Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
security researchprocess managementanti-debuggingAdvanced Anti-Debugging Techniques Using Self-Modifying Code
In our previous Hacker's Corner article, we covered some simple anti-debugging. Here, we will see some better techniques. . Self-Modifying Code Last time we tried to attach to own process, and used that as detection/prevention mechanism for debugging by someone else. Here, we will improve it by making it much harder to run code under debugger. This technique relies on using incorrect code, and patching it dynamically to make it correct. The patching part is done by same ptrace mechanism. Here, we have to ensure that our incorrect code should not kill the code. Instead we should be able to intercept the error, and then patch the code on the fly before re-attempting the execution. There are many ways to achieve this: 1. Raising a signal like SIGCONT 2. Forcibly triggering CPU fault (like illegal instruction fault) 3. Segmentation Fault 4. and many more... For sake of example, we will use an illegal syscall (that does not even exist) for our incorrect code. To ensure that we get a signal right before said code is called, we will raise SIGCONT, and capture that. The scheme goes something like this: Parent Process 1. Fork 2. Run protected function in child process 3. Wait for child process to change its status 4. Continue the process until it hits a syscall. 5. Check if syscall number matches to illegal syscall number used. 6. Change the syscall to correct one. 7. Let the process run. Go back to step 3. Child Process 1. Attach to self 2. Raise SIGCONT 3. Run the code which is using illegal syscall The syscall we are going to use is syscall number 10000, which is slightly modified version of **write** syscall: Original Syscall - Syscall number: 1 - RAX: 1 - RDI: File descriptor - RSI: Pointer to buffer - RDX: Number of bytes Our Syscall - Syscall number: 10000 - RAX: 10000 - RDI: Pointer to buffer - RSI: File descriptor - RDX: Number of bytes This means, patching the code is as simple as: 1. Put 1 in RAX 2. Swap RDI and RSI The complete code for this will looksomething like this: #include #include #include #include #include #include #include #define SYS_CUSTOM_write 10000 void print_custom(char *str) { syscall(SYS_CUSTOM_write, str, 1, strlen(str)); } void tracee() { ptrace(PTRACE_TRACEME, 0, 0, 0); raise(SIGCONT); std::cout
Jul 13, 2022
•
102
denial of serviceprocess managementattack preventionUnderstanding Fork Bombing Attacks: Mechanisms And Prevention
Thanks to Anand Jahagirdar for this feature! As the variety of attacks and threats grow, you need to be prepared. In this HOWTO, get a feeling for the Fork Bombing Attack, what it is, how it works, where it comes from, how to deal with it and more. . Fork Bombing: Eckie S. Fork bombing means invoking fork system call infinite times by one or more processes. It is also defined as Spawning nearly infinite processes by one or more user processes. E.g. Simple C Loop *: - while (1) fork (); It spawns infinite processes which in turn lead to fork bombing. Fork bombing attack is usually done by a non root user. For example, a non root user, as an attacker, sends infinite requests to the server for denial of service. Another example of fork bombing attack is a simple loop *: - main () {fork() main () ;} In this case main function calls itself recursively. This loop can make the system crawl. (* warning: - execute both the loop at your own risk). It . Fork bombing targets system resources by rapidly generating processes, causing severe performance issues and potentially crashing systems, disrupting user access. Fork Bombing, Denial of Service, Process Management. . Anthony Pell
Jun 08, 2010
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More