Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -1 articles for you...
102
security measuresmalwarephishingDISGOMOJI Spyware: Targeting Indian Government with Emoji Commands
DISGOMOJI malware represents an innovative development in cyber espionage tactics, particularly its refined approach to targeting government agencies in India. Originating from altering an open-source cybersecurity project previously known as discord-c2, its appearance reinforces an emerging trend of adapting and evolving existing tools into intricate cyberespionage campaigns.. DISGOMOJI's deployment is highly sophisticated. It employs Discord's widespread use to communicate command and control (C2) messages using emojis, effectively concealing malicious activities within seemingly innocent traffic and complicating efforts to detect and neutralize this threat. A recent analysis by cybersecurity firm Volexity reports that the DISGOMOJI malware appears to be targeting systems running the Linux distribution BOSS, which is widely utilized by Indian government entities. The attackers behind this initiative--identified by Pakistan-based threat actor UTA0137--is clearly intent on infiltrating and potentially breaching Indian government infrastructure. DISGOMOJI appears to gain entry through phishing attacks , an effective and common method for credential theft and malware delivery. What distinguishes DISGOMOJI is its persistent mechanism and use of emoji commands, like using a camera with the flash emoji to take screenshots or the Fox Emoji to zip all Firefox profiles on target devices. Such commands demonstrate its clever design and allow attackers to acquire sensitive data without leaving a trace on compromised systems. DISGOMOJI's open-source nature and adaptable design create a further risk; the malware can be adjusted and deployed against additional targets beyond India's government. Furthermore, its ability to bypass Discord's attempts at shutting down malicious servers by managing tokens to allow attackers to update client configuration easily demonstrates the difficulty of countering such an advanced threat. Additional Considerations The open-source nature of DISGOMOJI raises importantissues about the duality of publicly available cybersecurity tools and projects. While open-source projects provide great resources for research, education, and legitimate defensive purposes, they also serve as blueprints that could be modified maliciously. Linux administrators and cybersecurity professionals, particularly in industries vulnerable to being targeted by espionage-focused malware, should view DISGOMOJI as an illustration of cyberspace's ongoing arms race. This would emphasize the necessity for constant vigilance, education on emerging threat vectors, and implementation of multilayered security measures that detect and prevent such targeted threats. DISGOMOJI malware targeting Linux systems marks a striking change in cyber threats targeting these environments. While traditional malware relies on textual-based command and control (C2) mechanisms, DISGOMOJI's use of emoticons for command transmission through Discord is both novel and alarming - bypassing security systems designed to monitor more conventional indicators of compromise thereby creating new difficulties for detection and mitigation. How Does DISGOMOJI Compare with Other Linux Malware and Ransomware? To better assess this threat, it would be useful to compare DISGOMOJI against other significant malware threats like other significant Linux malware and ransomware such as DISGOMOJI that has appeared lately. When comparing them side-by-side, several aspects stand out: Method of Communication: Most Linux-targeting threats, like Ebury botnet, employ traditional botnet communication methods like IRC channels or HTTP-based C2 infrastructures for command and control (C2). But DISGOMOJI stands out by employing popular, legitimate services for C2, making its traffic harder to distinguish from benign communications. Targeting and Sophistication: Where Mirai uses brute-force attacks against IoT devices to create large botnets for DDoS purposes, DISGOMOJI appears more focused on espionage with targeted attacks against specificgovernment agencies - suggesting an even higher level of sophistication behind its operations that may include state actors. Stealth and Persistence: DISGOMOJI utilizes advanced stealth techniques, such as displaying a decoy PDF, to avoid detection while employing persistence mechanisms like cron jobs and XDG autostart entries, similar to those used by other sophisticated malware. This makes it more complex and more challenging for security analysts to detect and remove it, making it resistant to removal. How Concerned Should Linux and InfoSec Administrators Be? Linux and InfoSec administrators should view DISGOMOJI with great concern due to its unique C2 strategy, targeted nature, sophisticated deployment mechanisms, and sophisticated persistence mechanisms. Awareness and preparation can greatly reduce its threat; an understanding that Linux systems are susceptible to targeted attacks is paramount, so security posture adjustments must be made accordingly. mes Mitigation Strategies Administrators need to implement various mitigation strategies to protect themselves from threats such as DISGOMOJI: Enhance Monitoring and Detection : Employ advanced monitoring solutions capable of analyzing network traffic behavior and detecting anomalous patterns such as using legitimate services like Discord for potential C2 communications. Regular System and Patch Updates and Patching : Regular system and application updates help protect against vulnerabilities that could serve as entryways to infections, acting as initial infection vectors for hackers and cybercriminals. Phishing Awareness Training : Since DISGOMOJI utilizes phishing as the initial entryway into their network, training staff to identify and respond to any attempted phishing is an essential defense against infection. Segregation : By isolating critical networks and restricting access to essential services only, network segmentation helps contain any malware outbreaks should an infection arise. Application Whitelisting andRestricted Script Execution : Block any unapproved applications from running and restrict script execution capabilities to limit malware's ability to launch payload or establish persistence. Utilize Security Tools with Machine Learning Capabilities : For effective defense against new attack