Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -2 articles for you...
102
security advisorydenial of servicecriticalApache HTTP Server 2.4.64 security patch: major threats resolved and risks
Apache HTTP Server 2.4.64 is here, and it’s carrying quite a load of security fixes that Linux admins absolutely need to pay attention to. Whether your Apache deployment is running simple HTTP workloads or juggling SSL/TLS-heavy configurations, let’s be clear—if you're on anything between 2.4.0 and 2.4.63, your system just got a target painted on it. . This article isn’t about convincing you to upgrade. It’s about understanding why not upgrading isn’t really an option. There’s a reason 2.4.64 is making waves: some of the vulnerabilities fixed in this release carry serious implications, spanning everything from denial-of-service (DoS) attacks to session hijacking and beyond. If you’re responsible for production web servers, read on. We'll cover what’s lurking in previous versions, who’s at risk, and how to tighten your configuration for maximum security in the face of these threats. Why Does This Release Matter? Let’s jump directly into why Apache HTTP Server 2.4.64 should matter to anyone running Linux-based servers. The update is tackling vulnerabilities that have persisted across various configurations—HTTP/2, mod_ssl, mod_proxy, header manipulation—the list goes on. It’s not just one bad bug; it’s a collection of exploits that, if left unpatched, give attackers tools for information disclosure, unauthorized access, session hijacking, and even proxy abuse. Take CVE-2024-42516 , for example—HTTP response splitting flaws have plagued web servers for years. Attackers who can control headers like Content-Type might manipulate HTTP responses, inject malicious code into your web pages, or poison your cache. Now, imagine this mixed with web applications that rely too heavily on dynamic headers. It’s an injection attack waiting to happen. And then there’s CVE-2025-53020 , where HTTP/2 processing mishandles memory management. Anyone running HTTP/2 workloads could see their server go down under the weight of a DoS attack. This isn't an obscure side case—itaffects Apache versions as far back as 2.4.17. But those are just two examples. Vulnerabilities related to Server-Side Request Forgery (SSRF), TLS session resumption, unescaped SSL error logs—you name it, 2.4.64 patched it. If you’re still lingering on 2.4.63 (or earlier), understand this: these flaws don’t stay theoretical for long. Exploits evolve fast, and real-world attackers don’t care if you’ve been busy balancing VM migrations or troubleshooting Kubernetes deployments. Understanding The Specific Risks: Who's in the Crosshairs? The severity of these vulnerabilities depends heavily upon your Apache configuration. Some setups are more exposed than others: mod_ssl-heavy deployments: If your server relies on SSL for critical workloads, CVE-2025-23048 and CVE-2024-47252 hit close to home. Poor logging practices or misconfigured TLS options can open doors to attackers manipulating error logs or bypassing virtual host access controls. HTTP/2 users: Servers running HTTP/2 backends are particularly susceptible to memory-related abuse ( CVE-2025-53020 ) and assertion failures ( CVE-2025-49630 ). Both vulnerabilities translate directly into DoS risks. Windows-based Apache setups: Windows admins, especially those using mod_rewrite or mod_headers with UNC paths, are staring down CVE-2024-43394 —a clever SSRF exploit with NTLM authentication leaks. Yes, this is a Linux-centric article, but mixed environments are increasingly common, and someone on your team is likely babysitting Apache on Windows. They need this update, too. Proxy configurations: Misuses of mod_proxy (e.g., interactions with mod_headers, ProxyPreserveHost settings) amplify potential risks tied to outbound traffic and desynchronization attacks. And let’s be honest. Default configurations are rarely ideal, especially when managing directives like SSLEngine optional, which the Apache team outright deprecated for security reasons this time around. If your setup hasn’t been revised in a while,you could inadvertently amplify your server’s exposure. What Happens If You Don’t Update? Let’s talk consequences. Here’s a snapshot of what happens if you skip or delay upgrading to 2.4.64: Denial of Service (DoS) Improper handling of HTTP/2 traffic or proxy modules could choke server resources. Imagine your infrastructure grinding to a halt just because someone dumped deliberately malformed requests into your pipeline. Sensitive Data Exposure Vulnerabilities like unescaped data in SSL logs (CVE-2024-47252) can deliver error log entries into the hands of malicious actors. Combine this with access control bypass issues (CVE-2025-23048), and your server might unintentionally hand out details about backend systems or client certificates. Exploitation of Business Logic Attackers leveraging response-splitting flaws (CVE-2024-42516) could hijack session tokens or execute JavaScript payloads to compromise web applications and backend systems. The cascade effect damages more than just your server; it hurts your users