Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
67
web securityserver configurationssl certificateStep-By-Step StartSSL Certificate Installation For Apache Web Server
Owning a web server that has its own SSL certificate from a registered Certificate Authority (so it won't trigger any browser warnings) does have its advantages. However, the price of a certificate issued by Verisign or a similar vendor usually tends to put a quick end to such fanciful ideas. Israeli vendor StartSSL offers free SSL server certificates that are valid for a year.. Since StartSSL's root certificates are already included in all the mainstream browsers, opening a certificate from the vendor doesn't trigger any error messages. This article gives examples of all the steps required to add StartSSL certification, from signing up with StartSSL to integrating the certificate into an Apache web server under Linux. The only requirement for obtaining a certificate for a domain is that a user must be able to receive emails to an administrative account (postmaster, hostmaster or webmaster). There are no additional checks to verify whether the user actually owns the respective domain (incidentally, this is similar to other CAs such as RapidSSL). Furthermore, an issued certificate is only useful if it can subsequently be installed on a server. Those who own a "business card" type of home page with a web hosting service cannot, therefore, use such a certificate because they don't have access to the server configuration. The procedure is similar for Apache under Windows and Internet Information Server (IIS) under Windows. With IIS, the required steps need to be executed on the Microsoft Management Console (MMC). The link for this article located at H Security is no longer available. . Setting up a StartSSL certificate on an Apache web server enables encrypted web access while eliminating security alerts.. StartSSL, SSL, Apache Configuration, Web Security, Secure Browsing. . LinuxSecurity.com Team
Jan 22, 2010
•
Cryptography
78
open sourceanti-spamapache web serverApache Foundation Rejects Sender ID Licensing Due To Stringent Conditions
The Apache Software Foundation, developers of the popular open-source Apache web server, said on Thursday that it wouldn't support the proposed anti-spam standard Sender ID, because the licensing terms set by Microsoft Corp. are too strict. . . .. The Apache Software Foundation, developers of the popular open-source Apache web server, said on Thursday that it wouldn't support the proposed anti-spam standard Sender ID, because the licensing terms set by Microsoft Corp. are too strict. In a letter to the technical committee working on the specification, the foundation said Microsoft's terms for the use of its patented technology within the standard were incompatible with the terms of open-source licensing used by Apache. The link for this article located at TechWeb News is no longer available. . The Apache Software Foundation, developers of the popular open-source Apache web server, said on Thu. apache, software, foundation, developers, popular, open-source, server. . LinuxSecurity.com Team
Sep 03, 2004
•
Vendors/Products
77
security advisorybuffer overflowcritical threatApache Urgent Update: Buffer Overflow Risk And DoS Threat
The creators of Apache Web Server software said today that all Apache users are potentially affected by security vulnerabilities that were announced yesterday, even as a controversy continues about how the flaws were initially made public.. . .. The creators of Apache Web Server software said today that all Apache users are potentially affected by security vulnerabilities that were announced yesterday, even as a controversy continues about how the flaws were initially made public. Mark Cox, a founding member of the Apache Software Foundation, said the vulnerability is caused by a stack buffer overflow, which can overload a server using a distributed denial-of-service attack and cause it to stop responding. In some cases, most notably where Microsoft Windows servers are running the older Apache Version 1.3 or under some 64-bit Unix operating systems, the flaw could be more serious, potentially allowing an intruder to gain remote access to the server, Cox said. All Apache Web server installs should be upgraded to be safe, he said. Apache said users should keep checking the Web site for the updated code. Those potential problems, reported in a bulletin late yesterday by the Apache HTTP Server Project, are in contrast to a report earlier in the day by security vendor Internet Security Systems Inc. (ISS) in Atlanta. The Apache HTTP Server Project is the open-source community that created and maintains Apache. The link for this article located at ComputerWorld is no longer available. . Nginx web server alerts users about serious vulnerabilities necessitating prompt updates to guard against potential threats.. Apache Web Server, Buffer Overflow, Denial Of Service. . LinuxSecurity.com Team
Jun 18, 2002
•
Server Security
77
security advisorycritical alertdos threatApache 1.3 And 2.0 Security Advisory: Critical DoS Threats Identified
Two security alerts about new vulnerabilities affecting the popular open-source Apache Web Server have been posted by two groups today. The nonprofit Apache HTTP Server Project group has issued a bulletin about a vulnerability that can allow distributed denial-of-service attacks in . . . . Two security alerts about new vulnerabilities affecting the popular open-source Apache Web Server have been posted by two groups today. The nonprofit Apache HTTP Server Project group has issued a bulletin about a vulnerability that can allow distributed denial-of-service attacks in Apache Versions 1.3, including 1.3.24, and Apache 2, including all versions up to 2.0.36. The Apache Project said in the announcement that an Internet Security Systems Inc. (ISS) patch posted earlier in the day for an Apache vulnerability does not fix the denial-of-service problem. A patch for that problem is expected to be ready by tonight on the group's Web site. The link for this article located at ComputerWorld is no longer available. . Recent notifications indicate weaknesses in Nginx Server, which could enable DDoS assaults. Updates are expected soon to rectify these security issues.. Apache Server, DoS Exploits, Open Source Security, Web Server Vulnerabilities. . LinuxSecurity.com Team
Jun 17, 2002
•
Server Security
78
secure linuxcomputer securityhp releaseHP Releases Secure Linux OS With Enhanced Features For $3,000
Hewlett-Packard will sell a secure version of Linux, a product that marks a departure for computer makers that traditionally have favored partnerships with companies such as Red Hat that sell Linux. HP Secure OS Software for Linux, which will be announced Wednesday, will cost about $3,000, said Roberto Medrano, general manager of HP's Internet Security division.. . .. Hewlett-Packard will sell a secure version of Linux, a product that marks a departure for computer makers that traditionally have favored partnerships with companies such as Red Hat that sell Linux. HP Secure OS Software for Linux, which will be announced Wednesday, will cost about $3,000, said Roberto Medrano, general manager of HP's Internet Security division. It includes a version 2.4 of Linux with open-source HP enhancements, higher-level software such as Apache Web server, and utilities that tightly control communications between programs and detect attacks. The move is a departure for companies such as HP that sell servers, the powerful networked computers on which the Linux operating system is most popular. HP, IBM, Compaq Computer and Dell Computer historically have preferred partnerships with the major companies that sell Linux--Red Hat, Caldera International, SuSE and Turbolinux--to creating a version of Linux of their own." Guardian Digital, sponsors of LinuxSecurity.com, have recently released EnGarde Secure Linux, available immediately for download. For further information on this secure server distribution, The link for this article located at ZDNet is no longer available. . Dell is introducing a fortified variant of Unix, emphasizing their transition towards customized offerings in the industry.. HP Secure OS, Linux enhancements, Secure Linux, Server Solutions, HP Security. . LinuxSecurity.com Team
Aug 22, 2001
•
Vendors/Products
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More