Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 8 articles for you...
83
security advisorysecurity measuresmalwareLinux: Auto-Color Malware Advisory - Advanced Evasion Tactics Explored
A newly discovered Linux malware variant dubbed Auto-Color is making headlines, targeting universities and government organizations across North America and Asia. Palo Alto Networks Unit 42 discovered a sophisticated Linux backdoor that uses advanced evasion techniques to hide within standard system processes, making detection and remediation efforts harder than they otherwise should be. . As admins, we must remain alert for suspicious activity that might signal its presence on our networks and systems. Auto-Color infiltrates systems through compromised software repositories and targeted phishing attacks targeting administrators with admin privileges, giving threat actors access to system resources without admins' knowledge. Attackers can manipulate these resources to gain unauthorized access and control over target systems, potentially compromising sensitive data. By maintaining tight access controls, trusting only reliable sources when selecting software sources, and being vigilant in watching for abnormal system behaviors that indicate compromise, we Linux admins can better safeguard our environments against this emerging menace. Let's examine how Auto-Color works in greater detail and discuss practical measures you can take to safeguard your Linux infrastructure and critical data against it. Understanding Auto-Color's Evasion Techniques Auto-Color Flow Diagram (source: Paloalto) Auto-Color's most worrying trait is its ability to blend seamlessly into standard system processes, making it exceptionally hard to detect. Traditional security measures may fail to recognize this malware due to sophisticated obfuscation strategies that bypass typical security scans. Auto-Color excels at concealing its tracks by merging into legitimate processes to avoid raising alarms. Linux security admins should depend upon more innovative detection methods to mitigate attacks. Anomaly Detection Systems that track for any abnormal patterns or behaviors within their network are critical indetecting Auto-Color. Regular manual audits of system processes are also helpful in detecting any unusual activities that automated systems might have missed. The Path of Infection How does Auto-Color penetrate Linux systems? The malware spreads through compromised software repositories and phishing strategies targeting administrators with elevated privileges. Its dual attack vector allows it to spread directly onto individual systems and indirectly via trusted sources of software downloads. Securing system software and tools by procuring them from reliable, verified repositories is a fundamental way of combatting this threat. Furthermore, raising awareness among users about phishing attacks and using multi-factor authentication can add extra layers of protection against such attempts. Administrators should pay particular attention when receiving suspicious requests for login credentials or unusual updates. These could indicate that someone is trying to commit fraud against your system. Examining Auto-Color's Impact Auto-Color can have devastating consequences on compromised systems. Once it infiltrates, Auto-Color malware can monitor and alter user activity, steal sensitive data, and execute arbitrary commands - providing attackers with total control to steal valuable information while disrupting operations and creating significant system damage. One of the most troubling aspects of this threat is its use in larger botnet activities. By commandeering multiple systems, attackers can launch widespread attacks, amp up their impact, and avoid detection - an impactful disruption for organizations that rely on continuous operations. Reinforcing Your Defenses Due to the nature of Auto-Color, strengthening system defenses is of utmost importance. Implementing strict access controls ensures that only authorized users can perform high-level operations, thus decreasing the chances of a successful attack. Furthermore, regularly updating and patching all software components will closevulnerabilities that malware attacks can exploit. Backing up data regularly is another essential component of an effective defense strategy. Doing this allows systems to remain functional even after they have been compromised by ensuring data can be restored with minimal loss. Backups should ideally be stored offline or in an encrypted cloud environment to avoid being targeted by malware attacks. The Importance of Incident Response Planning No matter how robust your defenses may be, breaches can still happen. A comprehensive incident response