and business reputation. The point is, failing to upgrade doesn’t just weaken your server. It makes you an active participant in enabling attacks, whether it's by becoming part of an aggressive botnet or inadvertently leaking session-level credentials. Practical Steps to Secure Your Apache Deployment Alright, now that we’ve established the stakes, here’s what admins should do to stay ahead of threats: Upgrade First, Audit After: Move to version 2.4.64 as soon as possible, then evaluate your configuration. Look at directives like ProxyPreserveHost, wildcard SSL certificate usage, and obscure legacy settings that might conflict with updated security practices. Prioritize SSLStrictSNIVHostCheck: This is a critical directive for setups with multiple virtual hosts. Enabling it ensures trusted certificates never bleed between domains. If you’re unsure whether this applies to your hosts, test it manually—this isn’t the time for guesswork. Eliminate Vulnerable Features: The Apache team highlighted inherent risks with SSLEngine optional settings. If you use legacy TLS configurations, it’s time to cut them loose entirely rather than relying on half-patched solutions. Harden Proxy Configurations: If your workloads involve mod_proxy, restrict access to only required endpoints. Test SSRF-resilience by probing setups with direct outbound requests, especially on larger multi-domain deployments. Monitor Logs and Alerts: Vulnerabilities patched in mod_ssl and error log escaping remind us how valuable robust monitoring systems are. Tools like tail, regex, or centralized logging solutions should flag anomalies before attackers can exploit them further. Wrapping It All Up: What Makes Updating to Apache HTTP Server 2.4.64 So Critical? Apache HTTP Server 2.4.64 isn’t just another step in the ongoing march of updates; it’s a release that deserves immediate attention from Linux admins and security professionals alike. With eight CVEs addressed—including vulnerabilities that span HTTP response handling, proxy configurations, and memory management—the risks for unpatched servers are anything but trivial. The complexities of modern infrastructure demand proactive attention to security. Whether you’re responsible for a single VM or a sprawling hosting ecosystem, failing to act on this update is a gamble with stakes far too high. Review your configurations, upgrade promptly, and build a habit of monitoring LinuxSecurity advisories —you’re not just maintaining servers; you’re defending everything they stand for. Remember, as an admin, you’re the linchpin for keeping systems functional and secure. Make this patch a top priority! . Learn the critical reasons why upgrading Apache HTTP Server 2.4.64 is essential for Linux admins facing multiple risks.. apache, server, carrying, quite, security, fixes, linux. . Brittany Day
Jul 12, 2025
•
102
security advisorysoftware updatesecurity enhancementsOpenwall: LKRG 0.9.0 Release: Major Changes And Security Fixes
Openwall recently announced the release of LKRG (Linux Kernel Runtime Guard) 0.9.0, featuring a host of major changes and improvements, as well as fixes for multiple security bugs. LKRG is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. . In an email sent to the LKRG Users List announcing the release of LKRG 0.9.0, Openwall Founder Alexander Peslyak (known by many as “Solar Designer” ) outlines the major changes that have been made between LKRG 0.8.1 and 0.9.0, and explains the significance of these updates: *) Support new mainline kernel versions 5.8 to 5.12 (inclusive) and new stable kernels 5.4.87+ (which include some back-ports from 5.8+) *) Support new RHEL kernels up to RHEL 8.4's (inclusive) *) Support building LKRG in the kernel tree (not only as a standalone module), as a module or linking into the kernel image (see scripts/copy-builtin.sh) *) Support CONFIG_FUNCTION_TRACER with or without CONFIG_DYNAMIC_FTRACE *) Support various CONFIG_OPTPROBES configurations *) Support loading overlayfs[2] after LKRG (e.g., by Docker; previously, the overlayfs[2] module had to be loaded before LKRG for Docker to work) *) "Support" CONFIG_GCC_PLUGIN_RANDSTRUCT (don't monitor SELinux if enabled) *) Explicitly do not support RT kernels *) Fix support for 32-bit x86 (was unintentionally broken in LKRG for ages, but could mostly work on many pre-5.7 kernel and LKRG builds by "luck") *) Fix detection of process user/group ID corruption to cover any unexpected changes (previously, only numerically lower new IDs, as exploits normally use, would be detected - a limitation left over from early LKRG testing) *) Fix logging of WP/SMEP/SMAP violations on systems with SMAP in the "log and accept" mode (previously, one such violation could mute logging of others) *) Add detection of ADDR_LIMIT corruption attacks *) Remove validation of waking-up tasks (drop pint_validate=2) *) Replace execve(2) hooks (instead hook security_bprm_committing_creds and security_bprm_committed_creds, which shortens the race window for exploits) *) Replace ptrace(2) hooks (instead hook security_ptrace_access) *) Simplify UMH blocking and make it compatible with CPA-protected pages *) Simplify and speed up