Server Security

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

Financially motivated hacking groups are increasingly exploiting newly disclosed vulnerabilities to deploy custom malware on public-facing servers. The threat actors are known as Magnet Goblin, and they have been quick to leverage one-day flaws, vuln...
Mar 11, 2024
  0

New Bifrost Malware Evades Detection, Threatens Linux Server Security

A new variant of Bifrost, a remote access Trojan (RAT),...
Mar 02, 2024
  0
11.Locks IsometricPattern Esm H115

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers

A new malware dubbed “Migo” that is targeting Linux Red...
Feb 21, 2024
  64
22.Lock ScreenEffect Esm H115

Discover Server Security News

LS Hmepg 337x500 34 Esm H200

WordPress hardened with XSS, DoS and SSRF fixes

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

With the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers "strongly encourage" all users to update all their installations of the software to version 3.5.2 immediately.

LS Hmepg 337x500 34 Esm H200

Too many admins spoil your security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

We've all known for a long time that unnecessary use of elevated privileges is a bad thing. You shouldn't be logged in as an administrator while surfing the Internet or checking your email; in particular, you shouldn't do that stuff while logged onto a server as an admin. Your organization shouldn't have too many enterprise admins, domain admins, or server admins. We all have that.

LS Hmepg 337x500 34 Esm H200

"Forget passwords!": Google joins FIDO

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The FIDO Alliance, an organisation that aims to develop user-friendly password alternatives, has gainedPDF several new members and supporters this week. Google, NXP and CrucialTec have joined the Alliance's board of directors, taking seats alongside existing "Board Level" members.

LS Hmepg 337x500 34 Esm H200

Practicing safe DNS with Google

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Internet's a dangerous place for an innocent Web browser to be searching alone for the right Web page, so the Domain Name System Security Extensions (DNSSEC) was created to make searching safer. That's the good news. The bad news is that DNSSEC adoption has been lagging. Now, Google has announced that it's supporting DNSSEC in its Google Public DNS service.

LS Hmepg 337x500 34 Esm H200

The Importance of Securing a Linux Web Server

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise.

LS Hmepg 337x500 34 Esm H200

HTTPS Everywhere 3.0 supports more sites

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Electronic Frontier Foundation (EFF) has released a new version of its HTTPS Everywhere browser extension for Firefox that now supports encryption on even more web sites. The US digital rights advocacy organisation says that version 3.0 of its Firefox add-on, which automatically redirects users to more secure HTTPS connections when accessing certain web pages, now supports an additional 1,500 sites, more than twice as many as previous stable releases.

LS Hmepg 337x500 34 Esm H200

NSA: Building a More Secure Android

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It's no secret that Google's Android mobile operating system has had its share of security flaws. But what is less well-known is that the U.S. government's National Security Agency (NSA) is among the teams working to improve Android security.

LS Hmepg 337x500 34 Esm H200

The Hack That Kept Me Awake at Night

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

If I've seemed a little bleary-eyed and inattentive this week you can blame Jim Fallows. Late on Tuesday night I read his post about gmail, which linked to Mat Honan's piece for Wired about the destruction of his (Honan's) digital life. I was then up most of the night implementing Jim's advice about improving my computer security. This is by no means the first warning Jim has issued.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved