Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Ahead With Linux Security News

14.Lock Code WorldMap Esm H350
Network SecurityPrice Tag 1system security Linux network

The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
1 min read Network Security
2.Motherboard Esm H350
Server SecurityPrice Tag 1open-source Linux administration

Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
3 - 6 min read Server Security
20.Lock AbstractDigital Circular Esm H350
Vendors/ProductsPrice Tag 1security breach linux

A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
5 - 10 min read Vendors/Products
30.Lock Globe Motherboard Esm H350
Security Trends Price Tag 1access control multi-tenant

Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
4 - 8 min read Security Trends
5.ShakingHands Esm H350
Vendors/ProductsPrice Tag 1incident response cloud security

Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
4 - 7 min read Vendors/Products
Filter Icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -1 articles for you...
210
13.Lock StylizedMotherboard Esm H240
Price Tag 1privilege escalationthreat mitigationcritical vulnerability

Polkit CVE-2021-4034 Critical Level: Escalation Threat Overview

Here's everything you need to know about the CVE-2021-4034 Polkit privilege escalation vulnerability in the Linux kernel. . Linux is widely known as a highly secure operating system. However, like any other system software, it too can fall prey to loopholes and exploits, the worst of which are privilege escalation vulnerabilities that allow an adversary to elevate their permissions and potentially take over an entire organization. Polkit CVE-2021-4034 is a critical privilege escalation vulnerability that has gone unnoticed for over 12 years and affects all major Linux distributions. It is so devastating that a criticality rating of 8 was issued to the vulnerability. So, what exactly is Polkit CVE-2021-4034, and how can you fix it? Polkit privilege escalation vulnerability weaponizes pkexec , an executable part of the PolicyKit component of Linux. pkexec is an executable that allows a user to execute commands as another user. The pkexec source code had loopholes that anyone could exploit to gain maximum privileges on a Linux system, i.e., become the root user. This bug has been termed "Pwnkit" and is being tracked as CVE-2021-4034. . CVE-2021-4034 highlights a major vulnerability in Polkit, which manages Linux privileges. Learn how this flaw can be exploited and discover ways to mitigate this risk. polkit security, privilege escalation, linux vulnerabilities, threat mitigation, critical linux vulnerabilities. . Brittany Day

Calendar 2 Jan 02, 2023 User Avatar Brittany Day Security Vulnerabilities
78
General Esm H240
Price Tag 1security advisorysecurity patchcritical vulnerability

Firefox 3.6.3 Critical Patch: Fast Response to Browser Exploit

Seems like Pwn2Own is getting a reputation for uncovering some pretty nasty browser based vulnerabilities, once again this year Firefox, Safari and IE8 were all broken wide open. The latest development is Mozilla has beaten both Microsoft and Apple to the punch and released Firefox 3.6.3 patching the vulnerability.. Again it was a critical vulnerability and the creator netted himself $10,000 from the contest for the exploit. Pretty fast patching from Firefox though with an 8 day turnaround, and the vulnerability is only on Firefox 3.6.x not 3.5.x in its current state. Mozilla late yesterday patched a critical Firefox vulnerability used by a German researcher to win $10,000 for hacking the open-source browser at last week The link for this article located at Darknet is no longer available. . Google urgently fixes severe Chrome vulnerability, demonstrating swift action in web browser safety.. Firefox Patch,Browsing Safety,Open Source Response. . LinuxSecurity.com Team

Calendar 2 Apr 05, 2010 User Avatar LinuxSecurity.com Team Vendors/Products
Banner 3 1028x280 1708121785 1771599793
83
General Esm H240
Price Tag 1security issuecritical vulnerabilityfortify analysis

Critical Vulnerabilities Found By Fortify In Open Source Software

Fortify Software announced that Fortify. The link for this article located at LinuxLookup is no longer available. . The link for this article located at LinuxLookup is no longer available.. fortify, software, announced, article, located, linuxlookup, longe. . LinuxSecurity.com Team

Calendar 2 Oct 12, 2007 User Avatar LinuxSecurity.com Team Hacks/Cracks
74
General Esm H240
Price Tag 1security advisorydenial of serviceremote access

CVS Software Remote Access Risk Advisory: Critical Vulnerability Identified

THE CERT COORDINATION Center (CERT/CC) security organization has warned of a critical vulnerability in the widely used Concurrent Versions System (CVS) software that could enable an unauthenticated remote attacker with read-only access to execute arbitrary code, alter program operation, read sensitive information, or cause a denial of service to servers. . . .. THE CERT COORDINATION Center (CERT/CC) security organization has warned of a critical vulnerability in the widely used Concurrent Versions System (CVS) software that could enable an unauthenticated remote attacker with read-only access to execute arbitrary code, alter program operation, read sensitive information, or cause a denial of service to servers. CVS is used by teams of software developers to coordinate their code writing and to maintain a single standard view of the development process to all team members. It runs on several proprietary variants of Unix and on the open-source Linux OS. It is a key tool for the open-source development community, and has been used in large-scale developments such as the Mozilla browser, the Python programming language, some versions of Linux such as ARM Linux, the freeDOS operating system, and a Palm OS emulator. The link for this article located at IDG.net is no longer available. . The Cybersecurity Incident Response Team issued an urgent notice regarding a flaw in the XYZ application that allows for unintended data exposure.. Critical Flaw,CVS Software,Remote Access Risk,Security Advisory. . Anthony Pell

Calendar 2 Jan 24, 2003 User Avatar Anthony Pell Network Security
Banner 3 1028x280 1708121785 1771599793
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here