Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
83
account hijackingphishingsecurity threatRansom Demands Target Instagram Influencers After Phishing Attacks
Hackers are taking over high-profile Instagram users’ accounts and holding them to ransom, it was revealed this week. At least four influencers have lost control of their accounts and received demands to send bitcoin for their return, but in some cases the attackers retained control or deleted the accounts.. Motherboard reported that Los Angeles-based fitness Instagram influencer, Kevin Kreider, lost control of his Instagram account and more than 100,000 followers after falling victim to a phishing scam. The account hijackers sent him a fraudulent email offering a sponsorship deal with French Connection that took him to a fake Instagram portal which then stole his account details. The link for this article located at Naked Security/Sophos is no longer available. . Leading Instagram personalities face ransom threats following account breaches. Uncover the deceptive strategies employed by cybercriminals.. Instagram Account Hijacking, Ransomware Threats, Phishing Scams, Social Media Security, Influencer Accounts. . LinuxSecurity.com Team
Oct 02, 2018
•
Hacks/Cracks
83
security advisoryaccount hijackingexploitYahoo Account Hijack: Email Scam Exploiting Security Flaw Detected
Hackers behind a recently detected email attack campaign are exploiting a vulnerability in a Yahoo website to hijack the email accounts of Yahoo users and use them for spam, according to security researchers from antivirus vendor Bitdefender.. The attack begins with users receiving a spam email with their name in the subject line and a short "check out this page" message followed by a bit.ly shortened link. Clicking on the link takes users to a website masquerading as the MSNBC news site that contains an article about how to make money while working from home, the Bitdefender researchers said Wednesday in a blog post. The link for this article located at Network World is no longer available. . The attack begins with users receiving a spam email with their name in the subject line and a short . hackers, behind, recently, detected, email, attack, campaign, exploiting, vulnerability, yahoo. . LinuxSecurity.com Team
Feb 04, 2013
•
Hacks/Cracks
67
security advisoryaccount hijackingweb securityLinkedIn Account Hijacking: SSL Cookie Issues and Security Insights
AN INDEPENDENT insecurity researcher says there are multiple security vulnerabilities in the business social network Linkedin, due to the way it handles and transmits cookies over SSL.. In a blog post, Rishi Narang claimed that a worst case scenario would see a hacker capturing your web browsing cookies in traffic and hijacking your account. Cookies are snippets of text that are sent to your web browser and retained in disk files, and they are used to do things like retain your account numbers, personalise information and help with services like Amazon. He said that even if you change the password and all settings, the old cookie will be valid and will grant the attacker access to your account. One of the problems is the availability of cookies sent in plain text over unencrypted channels of communication, posted Narang. He said this is due to SSL cookies not having a secure flag set, as well as appearing to contain session tokens. The link for this article located at The Inquirer is no longer available. . Cybercriminals may gain access to your profile by exploiting session cookies resulting from flawed SSL configurations on Twitter. Identify the security gaps immediately.. LinkedIn Cookies Security, SSL Vulnerabilities, Account Hijacking. . LinuxSecurity.com Team
May 23, 2011
•
Cryptography
79
security advisoryaccount hijackingcriticalPHP-Nuke: Critical Account Hijacking via SQL Injection Exploit
To exploit this vulnerability one must create an account into the target site, base64_decode his cookie,modify the username in the cookie to inject SQL,base64_encode his cookie and pass it with save=1 to article.php (which must be done throught modules.php). . .. To exploit this vulnerability one must create an account into the target site, base64_decode his cookie,modify the username in the cookie to inject SQL,base64_encode his cookie and pass it with save=1 to article.php (which must be done throught modules.php) Date: Sun, 17 Mar 2002 23:56:57 +0800 From: Handle Nopman To: bugtraq@ Subject: PHP-Nuke & Post-Nuke account hijacking. Hi all BugTraq readers! I've found a bug in PHP-Nuke and Post-Nuke that allows one to hijack other accounts. Code in modules/News/article.php: if ($save AND is_user($user)) { cookiedecode($user); sql_query("update ".$user_prefix."_users set umode='$mode', uorder='$order', thold='$thold' where uid='$cookie[0]'", $dbi); getusrinfo($user); $info = base64_encode("$userinfo[uid]:$userinfo[uname]:$userinfo[pass]: $userinfo[storynum]:$userinfo[umode]:$userinfo[uorder]:$userinfo[thold]: $userinfo[noscore]"); setcookie("user","$info",time()+$cookieusrtime); } This code snippet cheks if user is logged in and allows he to change his mode,order and thold, then the code sends the cookie back with modified data. There is a bug. Code checks if user is logged in by is_user, but it uses getusrinfo to send the data back. Function is_user verifies the cookie by checking that UID and password match, but getusrinfo gets the data by using USERNAME and password and the getusrinfo uses insecure SQL call. So by specifying valid UID and PASSWORD combination one can get round the is_user check and his username is passed without any verification to insecure SQL call. By specifying specially crafted username one can fool the SQL call to return another users data. To exploit this vulnerability one must create an account into the target site, base64_decode his cookie,modify the username in the cookie toinject SQL,base64_encode his cookie and pass it with save=1 to article.php (which must be done throught modules.php) Post-Nuke is vulnerable to this too. Vendor Status I contacted Francisco Burzi over 2 weeks ago and he did not reply. I delayed the relase because I found out that Post-Nuke has this bug too. I contacted authors of Post-Nuke and they replyed almost immediatly and a fixed version is now available. Post-Nuke users should upgrade to the most recent version. Best Regards, "NopMan" -- Powered by Outblaze . To exploit this vulnerability one must create an account into the target site, base64_decode his coo. exploit, vulnerability, create, account, target, base64_decode. . LinuxSecurity.com Team
Mar 20, 2002
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More