vulnerability Manager Plus at your disposal, you can: Monitor your network endpoints continuously and detect end-of-life software, peer-to-peer software, and remote sharing tools present in them. Get details on the expiry date and the number of days before software in your network faces end-of-life. Obtain real-time information on the number of machines that are affected by this software. Eliminate this software with just a click of a button from the console. Zero-Day Vulnerability Mitigation Though we would all love to put an end to cybersecurity vulnerabilities once and for all with security patching, such a solution is not always realistic. In some cases, patches aren't available to fix flaws, mainly when they are zero-day vulnerabilities and other publicly disclosed network security threats. Luckily, ManageEngine Vulnerability Manager Plus can help organizations harden their systems and software against network security issues that have no patching options. This vulnerability management tool allows enterprises to: Leverage a dedicated view for zero-days. Deploy mitigation scripts. Stay up-to-date with the latest security patching opportunities. Get notified about zero-day patches. Keep track of OS and application end of life. With ManageEngine Vulnerability Manager Plus, you can stop waiting around for patches and deploy pre-built, tested scripts to secure your network with zero-day mitigation solutions. Beyond the Capabilities of Traditional Vulnerability Management Tools ManageEngine Vulnerability Manager Plus exceeds the capabilities of traditional vulnerabilitymanagement and compliance solutions in the following critical areas to provide stronger, more reliable protection against cybersecurity vulnerabilities: Executive reports : Review and improve security posture to make informed decisions with holistic reports. Antivirus Audits : Gain insight on antivirus protection across your network systems. Deployment Policies : Decide when to patch, what to patch, and how to patch. Role-Based Administration : Define roles and delegate tasks to technicians based on enterprise needs. Final Thoughts on Securing Your Organization Against Cybersecurity Vulnerabilities With the increase in cybercrime and the growing complexity of the modern IT infrastructure, a comprehensive, automated vulnerability management tool and strategy has never been more important for your enterprise. ManageEngine Vulnerability Manager Plus exceeds the capabilities of traditional vulnerability management solutions to improve security posture, increase visibility, and help businesses meet compliance standards. Anandraj Paul, Head of Development, Endpoint Security, ManageEngine, explains, "There's no silver bullet solution that renders your network impenetrable to cyber exploits. But by constantly reevaluating and strengthening the security stance of your network with Vulnerability Manager Plus, you stand a much better chance against detecting and thwarting cyber trespassers in your network." Ready to improve your vulnerability management and compliance strategy to ward off cyberattacks in network security and cloud security breaches? We encourage you to download ManageEngine Vulnerability Manager Plus and see for yourself why we recommend it so strongly! . Evaluating organizational vulnerability management strategies is vital for strengthening endpoint security and reducing the risk of data breaches effectively. Enterprise Security Management, Cyber Threat Mitigation, IT Compliance Strategies, Risk Assessment Tools, Endpoint Vulnerability Solutions. . Brittany Day
Mar 20, 2023
•
102
data breachmalware protectionsecurity best practicesExpert Insights on Email Security Amid Data Breaches: Best Practices
An Interview with Dave Wreski, CEO of Guardian Digital . BD: What were your thoughts when you learned that your email address had been pwned in a data breach? DW: I was discouraged, but not the least bit surprised when I was notified that my email account had been pwned in a data breach. These days, data breaches are ubiquitous and, unfortunately, somewhat unavoidable. In 2018 alone, there were 12,449 authentic breaches and leaks (Dark Reading). You can take all of the advisable precautions; however, chances are one of your email accounts will be compromised in a data breach or a data leak at some point. It is critical to recognize this and take measures to mitigate your risk and protect your privacy. BD: What role does email typically play in data breaches and data leaks and how can an effective email security solution prevent the compromise of email accounts and sensitive data? DW: Email is frequently involved in data breaches and data leaks because it is a popular vector for sending private information and conducting business affairs. This sensitive information could include email addresses, which could be used by threat actors to carry out future spear phishing or BEC attacks. An effective email security gateway accurately identifies and blocks malicious or fraudulent emails that