Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 7 articles for you...
83
cyber threatssecurity practicesnetwork monitoringSalt Typhoon Threat: Credential Management and Network Defense Strategies
Recent reports have revealed a sophisticated intrusion campaign conducted by Salt Typhoon, targeting major U.S. telecommunications providers. To safeguard against this emerging threat, Linux admins must understand Salt Typhoon's malicious methods: using stolen credentials, living-off-the-land techniques, and consistently changing network configurations to avoid detection while expanding access. . These tactics stress the importance of rigorous credential management practices, such as disabling unnecessary utilities and conducting regular configuration audits to protect networks against Salt Typhoon. Let's examine Salt Typhoon's attack methods in greater depth and discuss practical detection and prevention measures you can implement to safeguard your Linux environment. Credential Use and Expansion The Salt Typhoon group's recent increase in cyber intrusion activity has been a cause of alarm among the cybersecurity community and U.S. telecommunications providers. This threat actor excels at using valid stolen credentials to gain entry to key network infrastructure, further expanding their reach by gathering more credentials from network configurations. Doing so helps solidify their hold on networks once an initial breach occurs, making extrication increasingly difficult. To prevent credential management abuse and to mitigate this particular threat, it is vitally important that security admins engage in reliable credential management practices. This includes creating and using strong, unique passwords across users and systems, as well as updating them regularly and adding multi-factor authentication whenever feasible to add another layer of protection. Furthermore, consistent and proactive monitoring for unauthorized access attempts is imperative. Monitoring access logs and setting alerts can quickly identify and isolate potential breaches before they escalate further. Living-off-the-Land (LOTL) Techniques Salt Typhoon stands out by using living-off-the-land (LOTL) techniques toexploit existing legitimate tools and utilities within compromised networks, such as command line utilities, network management tools, or scripting environments already present on these systems. By doing this, they can minimize their footprint while remaining undetected by traditional detection mechanisms, allowing them to conduct malicious activities without raising immediate red flags. Administrators can counter these tactics by regularly reviewing and updating their network configurations, with an eye toward disabling unnecessary tools or services that could be exploited. Understanding which tools should run on each network device and then disabling or removing those that are unnecessary is key. Regular audits of system configurations and real-time monitoring will assist administrators in detecting and preventing LOTL techniques used in campaigns like Salt Typhoon. Infrastructure Pivoting and Persistence One of the hallmarks of the Salt Typhoon campaign is its persistent movement through compromised infrastructure. Once inside a network, an attacker meticulously modifies configurations and creates multiple access points to maintain control for extended periods. This technique allows the attackers to operate undetected, continuously siphoning data or planning new exploits. Implementing stringent network segmentation measures is key to mitigating persistent threats. like Salt Typhoon. breaking up a large network into separate and isolated segments, security teams can limit an attacker's lateral movement. Conducting thorough configuration audits regularly is also necessary. These audits should identify any unauthorized changes that might signal an attacker's presence on your network. Monitoring devices for sudden configuration changes can detect malicious activities quickly and respond swiftly to these activities. Recommendations for Detection and Prevention Protecting network infrastructure against sophisticated threat actors like Salt Typhoon requires an aggressive and comprehensiveapproach. Our recommendations for detection and prevention include robust configuration management, enhanced monitoring, and in-depth traffic analysis, as these are designed to detect early signs of compromise and stop attackers from reaching their goals. Robust Configuration Management and Auditing Security teams should undertake network device configuration audits regularly. They should check for unapproved changes such as AAA (Authentication, Authorization, and Accounting) configurations, loopback IP addresses, or newly created local accounts that could serve as targets for attackers looking to penetrate networks further. Adopting the principle of least privilege is also an integral security practice. Only users who need access to critical network devices should have it, minimizing opportunities for compromised accounts to be exploited by threat actors. Strong password policies and widespread multifactor authentication measures will significantly increase threat actors' difficulty in gaining and maintaining access. Enhanced Monitoring and Logging Effective detection relies on closely monitoring the syslog and AAA logs for any unusual activities or configuration changes that could indicate potential attacks and log changes. Modifying bash_history, auth.log, lastlog, wtmp, or btmp could indicate an attacker's attempt to cover up their tracks. Integrity logging across all network devices is vitally important. Automated systems can detect log tampering or gaps in logging data - often signs of malicious activity - while regularly checking for non-empty or unusually large.bash_history files may reveal evidence of illicit scripts being run. Network Traffic Analysis Establishing visibility of network traffic is essential to identifying and mitigating network threats. Utilizing tools like NetFlow for traffic analysis, port scanning, and monitoring for unusual volumetric changes are all helpful in pinpointing suspicious network activities. Profiling network devices to detect any changes,such as new ports opening, closing, or traffic patterns, could give early indications of breaches in security systems. Implementing stringent Access Control Lists (ACLs) is crucial to restricting unauthorized access and movement within a network, with regular monitoring for violations helping identify security gaps and address them quickly. Network segmentation helps contain threats more effectively by compartmentalizing potentially compromised sections into separate segments. Patching known vulnerabilities is also key to maintaining an effective security posture against threats like Salt Typhoon. Our Final Thoughts on Mitigating Salt Typhoon's Threat to Your Linux Environment Salt Typhoon's tactics demonstrate the necessity of adopting an integrated network security approach. From advanced credential management and disabling unneeded tools to network segmentation and ongoing configuration audits, Linux security administrators possess several strategies to prevent sophisticated intrusions from taking hold. By prioritizing such actions and cultivating a culture dedicated to security, network defenders can gain the upper hand against even persistent and skilled threat actors. Ultimately, vigilance, continuous improvement, and proactive mitigation are key in protecting critical network infrastructures from stealthy cyber threats like Salt Typhoon. . To combat threats like Salt Typhoon effectively, organizations should implement strong credential management, robust activity monitoring, and proper network segmentation to enhance security.. Cyber Intrusion Detection, Credential Management Techniques, Network Security Practices, Salt Typhoon Threat, LOtl Mitigation Techniques. . Brittany Day
Feb 24, 2025
•
Hacks/Cracks
83
security breachcyber intrusiongovernment securityWhite House Cyber Intrusion: Russian Hackers Access Sensitive Information
Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation. . While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president's schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say. The link for this article located at CNN is no longer available. . While the White House has said the breach only affected an unclassified system, that description bel. russian, hackers, behind, damaging, cyber, intrusion, state, department, recent, months. . LinuxSecurity.com Team
Apr 10, 2015
•
Hacks/Cracks
83
cyber intrusiondata theftIsraeli defenseCyber Intrusions' Effect on Israeli Defense Contractors
Three Israeli defense contractors responsible for building the . The never-before publicized intrusions, which occurred between 2011 and 2012, illustrate the continued challenges that defense contractors and other companies face in deterring organized cyber adversaries and preventing the theft of proprietary information. The link for this article located at Krebs on Security is no longer available. . The never-before publicized intrusions, which occurred between 2011 and 2012, illustrate the continu. three, israeli, defense, contractors, responsible, building, never-before, publicized, intrusion. . LinuxSecurity.com Team
Jul 29, 2014
•
Hacks/Cracks
81
cyber intrusionsecurity incidentdigital surveillanceGerman Police Breach: Father’s Failed Spy Tactics on Daughter
An infiltration of a German federal security system last year has been traced back to a botched attempt by an unnamed security official to use a Trojan to monitor his daughter's internet usage, Der Spiegel reports. . According to the report, a hacker friend of the young woman found the spyware on her machine before hacking into her father's machine, supposedly as payback for the privacy intrusion. The girl's friend discovered a cache of security-related emails on the father's machine; according to the report, the policeman had diverted official emails to his private computer. This allowed his daughter's pal to infiltrate a German police system The link for this article located at The Register UK is no longer available. . Incursion event underscores a parent's failed monitoring effort and its grave consequences.. privacy concerns, cybersecurity incident, digital security, family conflict, botnet intrusion. . LinuxSecurity.com Team
Jan 10, 2012
•
Privacy
82
