Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
209
security practicessocial engineeringopen sourceOpenSSF & OpenJS Warning: Social Engineering Risks Affecting OSS Security
As the backbone of much of the world's technological infrastructure, the open-source community prides itself on transparency, collaboration, and innovation . However, these strengths can also present vulnerabilities, as seen with the notorious XZ Utils backdoor. . Recently, social engineering attacks targeting open-source projects have emerged as a significant threat. The Open Source Security Foundation (OpenSSF) and OpenJS Foundation have issued alerts highlighting attempts to manipulate project maintainers into granting unauthorized access or introducing malicious code. These incidents underscore the need for heightened awareness and robust defenses among Linux admins, developers, and open-source project maintainers. Let's examine these recent warnings and actionable strategies you can implement to combat this concerning trend. Understanding The Nature of Social Engineering Attacks Social engineering attacks exploit the human element of security, relying on deceit and manipulation rather than technical exploits. Attackers typically pose as legitimate contributors or community members, using friendly and persuasive tactics to build trust over time. The ultimate goal is often to gain maintainer status or convince existing maintainers to accept harmful changes. This method can be particularly effective in open-source environments where collaboration and trust are foundational. Recognizing Suspicious Activity To combat these threats, we must be able to recognize the patterns of social engineering attacks. Persistent, friendly engagement from relatively unknown contributors aiming for high-level access should raise red flags. Additionally, endorsements from unfamiliar accounts or networks can signal coordinated deception efforts. Pay close attention to pull requests (PRs) containing obfuscated code or binaries that lack transparency. Such changes can be vehicles for introducing malicious payloads. Security admins must remain vigilant for deviations from standard build and deploymentpractices that could compromise security. If a contributor creates a false sense of urgency, pushing for expedited reviews or immediate changes, take a step back and scrutinize their motives. Strengthening Authentication and Access Controls Strong authentication methods are one of the best ways to safeguard against attacks. Two-factor or multifactor authentication (MFA) can add another layer of protection, making it much harder for attackers to gain unauthorized access. Password managers provide additional security and ensure passwords are strong, unique, and not reused across services. Administrators should store recovery codes safely offsite to regain control if their accounts become compromised. Ensuring Code Integrity The review and merging of code can be critical points of vulnerability. Enabling branch protections and insisting on signed commits can help maintain the integrity of a codebase. Code reviews are required from a second developer before merging, even for changes proposed by maintainers. This additional step can catch potentially harmful alterations before they’re integrated into the project. It’s also essential to enforce readability requirements for new code. Obfuscated code or binaries hidden within a pull request can introduce significant security risks. By ensuring all changes are human-readable, maintainers can better understand the logic and purpose behind each modification, making it easier to spot malicious intent. Periodic Reviews and Minimal Permissions Administrative practices also play a crucial role in defending against social engineering attacks. Regularly review the list of committers and maintainers to verify their ongoing involvement and legitimate status within a project. Removing inactive or unnecessary accounts can reduce the risk of hijacking dormant accounts. Limiting npm publish rights and other critical permissions to trusted individuals can further minimize risk. Ensuring that only a small, trusted group can make significant changesreduces the number of potential entry points for attackers. This principle of least privilege is a fundamental aspect of a security posture. Establishing and Following Security Policies A clear and comprehensive security policy is a cornerstone of protecting open-source projects. This policy should include protocols for coordinated disclosure, providing a transparent process for reporting and addressing vulnerabilities. By establishing these guidelines, maintainers can ensure that any discovered issues are handled systematically and securely. It's also imperative to align with industry standards for security best practices. Resources like the OpenSSF Guides provide valuable insights and frameworks to help maintainers enhance their security posture. Regularly updating and reviewing these policies ensures they remain relevant and effective in the face of evolving threats. Leveraging External Support No project is an island; the broader open-source community offers resources and support. Foundations like The Linux Foundation and OpenJS Foundation can provide valuable assistance and technical resources. These organizations can offer guidance and security reviews and help coordinate responses to security incidents. Alpha-Omega and Sovereign Tech Fund provide financial and technical support tailored explicitly toward strengthening the security of open-source