do_exit hook (no need to validate a dying process) *) Many other changes under the hood to make LKRG easier to maintain and debug *) Integrate LKRG with out-of-tree (a tool to assist kernel module testing) *) Integrate LKRG with mkosi (systemd's tool for generating a test boot image) *) Continuous Integration setup: boot tests on GitHub Actions using mkosi (with Ubuntu's release kernels and their daily builds of mainline kernels) As you can see, we had to make changes to support Linux kernels newer than those available at the time of previous release. Almost every major kernel release, and some back-ports too, broke compatibility with LKRG. Since we did not make new LKRG releases, people with those newer kernels were advised (on the LKRG homepage and otherwise) to use our latest code off GitHub, which we tried to keep in a stable state (lately in part through use of Continuous Integration). We also preserved support for all of the old kernels we supported previously (RHEL7, etc.) LKRG 0.8.1 was already smaller than 0.8, and with 0.9 the LKRG source code became a bit smaller again (at least in terms of line count) due to the simplifications we made, despite of significant additions: $ git diff --shortstat v0.8.1..v0.9.0 126 files changed, 3919 insertions(+), 4375 deletions(-) Also, perhaps in part due to our move to GitHub, we started to receive more direct contributions to LKRG development (GitHub pull requests). The fulllist of direct contributors to this release is: $ git shortlog -sn v0.8.1..v0.9.0 67 Adam 'pi3' Zabrocki 15 Solar Designer 12 Mariusz Zaborski 7 Vladimir D. Seleznev 5 0xC0ncord 5 RageLtMan 5 Vitaly Chikunov 2 F0x1fy 1 William 1 disrupttheflow I'd like to specifically highlight the contribution of support for building LKRG in-tree (scripts/copy-builtin.sh and related testing) by RageLtMan and the contribution of mkosi integration and Continuous Integration setup by Vitaly Chikunov. I'd also like to highlight Mikhail Klementev's offer to use his out-of-tree framework, which Adam eventually added the integration for. The announcement also mentions various Linux kernel issues that LKRG principal developer Adam 'pi3' Zabrocki discovered in the development and testing of LKRG: During LKRG development and testing I've found 7 Linux kernel bugs, 4 of them have CVE numbers (however, 1 CVE number covers 2 bugs): CVE-2021-3411 - Linux kernel: broken KRETPROBES and OPTIMIZER CVE-2020-27825 - Linux kernel: Use-After-Free in the ftrace ring buffer resizing logic due to a race condition CVE-2020-25220 - Linux kernel Use-After-Free in backported patch for CVE-2020-14356 (affected kernels: 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140) CVE-2020-14356 - Linux kernel Use-After-Free in cgroup BPF component (affected kernels: since 4.5+ up to 5.7.10) I've also found 2 other issues related to the ftrace UAF bug (CVE-2020-27825): - Deadlock issue which was not really addressed and devs said they will take a look and there are not many updates on that. - Problem with the code related to hwlatdkernel thread - it is incorrectly synchronizing with launcher / killer of it. You can have WARN in kernels all the time. CVE-2021-3411 refers to 2 different type of bugs: - Broken KRETPROBE (recently reported) - Incompatibility of KPROBE optimizer with the latest changes in the linker. Additionally, I've also found a bug with the kernel signal handling in dying process: CVE-2020-12826 - Linux kernel prior to 5.6.5 does not sufficiently restrict exit signals However, I don't remember if I found it during my work related to LKRG so I'm not counting it here (otherwise it would be total 8 bugs while 5 of them would have CVE). That's pretty bad stats... However, it might be an interesting story to say during LKRG announcement of the new version. It could be also interesting talk for a conference. The kretprobes and ftrace issues here are of questionable security relevance (this functionality is not exposed for attack under most reasonable threat models), but all of these are interesting bugs. Peslyak welcomes any feedback on this release. In a recent email exchange with LinuxSecurity.com security researchers, Peslyak summarizes the main benefits that LKRG offers users, “LKRG offers best-effort protection against kernel vulnerability exploits with little effort on behalf of the user - no need to configure a policy, etc. - making it especially beneficial for systems that are not expected to be consistently kept up-to-date.” You can download LKRG 0.9.0 lkrg . Are you using LKRG to help secure your Linux system? Have you downloaded LKRG 0.9.0? What are your thoughts? We want to hear! Connect with us on social media: Twitter | Facebook . Openwall unveils LKRG 0.9.0, featuring major updates and essential security patches aimed at bolstering kernel security and overall integrity.. LKRG, Runtime Integrity Guard, Openwall, Linux Kernel, SecurityImprovements. . Brittany Day
Apr 19, 2021
•
102
cyber threatscyber crimesecurity issuesExploring Teenage Hackers: Culture, Ethics, And Cybersecurity Challenges
