Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
215
security advisorycritical threatconfiguration issueX.Org Server CVE-2023-0494 Critical Local Escalation Threat
The X.Org Server, a commonly used component to the Linux desktop, keeps on giving when it comes to security vulnerabilities with its massive, aging, and ill-maintained code-base. Disclosed on Monday night was CVE-2023-0494 as the latest security advisory and another discovery by the Trend Micro Zero Day Initiative. . CVE-2023-0494 entails local privilege elevation on systems where the X.Org Server is privileged and remote code execution is supported for SSH X forwarding sessions. Thankfully for many modern X.Org Server environments these days, the X.Org Server is no longer run as root / elevated privileges but for older systems and in other select configurations unfortunately remains running in such a vulnerable configuration. The CVE-2023-0494 vulnerability involves a use-after-free condition within DeepCopyPointerClasses for allowing reading and writing to freed memory via ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo(). The link for this article located at Phoronix is no longer available. . CVE-2023-0495 leads to unauthorized access in OpenSSH installations under certain conditions.. X.Org Server, Local Escalation, Security Threat. . Brittany Day
Feb 22, 2023
•
Desktop Security
74
security advisorycyber attackconfiguration issueCybersecurity Threats: Configuration Issues Risking Industrial Networks
Despite the fact that so many aspects of a modern society rely on the proper and uninterrupted operations of critical infrastructure, security flaws across many industrial control systems (ICSs) are largely vulnerable to cyber-attacks.. An attack on industrial organizations' networks could result in major disruptions, yet a new research report from Positive Technologies found that configuration flaws can allow an attacker to gain control over servers with relative ease. The link for this article located at InfoSecurity is no longer available. . A breach in the digital frameworks of manufacturing entities may lead to significant interruptions, even with the present vulnerabilities identified.. Industrial Control System Risks, Network Security Flaws, Cyber Attack Vulnerabilities. . Brittany Day
May 07, 2018
•
Network Security
83
security advisoryapacheremote accessApache Web Server: Rewrite Rule Configuration Issue Allows Remote Access
Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. The mod_rewrite rewrite engine ensures that requests are distributed across different servers according to definable rules, for example, in order to balance loads or to separate dynamic and static content. . This configuration is also called a reverse proxy. In certain circumstances, an @ sign within a request can cause the rewrite rules to resolve URLs incorrectly, allowing attackers to specify arbitrary hosts. The link for this article located at H Security is no longer available. . Uncover the way an exploit in the settings of the Nginx web server can provide malicious individuals with unauthorized entry to local systems.. Apache Security, Configuration Risk, Internal Server Access, Web Vulnerability. . LinuxSecurity.com Team
Oct 06, 2011
•
Hacks/Cracks
74
security advisorycriticalApacheApache 2011: Critical Reverse Proxy Threat By Context Information Security
Apache releases security advisory following discovery of back door threat by researchers at Context Information Security. October 6th 2011 - The Apache Software Foundation yesterday issued an advisory to all of its customers following the identification by researchers at UK-based Context Information Security of a new class of security vulnerability that could allow hackers to gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies. Context alerted Apache to the weakness last month and has today published a blog detailing this new class of attack that it believes is likely to affect other web servers and proxies. The blog also provides advice to mitigate the risks: https://www.accenture.com/us-en Reverse proxies are used to route external HTTP and HTTPS web requests to one of several internal web servers to access data and resources. Typical applications include load balancing, separating static from dynamic content, or to present a single interface to a number of different web servers at different paths. While other proxies may suffer from the same vulnerability, the specific attack identified by Context researchers was based on an Apache web server using the mod_rewrite proxy function, which uses a rule-based rewriting engine to modify and rewrite web requests dynamically. When the web proxies had not been configured securely, Context was able to use an easy-to-obtain hacking tool in order to force a change in the request to access internal or DMZ systems, including administration interfaces on firewalls, routers, web servers and databases. And if credentials on internal systems were weak, a full network compromise was possible including uploading Trojan WAR files to a server. The vulnerability can easily be mitigated by checking reverse proxy configurations to ensure that the rewrite rules cannot be abused to allow for the URLs to be rewritten in such a way that they can access internal systems. Context has also released the latest version of itsfree to download Context Application Tool (CAT) designed to deliver manual web application penetration testing that can be used to identify the vulnerability. The difference between the two rules can be as simple as adding an extra slash, which ensures that Apache does not interpret the domain and port parts of the request as a username and password. For example, if the Apache configuration file is configured like this: RewriteRule ^(.*) [P], and not like this: RewriteRule ^(.*) [P], then access from the internet to any internal system is possible. In its advisory to customers, Apache recommends that Apache HTTPD users should examine their configuration files to determine if they have used an insecure configuration for reverse proxying. The full Apache response can be viewed at Full Disclosure: Apache HTTP Server: mod_proxy reverse proxy exposure (CVE-2011-3368) "This latest vulnerability present is a potential back door to sensitive internal or DMZ systems but is totally avoidable if the reverse proxies are properly configured," said Michael Jordon, Research and Development Manger at Context Information Security. "We have not investigated other web servers and proxies but it is reasonable to assume that the problem is more widespread." Full details of the reverse proxy bypass vulnerability with link to download the free Context Application Tool are published on the Context web site at https://www.accenture.com/gb-en/services/cybersecurity About Context Context Information Security is an independent security consultancy specialising in both technical security and information assurance services. Founded in 1998, the company. Apache has published a security notice regarding a vulnerability related to reverse proxy bypass, which was uncovered by Context Information Security.. Apache Security, Reverse Proxy Threat, Configuration Issues, Web Server Security. . Anthony Pell
Oct 06, 2011
•
Network Security
78
security advisorycode executioncritical updateOpera 11.01: Essential Update Addressing Code Execution Vulnerability
The new version of the Opera web browser closes the critical hole that was reported early this week; this vulnerability allows attackers to gain control of a computer. The problem was caused by a flaw in the code for processing HTML documents which contain select elements with a large number of child elements. . In combination with further tricks, this flaw allows arbitrary code to be injected and executed. The vulnerability affects not only the Windows version, but also those for Mac and Unix, and has been closed in all versions. The updates for all operating systems also correct a browser configuration click-jacking vulnerability and a another that allows web pages to read out local files. The link for this article located at H Security is no longer available. . A severe vulnerability in the Opera web browser enables remote code execution. Patches are now accessible for compromised versions.. Opera Browser Security, Code Execution Flaw, Critical Update. . LinuxSecurity.com Team
Jan 27, 2011
•
Vendors/Products
74
security risksconfiguration issuedata theftBluetooth Risks: Data Theft From Poorly Configured Gadgets
A new software tool could allow sensitive data could be pilfered through the air from laptops, mobile phones and handheld computers. An eavesdropper can use the program to identify nearby devices that use the Bluetooth wireless protocol. If the gadget's . . . . A new software tool could allow sensitive data could be pilfered through the air from laptops, mobile phones and handheld computers. An eavesdropper can use the program to identify nearby devices that use the Bluetooth wireless protocol. If the gadget's default security settings mean the device is unprotected, data can easily be stolen. Bluetooth connects devices within a range of 15 metres and is now a standard feature on many devices. Ollie Whitehouse, a UK-based researcher with computer security firm @Stake, created the tool "Red Fang", to highlight the potential dangers of running poorly configured Bluetooth gadgets. He says many people may be unaware that they have Bluetooth installed and that security features are often switched off. "If you're sitting on an intercity train, you're going to have a lot of people around for a long period of time," Whitehouse told New Scientist. "You could try and find their Bluetooth devices and hack into them." The link for this article located at NewScientist is no longer available. . An innovative application identifies vulnerabilities in Wi-Fi networks, making it easier for attackers to exploit unguarded connections.. Bluetooth Security, Data Theft Prevention, Wireless Device Risks. . Anthony Pell
Aug 12, 2003
•
Network Security
83
network securityIT managementsecurity flawFirewall Configuration Issues Lead to 50% Increase in Security Flaws
The number of flaws reported in firewalls have rocketed by nearly 50 per cent over the past four years because IT pros don't know how to configure them. A report by security testing specialist NTA Monitor found that flaws in firewalls . . . . The number of flaws reported in firewalls have rocketed by nearly 50 per cent over the past four years because IT pros don't know how to configure them. A report by security testing specialist NTA Monitor found that flaws in firewalls have increased by 45 per cent since 1998. The researchers said the holes, which occur mainly because of poor configuration and sloppy patching, could give hackers a way in to corporate networks. Companies have not learned how to install their firewalls properly, according to Roy Hills, technical director at NTA Monitor. He said: "Three years ago firewalls were relatively rare, only firms who really needed them had them - coupled with the expertise. "Nowadays there are so many companies who need firewalls because of the net. But they are not any easier to configure today than they were five years ago." But he did not put all the blame on users, adding that vendors have not made things easy. The link for this article located at Silcon is no longer available. . Incidents of vulnerabilities in network security systems have escalated by about 50% within the last four years, predominantly attributed to setup errors made by IT administrators.. Firewall Configuration, Security Risks, IT Management, Network Protection, Configuration Best Practices. . LinuxSecurity.com Team
Mar 28, 2002
•
Hacks/Cracks
77
security advisorysecurity patchroot accessSamba Security Advisory: Root Access Risk Fix and Interim Mitigation
A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. Until all vendors have released updates, there is an interim workaround available. . . .. A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. Until all vendors have released updates, there is an interim workaround available. IMPORTANT: Security bugfix for Samba ------------------------------------ June 23rd 2001 Summary ------- A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. The immediate fix is to edit your smb.conf configuration file and remove all occurances of the macro "%m". Replacing occurances of %m with %I is probably the best solution for most sites. Details ------- A remote attacker can use a netbios name containing unix path characters which will then be substituted into the %m macro wherever it occurs in smb.conf. This can be used to cause Samba to create a log file on top of an important system file, which in turn can be used to compromise security on the server. The most commonly used configuration option that can be vulnerable to this attack is the "log file" option. The default value for this option is VARDIR/log.smbd. If the default is used then Samba is not vulnerable to this attack. The security hole occurs when a log file option like the following is used: log file = /var/log/samba/%m.log In that case the attacker can use a locally created symbolic link to overwrite any file on the system. This requires local access to the server. If your Samba configuration has something like the following: log file = /var/log/samba/%m Then the attacker could successfully compromise your server remotely as no symbolic linkis required. This type of configuration is very rare. The most commonly used log file configuration containing %m is the distributed in the sample configuration file that comes with Samba: log file = /var/log/samba/log.%m in that case your machine is not vulnerable to this attack unless you happen to have a subdirectory in /var/log/samba/ which starts with the prefix "log." New Release ----------- While we recommend that vulnerable sites immediately change their smb.conf configuration file to prevent the attack we will also be making new releases of Samba within the next 24 hours to properly fix the problem. Please see for the new releases. Please report any attacks to the appropriate authority. The Samba Team
Jun 23, 2001
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More