Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -2 articles for you...
102
social engineeringdns securitymalware preventionAI-Driven Cybersecurity Upgrades: 3 Strategic Uses
With the increasing pace and complexity of digital attacks, analysts are turning to AI threat detection to stretch IT resources and keep out cyber threats. No matter the size of a company's operations, AI-driven data analytics tools can provide threat intelligence and enable cybersecurity professionals to select appropriate protection measures. . Various industries have been using AI-powered cybersecurity strategies to: Protect employees from social engineering attacks Ensure network safety against DNS threats Prevent malware attacks In this article, we’ll discuss these three use cases to examine the impact of artificial intelligence on cybersecurity. 1. Protection From Social Engineering Attacks Today, social engineering comes in many shapes, and phishing attacks are always a problem. They could start with a weird-looking email that pops up on your company’s account. Maybe it’s a bad actor impersonating a partnered brand in an attempt to swindle information. Attackers could also try to get employees to click on a link to their malicious website. It mimics real login portals for entering sensitive information about clients or the business. The major problem with these types of attacks is that it can be hard to separate what’s genuine from what’s not. That’s where AI threat detection has an advantage: deep learning tools can analyze patterns to determine if an incoming message has hostile intent, and warn users before they click. In this way, AI security tools can shield businesses from phishing, spear phishing, and other social engineering attacks. Google is already using deep learning to protect its Gmail users from phishing attempts in the same manner. The search engine giant uses a combination of deep learning and computer vision to screen billions of image-based emails, like you’d do in a big data analytics project , and then quarantine possible threats. Deep learning is a more comprehensive approach to machine learning, in which an AI“brain” learns to solve problems on its own. Unlike basic machine learning, where algorithms learn only from labeled data, deep learning takes in large quantities of statistics. A deep neural network forms and evolves beyond examples to deal with new threats, unfamiliar to the system. So even if your business faces a new threat that the system hasn’t learned from yet, the algorithm should still be able to offer protection. If you were to receive spam or phishing emails, the DL neural network would block these emails from even getting into your company's networks. The criteria for social engineering blocking may flag down newly created domain messages and suspicious hard-to-read emails, among other metrics that cybersecurity analysts can fine-tune according to their needs. 2. DNS Threat Detection DNS is essentially the Internet’s directory. When we look up some of our favorite websites, we type in phrases or domain names such as espn.com or google.com. A DNS translates these website names into a language that devices can understand and work with, namely IP addresses. In a nutshell, the DNS enables movements between websites. Your company may be vulnerable to a DNS security threat in one of two ways. The first is a Distributed Denial-of-Service attack. During DDoS attacks , your DNS server is overloaded with so much traffic that it cannot attend to legitimate queries from real clients. The second type of DNS threat is an amplification attack. What happens here is that your client is directed to a knock-off version of the business website. Despite typing in the correct address, the compromise in the DNS means your clients land elsewhere and type in sensitive login details into this deceptive website. There are various ways to prevent DDoS attacks before they happen. Businesses can defend against DNS cyberattacks like these by identifying threats with AI-driven network monitoring. AI intrusion detection systems watch all network traffic as it flows in and out ofDNS servers. Then, it can separate legitimate website user requests from malicious requests meant to overwhelm the system. Financial institutions, an industry prone to DNS threats, are putting AI-driven DNS solutions to work with software that entails a database of previous cyber threats, and cross-checks all the DNS traffic against a checklist of what an attack would look like. When this software notices data anomalies that may indicate a DNS maneuver, it alerts human IT staff, who then take corrective action. They could deny the request, or even call up the client in the case of a pending transaction. 3. AI-Driven Malware Identification Relying on traditional antivirus packages means limited protection, because they are programmed to protect companies from known threats. Signature-based antivirus software isn’t much help when businesses are up against new malware signatures they cannot detect. An AI-powered antivirus software, on the other hand, protects your business from both the known and emerging varieties of malware. Adaptive antivirus technology runs on AI/ML frameworks . Instead of relying on a signature list to identify threats, AI-driven antivirus software uses an anomaly detection system. It doesn’t need to sync with known malware signatures because it monitors individual programs to detect suspicious behavior. So if a new type of malware has hijacked one of your workplace programs, like MS Office, the AI-powered antivirus will take note of the app’s unusual behavior. The program will then be singled out for a scan, and the threat is excavated from hiding and eliminated. Add AI Threat Detection to Your Cybersecurity Strategy There are many benefits to be gained from AI defensive measures. AI-powered antivirus software, DNS threat-detecting networks, and AI social engineering protection offer adaptability to new threats and faster detection and response times. Cybercriminals are leveraging new technologies to circumvent traditional digital securitystrategies and forcing Linux security systems to adapt. By incorporating AI threat detection into their networks, businesses can effectively counter emerging cyber threats. . Artificial intelligence is transforming cybersecurity by improving defenses against threats like ransomware and phishing through advanced AI algorithms for quick detection. AI Cybersecurity Solutions, Threat Protection Methods, Machine Learning in Security. Lerma. Andrew Kowal
Apr 25, 2026
•
102
dns securitynetwork defenselinux administrationImplementing ZTDNS Insights for Stronger Linux DNS Security
As a Linux administrator or security practitioner, you understand DNS's essential role in network security. Attacks and unauthorized access pose threats against DNS connections, so robust security protocols must be implemented to safeguard them. Zero-Trust DNS provides greater security, control, and flexibility over DNS traffic. . Security experts, like Bruce Schneier, have covered Microsoft’s plans to secure Windows DNS with Zero Trust , currently in private preview. However, if you’re a Linux user like me, you can still learn and benefit from Microsoft's work. While you’re not planning to switch to Windows anytime soon (I would hope!), let’s explore what you can learn from this initiative and practical measures you can take to improve DNS security. Understanding DNS & Its Importance Domain Name System (DNS) is an integral component of internet infrastructure that links domain names (such as example.com) with their associated IP addresses. Operating like a "phone book," DNS converts domain names into numerical IP addresses that network devices use for communication. DNS is a key component of network security by helping to detect potential threats or suspicious network activity. DNS logs and queries can aid in the identification of possible security risks, such as DNS spoofing or malware infections . Furthermore, DNS filtering services offer another layer of defense by blocking access to known malicious domains or providing protection against known phishing websites. Why Is DNS Vulnerable to Compromise? Despite its critical importance, DNS is vulnerable to compromise for the following reasons: DNS Cache Poisoning: Attackers can manipulate the DNS cache by exploiting vulnerabilities and injecting false information. By poisoning the DNS cache, attackers can redirect users to malicious sites or intercept communications. This can lead to phishing attacks or other cybercrime. DDoS attacks: DNS servers are susceptible to Distributed Denial-of-Service, or DDoS attacks ,which overwhelm them with massive traffic. This can cause service disruptions and make the DNS unavailable, preventing users from accessing websites. DNS Hijacking: Malicious actors may hijack DNS settings or compromise DNS servers to redirect users to malicious sites. This can be achieved through different techniques, such as DNS spoofing and DNS hijacking. The goal is to trick users into giving sensitive information or spreading malicious software. Lack of encryption: DNS queries and answers are sent in plaintext, which makes them vulnerable to interception and eavesdropping. Attackers can monitor DNS traffic to gather information on the websites users access, compromising their privacy and security. What Is ZTDNS & How Will Microsoft Use It to Improve DNS Security? Microsoft plans to enhance the security of Windows DNS with Zero Trust DNS (ZTDNS) , a recent initiative addressing long-standing security vulnerabilities associated with DNS (Domain Name System). DNS provides translation between human-readable domain names and numerical IP addresses but has long been vulnerable due to a lack of end-to-end encryption and potential malicious DNS servers. Until this point, prioritizing DNS security has typically forced admins to sacrifice visibility into network traffic. Admins have had to choose between unencrypted - and unprotected - DNS with monitoring capabilities or encrypted DNS that impedes monitoring and control. Integrating the Windows DNS engine and Windows Firewall directly into client devices, Microsoft’s ZTDNS seeks to help admins overcome this problem and achieve optimal security, visibility, and control simultaneously. How Does ZTDNS Work? ZTDNS blocks all outbound client device connections to IP addresses except protected DNS servers and necessary network services like DHCP and NDP. Any resolved IP addresses from the protected DNS servers will trigger exceptions in the firewall to allow outbound connections, effectively associating domain name resolutions withpermitted IP addresses. Optionally, administrators can use client certificates to enforce DNS resolution policies, enhancing security for remote or mobile device management. ZTDNS operates under the Zero-Trust Principle , which assumes all traffic is forbidden unless explicitly allowed. By default, it restricts outbound connections from other DNS servers except approved protective ones. ZTDNS doesn't introduce new network protocols but works seamlessly with either DNS over HTTPS (DoH) or TLS (DoT), offering significant security advantages network security while remaining compatible with both platforms. ZTDNS offers encrypted and authenticated connections between end-user clients and DNS servers, allowing administrators to securely limit the domains these servers can resolve. By integrating the Windows DNS engine with its filtering platform, ZTDNS provides organizations with an effective means to control and secure DNS traffic in Windows networks. Challenges & Considerations Although ZTDNS offers significant protection benefits, successful implementation may require extensive testing and organizational changes for optimal use. It is crucial to remember that ZTDNS is a DNS query encryption solution that reduces the visibility of DNS queries. However, this is compensated by providing endpoints with policy-enforced DNS solutions. Organizations must test their ZTDNS network configurations to ensure compatibility, functionality, and security. They will also need to adapt their operational and security practices. How Can Linux Users Improve DNS Security? While Linux users cannot directly benefit from Microsoft’s ZTDNS initiative, Microsoft’s recent efforts to lock down Windows DNS with ZTDNS underscores the importance of prioritizing robust DNS security regardless of the OS you use. To maximize DNS security in Linux environments, administrators can implement several best practices and practical measures: Implement DNSSEC (Domain Name System Security Extensions): DNSSEC addscryptographic signatures to DNS data to verify its authenticity and integrity, thus decreasing risks related to DNS spoofing and cache poisoning attacks. Use DNS Filtering: Deploy a DNS firewall or filtering solution to block access to malicious domains, block communication with known malicious IP addresses, and filter out any unauthorized DNS queries. Regular Patching and Updates: Ensure the DNS software and server remain up-to-date with the latest security patches to address vulnerabilities that attackers could exploit. Restrict Zone Transfers: Limit zone transfers to authorized DNS servers and networks to prevent unwarranted access to DNS data by attackers who can then conduct reconnaissance. Utilize DNS Logging and Monitoring: Enable DNS query logging and monitoring to detect abnormal or suspicious DNS activity, such as high volumes of failed or unusual queries that could signal an attack. Implement a Split DNS Architecture: Implementing a split DNS architecture will enable you to ensure internal DNS records do not appear on external networks, reducing attack surface area. Enable Response Rate Limiting (RRL): To prevent DNS amplification and DDoS attacks, configure RRL on DNS servers to limit how often they can answer identical queries. Strengthen Access Control and Authentication: Employ robust access control and authentication mechanisms to restrict access to DNS servers and ensure that only authorized personnel can modify DNS records or configurations. Regular Security Audits and Testing: Conduct regular security audits and vulnerability assessments on your DNS infrastructure to detect weaknesses or misconfigurations that attackers could exploit. Back-Up and Recovery Planning: Establish comprehensive backup and recovery procedures to safeguard DNS data in case of compromise or data loss. Implementing these best practices, Linux admins can significantly strengthen DNS security and reduce risks related to attacks or vulnerabilities involvingDNS-based attacks. Our Final Thoughts on the Importance of Linux DNS Security The critical importance of DNS security cannot be overlooked in any OS, and Microsoft's efforts to secure Windows DNS with Zero-Trust DNS (ZTDNS) demonstrate the tech giant’s recognition of this. Although Linux users cannot directly benefit from this initiative, there are practical measures and best practices they should engage in to strengthen DNS security in Linux environments, such as implementing DNSSEC, using DNS filtering, regular patching and updates, and conducting security audits. By prioritizing DNS security and following these practices, Linux admins can mitigate risks associated with DNS-based attacks and fortify their network infrastructure. . Linux administrators can boost DNS security by leveraging strategies from Microsoft’s Zero Trust DNS, covering DNSSEC, user education, and monitoring.. Linux Administration, ZTDNS, DNS Filters, Network Security Practices, Improving DNS Security. . Brittany Day
Jun 01, 2024
•
102
security researchcybersecuritydns securityRemembering Dan Kaminsky: DNS Security Pioneer and Cybersecurity Influencer
On Saturday, April 24th, 2021, the computer security world was shaken by the news of the sudden death of Dan Kaminsky , a renowned hacker best known for his contributions in the realm of DNS security. Kaminsky was 42 years old. . A regular speaker at prestigious cybersecurity conferences including DEFCON and Black Hat - both of whom have expressed their condolences on Twitter, Kaminsky is best known for his groundbreaking DNS cache-poisoning research that prompted an industry-wide movement to address a major Internet security weakness. Kaminsky is also credited with raising awareness of the severity of the 2005 SONY rootkit infections. In 2010, the Internet Corporation for Assigned Names and Numbers (ICANN) named Kaminsky as one of the Trusted Community Representatives for the DNSSEC root. A graduate of Santa Clara University with a Bachelor's degree in Operations and Management of Information Services, Kaminsky most recently served as co-founder and chief scientist at Human Security (formerly known as White Ops), an anti-fraud startup. There is now a move to see Kaminsky inducted into the Internet Hall of Fame, an accolade we feel he thoroughly deserves. On behalf of the cybersecurity community, we take this time to reflect on and celebrate Dan Kaminsky’s accomplishments and contributions in the field of computer security. He will be greatly missed, but his legacy will undoubtedly live on. . Honoring Dan Kaminsky, a pioneer in the realm of DNS protection and a major figure in the world of cybersecurity.. Dan Kaminsky, DNS Security, Infosec Legacy, Cybersecurity Research. . Brittany Day
Apr 26, 2021
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More