plan enables organizations to respond rapidly and effectively when security incidents arise. This plan should include protocols for detecting malware attacks, quickly alerting stakeholders, and returning systems to normal operations. Training and drills are critical to ensure each team member understands their role during an emergency. Regular sessions help keep security protocols top-of-mind among everyone involved and enable a quick response during an incident. Our Final Thoughts on Mitigating the Auto-Color Linux Malware Threat Auto-Color represents a sophisticated and potentially devasting malware threat to our Linux systems. With advanced evasion techniques combined with its ability to spread through both repository downloads and phishing emails, Auto-Color is an impressively persistent adversary. Yet, by understanding its operation and taking appropriate security precautions, Linux admins can protect their systems effectively against it. From tight access controls and frequent software updates to proactive anomaly detection and robust incident response plans, many strategies exist to mitigate the risks posed by Auto-Color. Staying informed and prepared , keeping systems updated, and informing users about threats like Auto-Color are all part of maintaining a strong security posture. . Stay vigilant against Auto-Color malicious behavior targeting Linux environments and learn crucial strategies to counter its sophisticated methods.. LinuxMalware, Auto-Color, Threat Mitigation, Attack Prevention, Security Practices. . Brittany Day
Feb 26, 2025
•
Hacks/Cracks
74
security advisorycriticalremote accessRazor Bindview: 2001 Advisory Critical SSH Exploit - CRC32 Attack
In February 2001, Razor Bindview released their "Remote vulnerability in SSH daemon crc32 compensation attack detector" advisory, which outlined a gaping hole in deployed SSH servers that can lead to a remote attacker gaining privileged access. At this writing, over . . . . In February 2001, Razor Bindview released their "Remote vulnerability in SSH daemon crc32 compensation attack detector" advisory, which outlined a gaping hole in deployed SSH servers that can lead to a remote attacker gaining privileged access. At this writing, over 30% of all SSH servers appear to have the CRC32 bug. . Uncover the vital SSH service vulnerability highlighted in the 2001 report by Razor Bindview concerning CRC32 weaknesses.. SSH Exploit, Remote Access Security, CRC32 Attack. . Anthony Pell
Nov 27, 2023
•
Network Security
83
security issueadvisoryheap overflowVMware ESXi 8.8 Critical: Heap Overflow Risk From Ransomware Surge
An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago. . The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts and other large-scale enterprises to consolidate their hardware resources. ESXi is what’s known as a bare-metal, or Type 1, hypervisor, meaning it’s essentially its own operating system that runs directly on server hardware. By contrast, servers running the more familiar Type 2 class of hypervisors, such as Oracle’s VirtualBox, run as apps on top of a host operating system. The Type 2 hypervisors then run virtual machines that host their own guest OSes, such as Windows, Linux, or, less commonly, macOS. Advisories published recently by computer emergency response teams (CERT) in Italy, and Austria report a “massive” campaign that began no later than Friday and has gained momentum since then. Citing results of a search on Census, CERT officials in Austria, said that as of Sunday, there were more than 3,200 infected servers, including eight in that country. “Since ESXi servers provide a large number of systems as virtual machines (VM), a multiple of this number of affected individual systems can be expected,” the officials wrote. The vulnerability being exploited to infect the servers is CVE-2021-21974 , which stems from a heap-based buffer overflow in OpenSLP, an open network-discovery standard that’s incorporated into ESXi. When VMware patched the vulnerability in February 2021, the company warned it could be exploited by a malicious actor with access to the same network segment over port 427. The vulnerability had a severity rating of 8.8 out of a possible 10. Proof-of-concept exploit code and instructions for using it became available a few months later. . Malicious actors are taking advantage of a vulnerability in VMware's ESXi, resulting in widespread server compromises.. ESXi Exploit, Cyberattack Mitigation, RansomwareResponse. . LinuxSecurity.com Team
Feb 22, 2023
•
Hacks/Cracks
210
security advisorysecurity issuekernel updateUbuntu 20.04, 18.04, 16.04 LTS: Advisory for Kernel Security Update
