Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026 
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026 
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026 
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026 
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026 
Refine features
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
data protectionLinux securitysecurity measuresFileless Malware Attack on Linux: Techniques and Mitigation Strategies
Recent years have demonstrated that Windows users are not the only ones who should be concerned about malware. Linux is becoming an increasingly popular target among malware operators due to the growing popularity of the open-source OS and the high-value devices it powers worldwide. Security researchers from AT&T Alien Labs are now warning that “cyber gangs have started infecting Linux machines via a fileless malware installation technique that until recently was more commonly used against Windows-based systems”. . So what exactly is fileless malware and how does a fileless malware attack on Linux work? This article will provide you with answers to these questions by honing in on the anatomy of a Linux fileless malware attack - equipping you with the knowledge necessary to secure your systems and your data against this stealthy and malicious threat. Let’s begin by exploring the concept of fileless malware. Fileless Malware 101 Unlike traditional malware which leverages executive files to infect systems, fileless malware does not rely on files to accomplish this - as its name suggests. Rather, this stealthy new type of malware infiltrates a server’s random-access memory (RAM) and exploits existing, trusted software and applications known as LOLBins to install and run malicious code on target systems. This strategy of essentially turning systems against themselves is referred to as “living off the land”. Malicious code downloaded on the target system is often used to encrypt and exfiltrate sensitive data, and transfer it directly into the hands of the attacker. Fileless malware attacks leave no trace on the systems they infect, as all malicious activity is performed directly in RAM and no files are written to the hard drive. This type of attack is considered an Advanced Volatile Threat (AVT) - after the affected system reboots all malicious code present on it disappears, but damage has already been done to the impacted server. Because fileless malware does not leverage executablefiles to infect systems and therefore has no signature, it is able to evade the detection of signature-based antivirus software and many traditional security solutions. How Does a Fileless Malware Attack on Linux Work? Fileless malware attacks targeting Linux systems are carried out in a series of clearly-defined steps, beginning with infection via the exploitation of a vulnerability and ending with the compromise of a server and the data it houses. Let’s take a closer look at how fileless malware attacks on Linux systems work, broken down step-by-step, to help you better understand this growing threat to your systems and your data. Step 1: Infection via Exploitation of a Vulnerability Whereas fileless malware infects Windows systems via a malicious link delivered in a phishing email, fileless malware infects Linux systems by exploiting a vulnerability such as a flaw in a network protocol or in a browser’s Flash plugin. For instance, TeamTNT’s infamous Ezuri Golang malware exploits misconfigured Docker instances and exposed APIs to turn vulnerable systems into DDoS bots and cryptominers. Step 2: Modification of a Linux Process Once it has gained access to the target system through the exploitation of an unpatched security bug, the malware modifies and crashes a running Linux process using the ptrace() system call. This system call is commonly used by debuggers to inspect and manage the internal state of the target process, and is useful in software development. Step 3: Insertion of Malicious Code into Memory Once the malware has crashed a running process using ptrace() , it is able to cause the process to insert malicious code into memory without writing to the disk. This is frequently accomplished by exploiting a buffer overflow, or a situation in which a program, while writing data to a buffer, or an area of memory, overruns a buffer’s boundary and overwrites adjacent memory locations. Step 4: Execution of Malicious Code = System Compromise Most installed Linuxdistributions have pre-installed software, which usually has programming language interpreters such as Python, Perl, С Compiler and PHP. Fileless malware exploits these interpreters to execute the malicious code it has inserted into the memory of the target system. By placing malicious code in /dev/shm or/run/shm directory, it is possible to run the file directly in the RAM. Attacks such as those leveraging the Ezuri encryption tool, which use system calls such as memfd_create() to create an anonymous file in the RAM that can be run, have gained popularity recently. Once the malicious code is executed, the attacker has successfully compromised the target system. He or she is now capable of performing an array of malicious actions such as damaging the impacted server, stealing sensitive data and encrypting critical files on the system . Download Infographic How Can I Protect Against Fileless Malware? Securing a Linux system against fileless malware and other sophisticated modern threats requires a proactive, layered security strategy . The majority of attacks on Linux systems can be attributed to misconfigurations and poor administration, making it essential that administratorsremain vigilant about testing and verifying the security of their servers . In addition, we recommend that administrators implement these security best practices to protect against filelessmalware and other dangerous exploits: Make sure that all software and patches are up-to-date. Uninstall applications that are not being used and disable unnecessary services and program features