could prompt users to share sensitive information or data, thus minimizing a person or an organization’s risk of experiencing data theft or data loss and the devastation that a successful attack can cause. BD: How can open-source software and open-source operating systems be leveraged in an email security solution to provide a level of security that exceeds what proprietary solutions offer? DW: The transparency, collaboration, and innovation encouraged by the open-source development model model result in software, operating systems and solutions that are inherently reliable and secure. Open-source code is available for experts from around the world to review and improve, leading to the rapid detection and eliminationof vulnerabilities and security bugs. Thus, open-source email security solutions are secure from the ground up and offer a higher level of security and protection than proprietary alternatives. Proprietary software is not available for the public to review, and email security solutions comprised of proprietary technology often consist of software created for a different purpose with incoherent security features added on. BD: What is your best advice in terms of both email security and email best practices for someone looking to minimize their risk of being affected by a data breach or an email-related attack? DW: First off, never open a suspicious email, link or attachment. Here are some other measures that I would recommend taking to help prevent your email account from being hacked: 1. Create a strong password that includes a variety of characters and NEVER share your password. 2. Try to minimize logging into your email from public places. Untrusted computers can have spyware or keylogging programs hidden on them, which can collect personal information. 3. Add two-step verification to your email address. A second step password is a random set of characters sent directly to your phone, laptop or tablet, which means that a hacker would need both your email password and your personal device to access your email account. 4. Frequently check your account activity to make sure that records match your own login history. That being said, email-related attacks have evolved to become highly sophisticated and deceptive and cyber criminals utilize advanced, complex social engineering tactics to trick their victims. This is why it is critical to invest in a comprehensive email security gateway that is designed to protect against both new and existing threats. To learn about EnGarde Email Security Gateway, an advanced open-source email security solution that outperforms proprietary alternatives in terms of security, reliability and resilience, visit https://guardiandigital.com/. Check if your email accounthas been pwned in a data breach here: https://haveibeenpwned.com/ Follow us on social media! Twitter: @gdlinux Facebook: Guardian Digital LinkedIn: Guardian Digital, Inc. . Delve into professional perspectives regarding email safeguarding, incidents of data compromise, and the advantages of utilizing open-source tools for enhanced security measures.. Email Security, Data Breach Prevention, Open-Source Solutions, Cyber Safety, Secure Email Practices. . Brittany Day
Mar 19, 2019
•
102
data breachdigital forensicsincident analysisHoneynet Forensic Challenge: Engage in Cybersecurity Analysis
David Dittrich, coordinator for the Forensic Challenge, outlines a contest that pits the best efforts by the blackhat community against anyone in the security community who wishes to accept it. . Every day, incident handlers across the globe are faced with compromised systems, running some set of unknown programs, providing some kind of unintended service to an intruder who has taken control of someone else's -- YOUR, or your client's, or customer's -- computers. To most, the response is a matter of "get it back online ASAP and be done with it." This usually leads to an inadequate and ineffective response, not even knowing what hit you, with a high probability of repeated compromise. Enter the Honeynet Project. One of the primary goals of the Honeynet Project is to find order in chaos by letting the attackers do their thing, and allowing the defenders to learn from the experience and improve. The latest challenge, inspired by the Honeynet Project's founder Lance Spitzner, is the Forensic Challenge. Only this time, we're opening it up to anyone who wants to join in. On the law enforcement side, they are hampered by a flood of incidents and a lack of good data. A victim trying to keep a system running or doing a "quickie" job of cleanup usually means incidents are underreported and inadequate handling of the evidence leads to no evidence, or tainted evidence. There has to be a better way to meet the needs of incident handlers and system administrators, as well as law enforcement, if Internet crime is going to be managed and not run amok. One possible answer is effective forensic analysis skills -- widespread knowledge of tools and techniques -- to preserve data, analyze