vectors, implement solutions that leverage machine learning for threat identification and blocking using behavioral analysis. This approach may be more successful in blocking threats with novel behaviors than traditional solutions. Improved Email Filtering : Email security measures must be strengthened with robust filtering rules to prevent phishing scams from succeeding. Discord Usage Policy : Organizations should implement policies to review and potentially restrict the use of Discord and similar platforms when necessary or monitor its usage on sensitive systems. Community Vigilance : As this open-source malware is spread widely through threat vectors, cybersecurity communities should remain vigilant in monitoring and sharing intelligence on variations of DISGOMOJI malware as a collective defense approach. While DISGOMOJI poses a substantial threat to Linux systems, increased awareness, advanced detection tools, and robust security practices can reduce its threat. . The ANIMALI malware employs groundbreaking methods to infiltrate IoT devices in corporations, using animal symbols to bypass security measures.. DISGOMOJI Malware, Linux Malware, Cyber Espionage Tools, Phishing Defense. . Dave Wreski
Jun 17, 2024
•
102
network securitycyber threatsopen-sourceMassive Phishing Campaign Targets Open-Source Repositories and Users
Researchers have identified that unknown threat actors uploaded about 144,294 phishing-related packages using open-source package repositories, including NPM, PyPi, and NuGet. Automation allowed for these large-scale attacks in network security that promoted fake apps, prize-winning surveys, gift cards, giveaways, and more. Hackers utilized naming schemes with similar features in the descriptions to host over 65,000 phishing pages across 90 domains. . A Massive Example of the Growing Phishing Problem Phishing exploits in cybersecurity impact the open-source software ecosystem by accounting for over 90% of today’s cyberattacks in network security, posing a threat to all users and organizations. The quantities for malicious package uploads are as follows: NuGet had 136,258, PyPI had 7,894, and NPM had 212 infections. The package descriptions contained phishing site URLs and urged users to click links for details about alleged gift card codes, applications, and hacking tools. Security professionals discerned that attackers were focusing on increasing the SEO of their phishing sites. Almost all of these sites request visitors to enter their email, username, and account passwords, causing victims to share sensitive data that hackers monetize for personal and financial gain. The system then initiates a series of redirects to survey sites, landing on legitimate e-commerce websites using affiliate links that generate revenue for the malicious actors. If victims made purchases on these sites while the referral codes were active, the threat actors would receive referral awards, making the safe website a distraction for this secondary exploitation scheme of stealing a victim’s login credentials. The Bottom Line Online repositories removed these phishing campaign packages from their sites, but NuGet unlisted them from search results, meaning they are still available but difficult to access. However, these automation methods for phishing raise concern for security professionals, who worry thatcybercriminals could reintroduce these network security threats easily and work quickly to harm data and network security once more. Linux security expert Dave Wreski advises, “To protect their digital security, users should always engage in cybersecurity best practices and remain vigilant when browsing package repositories.” Check out this IoC text file on GitHub for the complete list of URLs used in this campaign. Be sure to visit LinuxSecurity.com frequently and subscribe to our weekly newsletters to stay up-to-date on the latest security news and information impacting the open-source community! . This extensive operation pushed fraudulent applications, questionnaires, and vouchers to take advantage of individuals within public code repositories.. phishing campaign, open-source security, malicious packages, cybersecurity threats. . Brittany Day
Dec 15, 2022
•
102
malwaresecurity solutionsphishingGuardian Digital Email Solutions Against Phishing And Malware Threats
With email-related attacks becoming increasingly prevalent and serious, securing your business email accounts is more important than ever before. . With the wide selection of email security solutions that are currently available, selecting the best option may seem a bit overwhelming. If you are in the process of choosing a company to protect your email accounts from the latest and most serious threats, Guardian Digital , the open source email security company, hopes to make this choice a bit simpler by answering some frequently asked questions pertaining to email security and email-related attacks. Guardian Digital Answers Common Email Security Questions What components/characteristics should I look for when choosing an email security solution? How do these qualities make a solution effective at protecting against email-related threats? An effective email security solution recognizes that the email threat landscape is anything but stagnant, and that email-related threats are constantly evolving to become more targeted and sophisticated, making them increasingly difficult to detect. Technologies like Machine Learning, Big Data and heuristics techniques should be used to identify both new and known threats. It is crucial to choose an email security provider that adheres to the latest security standards, which include implementing the highest level of encryption to protect sensitive information from unauthorized parties. What are currently the most common and most serious email-related threats? How could these threats potentially affect my business? Phishing, malware, ransomware, and spam email are some of today’s most serious and most prevalent email-related threats. Phishing attacks can result in significant financial damage, and can be very difficult to detect and stop. Spam is another serious threat that impacts all email users, and can result in a significant decrease in worker productivity. Malware and ransomware attacks can have catastrophic consequences for organizations. SMBs are themost popular targets for ransomware attacks and 60% shut down within 6 months of an attack. (US National Cyber Security Alliance) Be Aware of Common Shortcomings in