projects. Participating projects gain access to funding and expertise by joining these programs, significantly boosting their defensive capacities. Fostering Vigilance To guard against social engineering attacks, open-source communities should create an atmosphere of vigilance. Communication channels must remain open between maintainers and contributors while encouraging transparency among contributors. Creating an atmosphere where maintainers and contributors feel comfortable reporting suspicious activities can help detect and mitigate threats early. Training and awareness programs also play a vital role in keepingprojects secure. Informing maintainers and contributors about social engineering attacks, their signature tactics, and how to recognize them can significantly bolster project defenses. Regular security training sessions consider these risks and prepare everyone involved if suspicious activities emerge. Our Final Thoughts on These Warnings Open-source communities' collaborative nature is their greatest strength and weakness, creating opportunities and risks. As social engineering attacks become more sophisticated, Linux security admins must take proactive measures to safeguard their projects against takeover attempts by recognizing suspicious activity, strengthening authentication and access controls , assuring code integrity, and enlisting external support to decrease takeover risk. Through vigilance, transparency, and community collaboration, the integrity and security of open-source projects can be maintained to ensure they continue to flourish and innovate over time. The joint alert from OpenSSF and OpenJS Foundation is an essential reminder that while the collaborative spirit of open-source projects is invaluable, their security must also be protected with robust measures and proactive approaches. By adopting these best practices, Linux security admins can ensure their projects remain safe from current and emerging digital threats. What measures are you taking to secure your open-source projects? Reach out to us @lnxsec and let us know! . Manipulation tactics target community-driven software; implement effective measures to strengthen defenses and resilience.. Open Source Security, Social Engineering Threats, Security Practices, Code Integrity, Community Collaboration. . Brittany Day
Jan 15, 2025
•
Security Trends
209
software developmentauthenticationmalicious attacksEnhancing Software Security: The Role of Code Signing Solutions
Code integrity and authenticity are crucial in today's continuous and rapid momentum in software development. This is where code signing becomes highly relevant in dealing with such challenges. As per LinuxSecurity’s Linux news , the critical point behind code signing is using cryptographic signatures, which enable software origin authorization and ensure integrity. . This means developers can prove the authenticity of their software using a code-signing certificate issued by a trusted Certificate Authority, culminating in users' increased confidence and protection against malicious activities. To help you understand how code signing solutions could benefit your development efforts, I’ll explain in more depth what it is, its notable benefits, and the future of code signing heading into 2025. Understanding Code Signing First, to understand why code signing is important, one must know how it works. A developer who signs his code uses a private key; therefore, the unique digital signature has its corresponding public key so that a secure bond will validate certain things about origin and integrity. Certificate Authorities are significant here; they verify the identity of the code-signing source and link it with a code-signing certificate. Under the system of public-private keys, forging such a signature would be very difficult since it can only be signed by its rightful owner. Code signing is not something that can be taken lightly. According to the Cybersecurity and Infrastructure Security Agency, it forms a core component in securing the software supply chain. With the increasing incidence of cyber threats, there is a need to ensure that software is protected from tampering and malicious use. A single compromised piece of software can lead to significant security breaches, translating into loss and damage to reputation. Key Advantages of Code Signing Solutions Code signing solutions offer several notable advantages, including: Code Authentication A significant advantage ofcode signing is the authentication of the code. In other words, signing code provides developers a means of letting users make sure the software they are using is from an authentic source. This applies to our world, where many counterfeit applications pretend to be something else, such as malware masquerading as genuine software. A user will, therefore, view this signature and know whether or not it has been tampered with since its creation. According to an IBM study, human error accounts for 95% of cybersecurity incidents. This raises some very serious reasons why robust security measures, such as code signing, must be in place to ensure that software is authenticated and prevent developers and users from falling foul of malicious downloads and phishing attacks. Software Author Verification Beyond authentication, code signing provides the potential for software author validation. With software author validation, the recipient can validate who the developer or organization behind the software is. A good CA ensures that a developer's identity is checked and attests to the valid public key paired with the code-signing certificate. This instills confidence in users who are uncertain about downloading software from unknown sources. This is especially important in finance and healthcare because those industries have strict compliance and regulatory standards. For example, businesses that operate in regulated sectors, like HIPAA and PCI DSS , must consider proving the authenticity and integrity of a software update essential to remaining compliant. Cryptographic Protection Another major advantage of code signing is its ability to provide cryptographic protection. While carrying out code signing, it is not a question of mere origin; integrity must be ascertained. After being signed, the code must not incur any alteration whatsoever, or the digital signature will fail, which will warn users that tampering might have occurred and is likely to occur. The mechanisms conducted in such manners areessentially cryptographic and thus provide grounds for protection against attacks, particularly those against targets meant to introduce vulnerabilities into software. Moreover, cyber threats are becoming more sophisticated, demanding robust cryptography measures. From ransomware to supply chain attacks , organizations are in danger. Code signing is a substantial barrier in that direction, ensuring only verified code runs in user environments. The Changing Threat Landscape The techniques of the malicious actors themselves are as varied as their threats. One of those methods is how modern-day hackers tamper with code-signing certificates. An attacker with enough privileges could use a private key and certificate to sign code that appears to originate from another trusted source for both users and security systems. As it would be, in one fell swoop, this tactic fools users and security systems into allowing malware to bypass traditional defenses. Code-signing certificates have been central to several high-profile breaches in recent years, including when an attacker signed malware with a pilfered code-signing certificate and spread it as legitimate software, infecting widespread numbers of corporate networks. CISA has revealed that compromised code-signing certificates have been the focus of some significant security breaches lately, underlining the critical need for serious security measures by the developers and organizations issuing the code. Enforcing Strong Code Signing Practices Developers must consider stringent code-signing practices due to the current state-of-the-art threats they face. One effective strategy is using hardware security modules or another secure cryptographic device to protect private keys. By using HSMs, keys are managed in a highly secure environment, thereby reducing unauthorized access and misuse of these keys. Furthermore, periodic updating and monitoring of code-signing certificates help highlight unauthorized use, thereby revealing possible breaches.Proactively managing the certificate will significantly raise an organization's security posture by establishing a practice that periodically audits your certificate inventory. The Future of Code Signing Signing solutions will become paramount as the software development landscape changes. Cloud computing has made integrity in software an important affair for today and the future, especially with the reliance on third-party libraries. Developers should be more vigilant about keeping their code safe from potential threats since the repercussions of a security breach can be intense. Also, the global code signing certificate market will exhibit high growth shortly due to growing awareness among organizations and individuals about cybersecurity risks and the need for security in software distribution. Studies carried out by various research firms indicate that this continuous growth represents a part of the trend of adopting advanced security measures in various industries. Our Final Thoughts on the Central Role of Code Signing Solutions in Modern Linux Security Strategies Over the past few years, code signing has emerged as a standard software development process. It primarily ensures application integrity and authenticity. By signing code, developers provide users with tangible assurance of application legitimacy. That trust is significant in this day and age of malware camouflaging itself as real applications. When end-users see a verified code-signing certificate, they know it's a software engagement with which they can confidently move forward, knowing it hasn't been tampered with and comes from a trusted source. This trust gives you a safe software ecosystem, especially when a security breach has enormous ramifications. Another critical role of code signing is identifying the authenticity of software authors. This helps gain users' trust and considerably reduces counterfeit application risks. In a world where cybercriminals adopt the most deceitful methods to spread malware, knowingwho develops the applications will be imperative. Code signing associates software with the right creator to protect users from such threats. This helps users avoid downloading malicious software that may compromise the system's security, promoting a safe cyber experience. With ever-increasing cyber threats, code signing has become very important, and every developer and organization must follow this practice for robust security. Let us know @lnxsec how you're using code signing to strengthen the security of your software development! . Developers prove software authenticity with code-signing certificates, enhancing user trust and security against threats.. integrity, authenticity, crucial, today', continuous, rapid, momentum, software. . Brittany Day
Nov 01, 2024
•
Security Trends
83
security advisorycyber threatsGentoo LinuxGentoo Linux Server Attack: Code Remains Secure Amid Breach
In the latest of what is becoming a string of high-profile attacks on Linux, someone broke into one of the servers used to distribute versions of Gentoo Linux on Tuesday. Officials at Gentoo Technologies Inc. on Wednesday posted a message in . . . . In the latest of what is becoming a string of high-profile attacks on Linux, someone broke into one of the servers used to distribute versions of Gentoo Linux on Tuesday. Officials at Gentoo Technologies Inc. on Wednesday posted a message in the company's online forums detailing the attack. The executives sought to reassure users and said they don't believe that the code stored on the server was affected by the compromise. The server is owned by a third party, which uses it to perform other tasks in addition to storing the Gentoo code. The link for this article located at EWeek is no longer available. . In the latest of what is becoming a string of high-profile attacks on Linux, someone broke into one . latest, becoming, string, high-profile, attacks, linux, someone, broke. . LinuxSecurity.com Team
Dec 04, 2003
•
Hacks/Cracks
83
security advisorysecurity threatLinux kernelLinux Kernel Back Door Attempt: Code Integrity Breach Detected
In a post earlier today to the Linux kernel mailing list, BitMover founder Larry McVoy [interview] commented, "Somebody has modified the CVS tree on kernel.bkbits.net directly. Dave looked at the machine and it looked like someone may have been trying to . . . . In a post earlier today to the Linux kernel mailing list, BitMover founder Larry McVoy [interview] commented, "Somebody has modified the CVS tree on kernel.bkbits.net directly. Dave looked at the machine and it looked like someone may have been trying to break in and do it." The modified file was 'kernel/exit.c', modified directly on the CVS mirror of the 2.6-test development kernel tree [forum]. The CVS logs erroneously "credited" kernel hacker David Miller for the changes. Examining the two lines of inserted code a little closer, it became quite apparent that this was a blatent attempt to insert a back door into the Linux kernel that could have been used to illegitimately become the 'root' superuser on a Linux server. Andreas Dilger pointed out that had the change gone undetected "it might have taken a good while to find". Linux creator Linus Torvalds was quick to point out that the distributed design of BitKeeper helps to make it a fairly secure solution. In describing the reasons why, he said, "One of them is that if somebody were to actually access the BK trees directly, that would be noticed immediately: when I push to the places I export from, the push itself would fail due to having an unexpected changeset in the target that I don't have on my local tree." He went on to add, "I think it's telling that it was the CVS tree and not the BK tree that somebody tried to corrupt." The link for this article located at KernelTrap is no longer available. . An alarming breach was identified within the Linux kernel's repository, exposing critical flaws in its security architecture.. Linux Kernel Breach, Backdoor Security Threat, Code Modification, CVS Integrity Issue. . LinuxSecurity.com Team
Nov 06, 2003
•
Hacks/Cracks
79
network securitymalwareopen sourceProtecting Open Source Tools From Trojans With MD5 Hashes
Experts say the insertion of Trojans into two popular tools reinforces the need to run readily available programs, such as MD5 hashes, to ensure that code hasn't been altered. Experts recommend using MD5 hashes to expose Trojans. This and similar programs, such as MD4, SHA and SHA-1, continually compare codes generated by "healthy" software to hashes of programs in the field.. . .. Experts say the insertion of Trojans into two popular tools reinforces the need to run readily available programs, such as MD5 hashes, to ensure that code hasn't been altered. Experts recommend using MD5 hashes to expose Trojans. This and similar programs, such as MD4, SHA and SHA-1, continually compare codes generated by "healthy" software to hashes of programs in the field. A warning flag is raised if the codes don't match, says Dave Wreski, corporate manager of Guardian Digital, an open-source security software vendor. Though it can't be called an epidemic, Trojans are showing up more often in open source programming. There have been "two or three incidents in the last year, as far as I am aware--up from one every few years a few years ago," says Fred Cohen, principal of security consultancy Fred Cohen & Associates. A recent CERT advisory warned crackers had inserted Trojans into the source code for tcpdump, a utility that monitors network traffic, and libpcap, a packet capture library tool. Both had been available at tcpdump.org since Nov. 11. Though taken offline Nov. 13, it's unknown how many sites had mirrored the bad code. The Trojans can enable remote code execution. The link for this article located at InfoSecurity Magazine is no longer available. . Analysts indicate the increase of malware in widely-used applications highlights the necessity of confirming software authenticity through SHA-256 checksums.. Open Source Trojans, Code Integrity, Malware Threats. . LinuxSecurity.com Team
Nov 25, 2002
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More