Ubuntu users - have you implemented the latest kernel updates released by Canonical to address 17 recently-discovered security vulnerabilities? . Available for Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS systems, these major kernel updates fix a total of 17 security issues. As such, I recommend that you patch your installations as soon as possible by running the sudo apt update && sudo apt full-upgrade commands in the Terminal app. Among the most important security issues fixed in this update, there’s CVE-2020-10766, CVE-2020-10767 and CVE-2020-10768, flaws that made the Linux kernel to not correctly apply the mitigations for the SSBD (Speculative Store Bypass Disable) and IBPB (Indirect Branch Predictor Barrier) vulnerabilities affecting certain Intel processors, as well as to incorrectly enable Indirect Branch Speculation after it’s been disabled for a process via a prctl() call. The link for this article located at 9 to 5 Linux is no longer available. . Canonical issues kernel patches for Ubuntu LTS addressing 17 vulnerabilities. Please update your systems without delay!. Kernel Update, Ubuntu Security, Patch Management. . Brittany Day
Sep 04, 2020
•
Security Vulnerabilities
81
advisorysecure browsinganonymity toolTails 1.0: Safeguard Your Online Privacy During Web Browsing
These days, it seems as though anyone who uses the Internet is a tasty morsel for insatiable data thieves. Marketers, governments, criminals and random snoops won't be satisfied until they can snarf whatever information they want about us at any time.. If you want to dodge ad trackers, have sensitive sources to protect or you just want to conduct your normal online activities without being spied on, then The Amnesiac Incognito Live System (better known as Tails) could help. The link for this article located at Network World is no longer available. . Evade surveillance and safeguard your confidential information with Qubes OS, the security-centric Linux distribution designed for private internet navigation.. Tails Linux,Privacy Security,Anonymous Browsing,Secure Online Activity. . LinuxSecurity.com Team
May 13, 2014
•
Privacy
78
security advisorysecurity updateFedoraFedora 18: Compatibility Issues With Secure Boot and Windows 8
Three days before its scheduled release, Fedora 18 still has some issues when confronted with a computer that is running Windows 8 with secure boot enabled, if one goes by the latest testing image available online. . The Fedora project announced on January 9 that it would be releasing Fedora 18 on January 15, US time. The link for this article located at IT Wire is no longer available. . Fedora 18 faces challenges related to secure boot interoperability with Windows 8 prior to its formal launch.. Fedora 18, Secure Boot, Windows Compatibility Issues. . LinuxSecurity.com Team
Jan 15, 2013
•
Vendors/Products
83
malwarezero-dayadvisoryZero-Day Attack: Sykipot Malware Targets U.S. & U.K. Defense and Industry
The latest Adobe Reader and Acrobat zero-day attack is part of a larger, longer-term targeted attack campaign aimed mainly at stealing intellectual property from the U.S. and U.K. industries and government agencies, according to Symantec.. Symantec identified the malware family involved in the attacks as Sykipot, which has been used in targeted attacks for the past two years and possibly as far back as 2006. Organizations hit in the latest wave of attacks were mainly U.S. and U.K. defense contractors, telecommunications firms, computer hardware companies, chemical companies, energy companies, and government agencies. The link for this article located at Dark Reading is no longer available. . Kaspersky disclosed that the ShadowPad malware is aimed at industries in Canada and Australia through an unpatched vulnerability.. Adobe Reader Exploit,Sykipot Malware,Zero-Day Attack. . LinuxSecurity.com Team
Dec 12, 2011
•
Hacks/Cracks
82
advisorycybersecurityDefconJeff Moss Appointed to Homeland Security Cybersecurity Advisory Council
Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council. The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano. . Moss' background as a computer hacker (aka "Dark Tangent") and role as a luminary among young hackers who flock to Defcon in Las Vegas every summer might seem to make him an odd choice to swear allegiance to the government. (Although before running his computer conferences, Moss also worked in the information system security division at Ernst & Young.) The link for this article located at CNET is no longer available. . Moss' background as a computer hacker (aka 'Dark Tangent') and role as a luminary among young hacker. founder, black, defcon, hacker, security, conferences, among, people. . Anthony Pell
Jun 08, 2009
•
Government
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More