for all necessary applications. Restrict admin privileges - only grant the privileges that are necessary for a user to do his or her job. Monitor network traffic and check activity logs frequently. In the event that an infection does occur, change passwords immediately once you become aware of the infection and again after disinfection. Implement adaptive security solutions capable of detecting malicious code –not just on the file system, but also in the RAM. The Bottom Line Fileless malware is a growing concern for Linux administrators. Linux is considered a very secure OS by design - and rightfully so. With its robust privilege system and the “many eyes” of the open-source community scrutinizing the increasingly popular OS’s code for security vulnerabilities, Linux users are generally much safer than their Windows-using counterparts . That being said, sound administration and the implementation of security best practices can help prevent fileless malware attacks and other dangerous modern exploits that threaten Linux systems. . Delve into the mechanisms behind fileless malware on Linux platforms and learn effective strategies to safeguard your systems against this elusive danger.. Fileless Malware, Malware Attack Strategies, Linux Threat Prevention, Advanced Malware Techniques. . Brittany Day
Mar 25, 2022 •
102
cyber threatsmalwaresecurity solutionsProtecting Email Accounts Against Growing Cyber Threats
Cyber threats are more sophisticated and dangerous than ever before! Are you securing your email accounts with a solution that is capable of preventing these advanced attacks? . As technology continues to become more advanced and prevalent in society, cyber attacks of every variety are a greater risk to both organizations and individuals. Cyber crime is becoming an increasingly large global business that threatens everyone. Business cyber crime increased by 63% in 2017 (Office for National Statistics). As defenses improve, cyber threats are evolving to become more sophisticated and harder to detect and stop. For instance, phishing attacks have become highly targeted and often utilize advanced social engineering technologies to appear legitimate. Targeted spear phishing emails and BEC scams can have devastating consequences for businesses. Moreover, zero-day attacks are becoming increasingly common. Because email is an extremely popular vector for various types of cyber attacks, it is crucial that businesses and individuals educate themselves on how to best protect their email accounts from attackers, and that they invest in technology that will most effectively prevent successful attacks. Phishing attacks have become both more common and more serious than they were in the past. Phishing is the top attack vector for cyber criminals and an average of 135 million phishing attacks are attempted each day (ZDNet). Phishing attacks can have dangerous consequences. Recently, a phishing scam compromised personal health information of 1.4 million UnityPoint Health patients (Health IT Security). Preventing highly targeted and sophisticated phishing attacks requires an email security solution that exceeds the protection that standard email filters and regular spam and virus solutions provide. Guardian Digital recognizes this and has designed an advanced gateway that authenticates every email delivered using DMARC, DKIM and SPF. In addition, state-of-the-art heuristic technologies recognize malicious code andaccurately identify and block highly targeted spear phishing attempts. Guardian Digital’s unrivaled secure email gateway significantly reduces the risk that a dangerous phishing attack poses to your business or personal email account. Similar to phishing, business email compromise (often referred to as BEC) is a prevalent email-related threat that can have devastating consequences for organizations of all sizes. BEC encompasses various types of scams including CEO fraud, data theft, account compromise, attorney impersonation and the Bogus Invoice Scheme. Business email compromise continues to become both more common and costly and has generated losses of $5.3 billion worldwide (InfoSec Institute). Guardian Digital’s advanced threat protection prevents all types of BEC scams using deep scanning to identify these low-volume, highly targeted attacks that are often missed by conventional security solutions. Malware is another cyber threat that everyone should be concerned about. It is usually delivered via a phishing email, and is designed to either gain access or cause damage to a computer or network without the victim detecting it. New malware with evolving capabilities is emerging constantly. Data indicates that in 2017 a new malware specimen emerged every 4.2 seconds on average (G DATA Security Blog). Accurately detecting and blocking malware requires advanced technologies that go beyond what many companies offer. Guardian Digital prevents harmful malware from reaching the inbox using real-time scanning of broad file types and Big Data techniques. Machine learning analyzes email content in real-time for suspicious behavior. With Guardian Digital’s secure email gateway, no obscure malware variant will be able to harm you or your business. Companies and individuals are more likely than ever before to be impacted by a serious cyber attack. Threats of various types are evolving to become more sophisticated and complex and more difficult detect and prevent. Are you protecting your email accounts withthe most effective email security solution on the market? Guardian Digital has exceptional customer support and would love to discuss a customized threat protection plan with you. Prioritize the security of your email now before it’s too late! . With the progression of technology, cyber threats become increasingly sophisticated. Safeguard your email using robust measures to combat contemporary risks.. Email Security,Cyber Threats,Phishing Prevention,Malware Protection,BEC Protection. . Brittany Day
Aug 07, 2018 • 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More