it, and produce meaningful reports and damage estimates to your organization's management, to other incident response teams and system administrators, and to law enforcement. The Challenge The Forensic Challenge is an effort to allow incident handlers around the world to all look at the same data -- an imagereproduction of the same compromised system -- and to see who can dig the most out of that system and communicate what they've found in a concise manner. This is a nonscientific study of tools, techniques, and procedures applied to postcompromise incident handling. The challenge is to have fun, to solve a common real world problem, and for everyone to learn from the process. If what I've said already isn't enough to get you interested, Foundstone is generously offering copies of their extremely popular "Hacking Exposed" (Second Edition) book for the 20 best submissions. To get you started, here are the basic facts about the compromise. Please be aware that these are new images. This is not a system that the Honeynet Project has previously written about or discussed publically. (I.e., you won't get any hints from previous Honeynet papers.) The images were edited to anonymize the system. Only the hostname was modified. Everyone is using the same data, so any anomalies caused by this editing will be identical. You can find the "dd" format disc images at: The image files can be mounted on Linux systems using the loopback interface like this: # mkdir /t # mount -o ro,loop,nodev,noexec honeypot.hda8.dd /t # mount -o ro,loop,nodev,noexec honeypot.hda1.dd /t/boot [ etc... ] Its now your job -- should you choose to accept it! -- to figure out the Who, What, Where, When, How, and maybe even the Why of this compromise. We don't expect that everyone undertaking the challenge can or will address all of the following items, but the list below of questions and deliverables is provided as a guideline for what to produce and what to focus on. To summarize (and standardize) the deliverables, please produce the following: File Contents --------------------------------------------------------------------- index.txt Index of files/directories submitted (including any not listed below) timestamp.txt Timestamp of MD5 checksums of all files listed and submitted (dating when produced -- see deadline information below) costs.txt Incident cost-estimate evidence.txt Time line and detailed (technical) analysis. (Use an Appendix, and/or mark answers to questions above with "[Q1]", etc.) summary.txt Management and media (non-technical) summary advisory.txt Advisory for consumption by other system administrators and incident handlers within your organization files.tar Any other files produced during analysis and/or excerpts (e.g., strings output or dissassembly listings) from files on the compromised file system, which are referenced in the previous files The Rules You are free to use any tools or techniques that you choose, provided that the judges are able to readily interpret your results and duplicate or verify their accuracy using publicly available means (i.e., don't expect us all to have a copy of your favorite "Law Enforcement Only" or multi-hundred dollar commercial Windows-only tool). A good publicly available free forensic toolkit is Dan Farmer and Wietse Venema's The Coroner's Toolkit (TCT) . If you want examples of the use of TCT, or other tools/techniques, see the Forensics section of the following web page: No matter what tools/methods you choose, please make sure you explain them in your analysis and cite references to resources (e.g., RFCs, CERT or SANS "how to" documents) to help others learn by example. Don't forget: this is a Honeynet Project brainchild, so learning is what it's all about. And fun. It's all about learning and fun. Oh yeah, and security. Learning, fun, AND security. ;) You maywork in as a team, but if your entry is selected as a Top 20, you'll have to fight over one copy of the book. Deliver the results of the analysis in such a way that the judges can quickly and easily consume the information, and such that its authenticity, time of production, and integrity can be verified independently. (e.g., ISO 9660 CD-ROM or .tar archive, with digital time stamps, and PGP signatures and/or MD5 checksums.) Please DO NOT SEND COPIES OF COMPLETE FILES FROM THE FILE SYSTEM. We already have a copy of the file system and its contents. Just note the path (e.g., "[See file /bin/foo]"). All submissions MUST be time stamped prior to 00:00 GMT on Monday, February 19, 2001, and delivery to the judges initiated later that same day. (This is to accommodate submissions on IS0 9660 format CD-ROM, which should be postmarked by this time. The digital time stamps and postmarks will be used to determine the 20 "Hacking Exposed" book winners.) One free digital time stamping service you can use is Stamper . All submissions should be sent (or shipping address arranged, if CD-ROMs are being produced) to
Jan 15, 2001
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More