Dan Verton, the author of The Hacker Diaries: Confessions of Teenage Hackers is a former intelligence officer in the U.S. Marine Corps who currently writes for Computerworld and CNN.com , covering national cyber-security issues and critical infrastructure protection. . ...With every technology there are unintended consequences. And in the case of computer technology, the unintended consequence was that inherently bad people could use the new technology to do bad things." - Dan Verton, author of The Hacker Diaries Hacker headliners over the years Hackers deface Air Force Web site, Computer World Teenager admits $100,000 credit card rip-off, Associated Press Ontario boy, 14, charged as hacker for breaking into more than 500 sites in less than a year, Vancouver Sun Thousands of passwords accessed by cyber prowler, Associated Press FBI mounts big crackdown on small-town teens, ZDNet News FBI on offensive in "cyber war," raiding hackers' homes, CNN Five arrested for hacking into high school system, Flagler Palm Coast News Tribune Fed ID hacker who allegedly stole more than 485K credit card numbers, Computer World Hackers, not terrorists, major concern, InternetWeek Internet survives massive DDoS attack, eWeek Who are they? They make international headlines for all the wrong reasons and everyday we read about the increasingly large-scale havoc they cause: the hacking into corporate computer systems, the theft of credit card numbers, and the defacement of Web sites with vulgar, disturbing and sometimes hate-filled messages. But still - teenage hackers - who are they? Social misfits? Loners? Pimpled face geeks? Dangerous and deceptive brainiac-villains? That is in fact the public's perception and how the media stereotype them. Yet real teenage hacker culture is a patchwork of different personalities, backgrounds, motivations and experiences. In other words, there is no one picture of the average teenage hacker. Dan Verton, the author of The HackerDiaries: Confessions of Teenage Hackers is a former intelligence officer in the U.S. Marine Corps who currently writes for Computerworld and CNN.com , covering national cyber-security issues and critical infrastructure protection. For his Hacker Diaries , he interviewed well over a dozen real life hackers and explored beyond the myths and stereotypes surrounding these teenagers. He describes many of them as being the kids bagging your groceries at the supermarket; working in the community service on the weekends; playing in the school orchestra or singing in the choir; struggling with their grades in math, science and English; getting good grades and planning for a bright future; hanging out with their friends after school and sometimes getting into trouble; and almost always feeding their obsession with computers and the Internet late at night. A far contrast to the monsters we read about. How did they originate? What's their purpose? The hacking scene today consistently seems to becoming more about mischief, crime, status, money, media attention...and destruction. . Trends that are at odds with the essence of the hacking culture; the original role that hackers saw themselves play. In the beginning, according to Verton, hacker explorers were rarely prosecuted because nobody had any idea about what was legal and what wasn't. At the same time, most hackers back then were into hacking as a means to explore and discover, and enable information sharing. "The first hackers were the pioneers of the computer revolution and the Internet," explains Verton. "They were in it for one thing: pursuit of legitimate scientific knowledge and the betterment of mankind through science, knowledge etc.... The programming shortcuts that they invented to make large mainframe computers run faster and more efficiently became known as "hacks" and the programmers of those shortcuts as "hackers." But with every technology there are unintended consequences. And in the case of computer technology, the unintendedconsequence was that inherently bad people could use the new technology to do bad things." The massive distributed-denial-of-service attacks against Yahoo! , ZDNet , EBay , CNN and Amazon are of the many examples that assert this. The series of attacks occurred early 2000; the first victim - Yahoo! , one of the Web's biggest information portals and e-commerce sites, was crippled enough to go offline. It involved their network (or precisely their main routers) being flooded with massive amounts of data at speeds higher than 1 gigabit per second, the equivalent of more than 3.5 million average e-mail messages every minute. Recently, a similar assault was launch against the Internet's root DNS servers. These root DNS servers perhaps can be considered the heart of the Internet. Another story involved Creditcards.com , which was hacked, and 55,000 card numbers were held hostage for $100,000. When the extortion attempt failed, the hacker posted the card numbers on the Web... "Today," says Verton, "many who use the title hacker are into stopping information flow or worse, destroying information as a way to demonstrate their technological prowess and discovery ." But many hackers' motives and actions are not limited to those alone. As in the case of Creditcard.com , Verton agrees their major