Anti-Phishing Defenses 40% of companies report that their email security falls short in protecting against phishing, and 13% have no system in place at all. What is a cloud email security solution and what role does it play in securing email accounts? A cloud email security solution is essential in protecting your email accounts from today’s dangerous array of email-related attacks and preventing data loss due to leakage of sensitive information. Guardian Digital EnGarde Cloud Email Security uses multi-layered detection and encryption to filter email and to secure private information from attackers and unauthorized parties. Guardian Digital’s cloud-based solution also provides additional email filtration that results in the highly accurate identification, quarantine and elimination of spam. What are the advantages of choosing Guardian Digital to secure my email accounts? Guardian Digital uses a purpose-built operating system that is designed to be highly secure, unlike many companies that take a “bolted-on” approach to security. The comprehensive, customizable security that Guardian Digital provides is multi-tiered and uses advanced security technologies coupled with expert, ongoing system management and support to protect your email from even the stealthiest attacks. For more information on Guardian Digital and the services we offer, please visit https://guardiandigital.com/ . If you have additional questions related to email security or email-related threats, please reach out to us on social media: Twitter | Facebook | LinkedIn . With the wide selection of email security solutions that are currently available, selecting the best. email-related, attacks, becoming, increasingly, prevalent, serious, securing, business, email. . Brittany Day
Jun 20, 2022
•
102
cyber threatsmalwareopen sourceWhy Open Source Email Security Solutions Are Essential for Your Safety
Is your solution doing enough to protect your users? This article helps you to decide. These days, the words “spam email” and “data breach” are commonplace. With an estimated 3.8 billion email users worldwide ( Radicati Group) , it is no surprise that scammers and cyber criminals frequently utilize email as a vector to carry out their attacks. Most email users are aware of this exploitation, and many have taken what they believe are the necessary measures to secure their email accounts. . It is a common belief that purchasing a spam filter or antivirus software eliminates the need for concern about email-related attacks. Sound familiar? Maybe you’ve taken additional measures and invested in a comprehensive email security gateway. If so, you have made a concerted effort to protect yourself from email-related harm and have likely reduced your chances of experiencing a successful attack. However, why stop there? There may be more you can do to mitigate your risk of being victimized by phishing, malware, BEC and other serious threats. From the software and technology that they are comprised of to the features they offer, email security solutions vary greatly in the protection they provide. Many email security gateways operate in a similar manner: identify and quarantine malicious email, thus preventing it from reaching the inbox. However, the technology used in this plays a significant role in determining accuracy and false-positives. These factors are critical when it comes to privacy and security. Open-source software is inherently more reliable and secure than proprietary alternatives due to the manner in which it is developed and reviewed. In regards to security, the accessibility of open source code enables developers and engineers around the world to view and critique open source projects. As a result, vulnerabilities and bugs are detected and fixed very rapidly. Email security solutions that are comprised of open-source software and that run on Linux are securefrom the ground up, as opposed to solutions that are made up of proprietary software and added security features, which often were not designed to work harmoniously. Thus, open-source email security solutions are innately secure by design . When evaluating an email security solution, it is imperative to consider the features it provides along with the technology it utilizes . Because email-related attacks have evolved to be highly advanced and difficult to detect, simply relying on a spam filter or an antivirus solution is not enough to keep you or your organization out of harm’s way. These features can be beneficial, but only if they are implemented as part of an advanced, comprehensive email security gateway. Many email security providers sell these features in an “a la carte” manner. While this does provide the customer with the freedom to select specific features and work within a budget, this approach fails to recognize the shortcomings of these features on their own. Furthermore, the products these companies offer often fall short of what open-source alternatives are able to provide in terms of security, efficacy and cost-effectiveness. Guardian Digital, the only open-source email security company, believes in a holistic, comprehensive approach toward securing email accounts. The EnGarde Email Security Gateway combines a myriad of advanced open-source features and technologies to provide complete, unrivaled protection in the midst of today’s scary and unpredictable digital threat landscape. EnGarde utilizes Big Data techniques, machine learning and advanced heuristics technologies, among many other state-of-the-art protective features, to identify both new and existing threats, including advanced persistent threats and zero-day exploits. The gateway rapidly and accurately identifies and quarantines malicious emails, ensuring that only safe and legitimate mail reaches the inbox. Moreover, the highest levels of encryption are used to prevent data loss. If you or yourbusiness prioritizes the safety of your information and, ultimately, your people, chances are you have taken measures to secure your email. The crucial question is: with both the prevalence and severity of email-related attacks on the rise, is your email really secure? . Open-source email security outshines traditional methods by offering flexibility, transparency, and cost-efficiency, empowering organizations to combat evolving threats effectively. Email Security, Open Source Solutions, Cyber Threats, Phishing Protection, Malware Prevention. . Brittany Day
Mar 05, 2019
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More