cyber intrusioncyber defenseddos attackNorth Korean DDoS Attacks: March 2023 Examination and Future Risks
The cyber attacks that paralyzed a handful of major South Korean websites earlier this year were almost certainly carried out by North Korea or parties allied with the country, computer security company McAfee said Tuesday in a report.. The company's analysis, carried out with the help of the South Korean and U.S. governments, is one of the most thorough yet published on the March attacks, and details how they were carried out, and why they were so difficult to counter. In investigating the incident, the report draws clear parallels with a similar attack that knocked South Korean and U.S. websites offline in 2009 and comes to an unsettling conclusion: the attacks were likely designed to test South Korea's cyber defense and response, and could be the prelude of a much larger attack in the future. The link for this article located at Network World is no longer available. . The company's analysis, carried out with the help of the South Korean and U.S. governments, is one o. cyber, attacks, paralyzed, handful, major, south, korean, websites, earlier. . Alex
Jul 06, 2011
•
Government
83
data breachcyber intrusionethical hackingHBGary Federal Data Leak: Anonymous Cyber Intrusion and Ethical Issues
Even as the FBI was conducting its ongoing campaign of surveillance and armed raids against those of us involved in the Anonymous activist collective, that and other "law enforcement" agencies were simultaneously providing resources and work opportunities to a collection of federal contractors, which were themselves engaged in a variety of reckless and unethical activities to which they are now being held to account by the press, if not the government. . Anyone who had written up such a situation as fiction would rightfully be thrown out of a publisher's office for having produced a work of fiction with such a ludicrous plot. On the Saturday before last, an article appeared in Financial Times in which a certain Aaron Barr, head of US federal contractor HBGary Federal, claimed to have identified by name what he termed Anonymous's "leadership". We responded with a press release conceding defeat. The next day, our hackers infiltrated Barr's personal data as well as that of HBGary Federal and its parent company HBGary, thereafter releasing tens of thousands of company emails, as well as the very document that Barr had planned to sell to the FBI The link for this article located at The Guardian is no longer available. . Delve into the intricacies of Anonymous's penetration into a governmental contractor, uncovering data breaches and moral quandaries.. Anonymous Hacking,Federal Contractor Breach,Ethical Hacking Techniques,Data Privacy Issues,Hacker Tactics. . LinuxSecurity.com Team
Feb 18, 2011
•
Hacks/Cracks
83
Ciscocyber intrusionNASASwedish Man Indicted For Cisco And NASA Hack: Trade Secret Theft
I found this indictment particularly interesting because it reaches across to another country, so there must have been substantial coordination with foreign authorities. A federal grand jury has indicted a Swedish man for allegedly hacking into networks at Cisco Systems and NASA. According to news reports, Philip Gabriel Pettersson, a 21-year-old man known as "Stakkato," faces five counts of intrusion and trade secret theft. He's accused of stealing programming information. . Each count of intrusion and theft of trade secrets carries a maximum penalty of 10 years in prison, three years of supervised release, and a $250,000 fine. The indictment alleges that on two occasions, Pettersson unlawfully gained access to computers at the Ames Research Center and the NASA Advanced Supercomputing Division at Moffett Field, Calif. It also accuses him of breaking into the Cisco internal network and stealing some Cisco Internetwork Operating System code. The link at DarkReading is no longer available. . An individual from Sweden charged with breaching systems of Cisco and NASA, confronting grave allegations related to the theft of proprietary information and potential incarceration.. Swedish Hacker, Cisco Breach, NASA Hack, Cyber Intrusion, Trade Secrets. . LinuxSecurity.com Team
May 12, 2009
•
Hacks/Cracks
83
security advisorydata breachincident responseState Department Investigates Cyber Intrusion in East Asia Region
The State Department is investigating an intruder breaking into unclassified department IT systems, starting with embassies and offices in the East Asia/Pacific region and migrating to department headquarters. . State cybersecurity personnel took immediate steps when they detected the intrusion, and initial findings show that they prevented any loss of sensitive U.S. government information, a State spokesman said. When first detected, the intruder was at a location containing a small amount of data. The link for this article located at GCN.com is no longer available. . Federal cybersecurity units acted promptly to address a breach within non-classified IT infrastructures, guaranteeing that no confidential information was compromised.. Incident Response, Cyber Intrusion, State Department Security. . LinuxSecurity.com Team
Jul 13, 2006
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More