objective can be simply money. Credit card data is cash. What is being done? At the opposite end are the law enforcement agencies and Verton, who frequently converses with the top heads, believes that in recent times they - particularly the FBI - are becoming much more organized and prepared to combat and suppress these cyber criminals. "Director Robert Mueller has ordered a massive overhaul of the FBI structure and mission focus," says Verton, "so that not only are there more resources being dedicated to cyber-crime and cyber-terrorism, but those two areas are now within the top 3 priorities for the entire Bureau as set forth by Director Mueller. That's a significant change." Yet recently,President Bush's cyber-security adviser stated a fact when he declared that cyber-crime is costing the world economy billions of dollars and is on the increase. Why is cyber-crime not being effectively controlled? What is fuelling the rampancy? Parental apathy & the public education system - Kids are not being taught responsibility and responsible use of computer resources in the school and at home. To begin with, parents and teachers may not be computer literate and au courant enough to understand the frightening dangers and consequences involved with computer hacking. The increased ease of hacking - Now, not only hackers who have taken years in garnering and honing their skills can hack. Take for example the assault on Yahoo! , ZDNet , EBay , CNN and Amazon . This was done by a 14 year old Canadian boy; an unskilled hacker according to the FBI's conclusive reports. Freely distributed, easy-to-use yet malicious toolkits (published throughout the Internet by programmers / expert hackers) fall into the hands of unsophisticated / novice hackers who - as a CanWest Interactive report described - " ...are unaware of the capabilities of the hacker tools they use, unaware of the implications of their hacking or unconcerned about the consequences of their actions. " The private-sector cooperation yet to make cyber-crime a top priority - Companies are not investing enough to train their administrators or seek expert assistance, resulting in poorly configured environments. Administrators do not keep up with updates and patches released by their software vendors. The " 2002 Computer Crime and Security Survey " by the FBI and the San Francisco-based Computer Security Institute shows that only 34% of companies said they reported cyber-crime incidents to law enforcement agencies. Most said they didn't report incidents out of fear of negative publicity and the potential for competitors to use the information against them. According to FBI Director,Robert Mueller, it is a serious hindrance in the fight against cyber-crime if companies don't come forward. Verton adds to this. "Well, one other reason that maybe I didn't focus on in my book would be corporate complacency. I recently sat in an invitation-only dinner meeting of Wall Street executives in New York, where the discussion was off the record so that everybody would speak candidly. One CEO actually said that his company was so small that nobody would be interested in hacking his network, so why should he spend so much time and money worrying about staying on top of the changes in vulnerabilities and security technologies. "Well, we know now that everybody is potentially somebody else's weakest link. It's no longer enough to worry about only your networks. Today you have to worry about everybody you do business with, everybody you give access to (physical and cyber access). The push toward corporate transparency has a fatal drawback: it allows bad people to more easily identify and see undiscovered vulnerabilities." Ethics in hacking? Though, not all "illegal" hacking is bad, according to Verton. "Sure, it's illegal, but Web site defacements that are specifically targeted and focused on critical social or political issues could be seen, and in fact are by many people, as a legitimate form of peaceful dissent." In Verton's book, he mentions the EHAP , Ethical Hackers Against Pedophiles , a group that helps law enforcement officials to track down adults who exploit children online. Over the last several years they have helped rid the Internet of those who traffic and profit in child pornography. Such ethical hacking is commonly termed as hacktivism. Verton goes on to give another example of this. "If a company is known to be an environmental offender, for example, hacking their Web site and placing the truth about that company in front of the world may actually do some good. I'm not necessarily against minor infractions of the law for critically important social causes.People do that all the time when they picket without a license, or try to block entry into a courthouse while not resisting arrest. Hacking or hacktivism has a place in that respect." . Elaine Driscoll explores the world of young programmers, revealing their diverse inspirations and the complexities of navigating online security.. Hacker Culture, Cyber Threats, Ethical Hacking, Teenage Hackers, Cybersecurity Challenges. . Brittany Day
Sep 19, 2003
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More