Server Security

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

Financially motivated hacking groups are increasingly exploiting newly disclosed vulnerabilities to deploy custom malware on public-facing servers. The threat actors are known as Magnet Goblin, and they have been quick to leverage one-day flaws, vuln...
Mar 11, 2024
  0

New Bifrost Malware Evades Detection, Threatens Linux Server Security

A new variant of Bifrost, a remote access Trojan (RAT),...
Mar 02, 2024
  0
11.Locks IsometricPattern Esm H115

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers

A new malware dubbed “Migo” that is targeting Linux Red...
Feb 21, 2024
  64
22.Lock ScreenEffect Esm H115

Discover Server Security News

LS Hmepg 337x500 34 Esm H200

BIND glitches could trigger DoS attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security organizations have issued an alert about a BIND vulnerability which could see companies face denial-of-service attacks. The vulnerability is found in version 9 of the Internet Software Consortium's BIND (Berkeley Internet Name Domain) server. If it's exploited by an . . .

LS Hmepg 337x500 34 Esm H200

Writing PAM Modules, Part Three

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

PAM stands for Pluggable Authentication Modules and is a system for providing application independence for authentication. A PAM-enabled application calls a stack of PAM modules to run authentication, open and close sessions, and check account validity.. . .

LS Hmepg 337x500 34 Esm H200

New security attack identified: Denial of Responsibility (DoR)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A recent report from the National Association for Security and Trust Evaluation warns of an increase in serious security breaches known as Denial of Responsibility (DoR) attacks. "Each attack is much more dangerous than traditional security flaws," says Warren N. Veighn of the Association, "because the extent of the vulnerabilities is so great, the time they affect deployed systems can stretch out to decades, and getting the source of the problem to react appropriately is by definition very difficult." . . .

LS Hmepg 337x500 34 Esm H200

Linux.Simile: Windows Virus that affects Linux Too?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

{Win32,Linux}/Simile.D is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It is the first known polymorphic metamorphic virus to infect under both Windows and Linux. The virus contains no destructive payload, but infected files may display messages . . .

LS Hmepg 337x500 34 Esm H200

SQL Injection Walkthrough

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of . . .

LS Hmepg 337x500 34 Esm H200

File Locking Local Denial of Service: Impact on Sendmail

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This article discuss how sendmail currently handles file locking and how it will change in future versions. "Any application which uses either flock() or fcntl() style locking or other APIs that use one of these locking methods (such as open() with O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users may be susceptible to local denial of service attacks.". . .

LS Hmepg 337x500 34 Esm H200

Comment: Web sites insecure as ever

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most, if not all, of corporate web sites are fundamentally insecure. And this insecurity can allow attackers to access databases, delete or change information, and cause absolute chaos with very little effort or technical know how. . . .

LS Hmepg 337x500 34 Esm H200

How Can You Defend Against a Superworm?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Give an exploit to script kiddies, and they'll hit every vulnerable host in weeks. Build a worm with it, and it could take days. How long would a superworm take? Try 30 seconds. Brandon Wiley explains superworms and some possible self-defense . . .

LS Hmepg 337x500 34 Esm H200

Tips on basic Linux server security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

If you just put your Apache web server online, and are thinking into making the first step in your system security, this brief article will help you do that. By having your own server, you must understand the responsibility behind it. . . .

LS Hmepg 337x500 34 Esm H200

XP Updates Start to P.O. Users

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As many as three times a week, on average, XP users see a little window pop-up at the bottom of their computer screens announcing the availability of another new update for their system. This plethora of patches has left many users wondering whether their hard drives are big enough to handle "Trustworthy Computing.". . .

LS Hmepg 337x500 34 Esm H200

Cookies Take A Bite Out Of Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As if IT managers didn't have enough security headaches, the rise of Web site-based intrusions has risen over the last year, with aggressive cookies and pop-up-spawned spyware leading the charge. Products like the Gator password manager utility are reported to include a Web-user monitoring component, which may even cause Web browsers to crash or behave erratically.. . .

LS Hmepg 337x500 34 Esm H200

Potential Vulnerability in LIDS 1.1.1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There is a possibility to use a capability from LIDS protected binaries for arbitrary users. For example if some binary has the CAP_SETUID capability granted, a general user can execute this binary under a arbitrary user ( could be the root ).. . .

LS Hmepg 337x500 34 Esm H200

Denial-of-service attacks still a threat

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Denial-of-service (DOS) attacks continue to present a significant security threat to corporations two years after a spate of incidents brought down several high-profile sites, including those of Yahoo Inc. and eBay Inc., users and analysts report. Since then, several technologies . . .

LS Hmepg 337x500 34 Esm H200

Server port 80 plagues Internet security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

THE INTERNET HAS become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems, which released its security incident figures for the first quarter of 2002 Wednesday. . . .

LS Hmepg 337x500 34 Esm H200

How to set up IMAP on the cheap, Part 2

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This is the second in a series of articles about how to install and configure the Cyrus IMAP mail server, Postfix SMTP, and Procmail for server-side mail filtering. Last week, we covered the installation and basic configuration for Cyrus IMAP.. . .

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved