Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 1 articles for you...
76
cybersecurity shiftconference insightscyber awarenessBlack Hat Europe: Insights on Cybersecurity Shift After Google Attacks
Opening the Black Hat Europe conference, founder Jeff Moss cited the 2010 attacks on Google as a point where attacks became more serious, as this enabled people in cybersecurity to “speak to a new audience.” . Looking back at 2018, Moss said that this year has felt like a new era with “new awareness.” Recalling the dot com boom and bust era, he explained that was when we put things on the internet and first began to realize the value of risk, and the rush to find security professionals “to protect before anything needed protecting.” The link for this article located at ZDNet is no longer available. . In a retrospective look at 2018, cybersecurity expert Jeff Moss emphasizes a notable change in public consciousness following the Google incident.. Cybersecurity Awareness, Google Attacks, Black Hat Conference. . Brittany Day
Dec 05, 2018
•
Organizations/Events
76
computer securityconference insightshistorical overviewUnderstanding Computer Security Evolution At DefCon Conferences
This week we have the DefCon 20 and Black Hat computer security conferences in Las Vegas -- reasons enough for me to do 2-3 columns about computer security. These columns will be heading in a direction I don. Computer criminals and vigilantes today topple companies and governments, but 20 years ago it was just kids, or seemed to be. I should know, because I was there -- the only reporter to attend Def Con 1. The link for this article located at Beta News is no longer available. . Computer criminals and vigilantes today topple companies and governments, but 20 years ago it was ju. defcon, black, computer, security, conferences, vegas, reasons. . Alex
Jul 31, 2013
•
Organizations/Events
83
security measuressecurity toolsvoip securityVoIP Security Insights From Black Hat Conference: Risks And Solutions
Businesses who switch over to internet telephony systems in a bid to slash telephony costs have been warned to guard against hacking attacks. The latest VoIP security threats and countermeasures were outlined at a presentation at the Black Hat security conference in Las Vegas on Wednesday. The talk, by security experts from SecureLogix and 3Com's Tipping Point security appliance division, was accompanied by the release of 13 new security tools. . The link for this article located at The Register is no longer available. . The link for this article located at The Register is no longer available.. telephony, businesses, switch, internet, systems, slash, costs. . LinuxSecurity.com Team
Aug 06, 2006
•
Hacks/Cracks
76
system administrationtoolssecurity trainingLISA '05 Conference: Discover Effective Security Techniques and Tools
The six-day LISA '05 training program includes 50 in-depth, immediately useful sessions on the latest techniques, effective tools, and best strategies for solving the toughest system administration challenges. The new Hit the Ground Running Track offers 15-minute talks that give a head start on the must-know topics in cutting-edge technologies including VoIP, SAN, configuration management, identity management, and network security. . New and improved peer interaction opportunities include Solve My Problem Boards where attendees can post questions and have them answered by peers. The link for this article located at PRNewswire is no longer available. . Uncover modern strategies and resources for proficient network management while engaging in collaborative discussions with fellow professionals.. System Administration, Security Techniques, Tools for Administrators. . Benjamin D. Thomas
Nov 10, 2005
•
Organizations/Events
83
conference insightsincident reportingvulnerability disclosureExploring Responsible Disclosure Practices at Stanford Conference
Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability.. . .. Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability. UK-based security researcher David Litchfield, of NGS Software, said he publicly swore off the practice after an exploit he released to demonstrate a hole in Microsoft's SQL Server became the template for January's grotesquely virulent Slammer worm. At Saturday's conference, held by the university's Center for Internet and Society, Litchfield said he wrestled with the moral issues for some time. "At the end of the day, part of my stuff, which was intended to educate, did something nefarious, and I don't want to be a part of that," said Litchfield, a prolific bug-finder. That kind of soul-searching is music to Microsoft's ears. The disclosure standards promulgated by the Organization for Internet Safety, an industry effort founded by Microsoft and handful of large security companies, require researchers to withhold any exploits from the public for at least 30 days following the first public advisory on a bug. But Redmond would like to see researchers abstain entirely, said Steve Lipner, the software-maker's director of security engineering strategy. "We prefer that finders wait beforereleasing exploit code, or, better, don't release exploit code," he said. "It's something where... we're trying to ask for cooperation, instead of something that we're trying to mandate or dictate." California-based security vendor eEye and the Polish white hat hacker group LSD -- both prodigious exploit publishers in the past -- have taken to withholding proof-of-concept code when disclosing serious security holes. The link for this article located at is no longer available. . Security pros gathering at a Stanford University Law School conference on responsible vulnerability . security, gathering, stanford, university, school, conference, responsible, vulnerability. . LinuxSecurity.com Team
Nov 24, 2003
•
Hacks/Cracks
74
network securityrisk managementattack mitigationDDoS Prevention Insights Gained from the NetSec 2000 Conference Events
This article discusses the recent NetSec 2000 conference, and provides suggestions as to how the risks from DDoS attacks can be mitigated. "When the attacker decided it was over, it was over," said Alex Wellen, a producer at . . . . This article discusses the recent NetSec 2000 conference, and provides suggestions as to how the risks from DDoS attacks can be mitigated. "When the attacker decided it was over, it was over," said Alex Wellen, a producer at ZDNet TV who spoke at a panel discussion at the NetSec 2000 computer security conference this week. Wellen and other panelists from Cisco Systems Inc. and Stanford University who have also weathered denial-of-service attacks offered lessons learned from the incidents and strategies for effective defense. The link for this article located at ComputerWorld is no longer available. . Join the NetSec 2000 conference to explore DDoS attack mitigation strategies through shared experiences and effective defense tactics from various organizations. DDoS Defense, Network Security, Risk Mitigation, NetSec 2000. . Anthony Pell
Jun 15, 2000
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More