Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 30 articles for you...
77
network securityrisk managementsecurity strategiesProtecting Linux Servers From TgRat Trojan Risks and Strategies
Recently, new information revealed by Doctor Web virus analysts has sent shockwaves through the cybersecurity world. It details a new cyber threat aimed specifically at Linux servers: the TgRat Trojan. This advanced Remote Access Trojan (RAT) is stealthier than its Windows equivalent, first seen in 2022. . To help you understand and protect against this emerging attack, I'll explain how TgRat works, who is at risk, and the defensive measures you can implement to secure your Linux servers. What Is TgRat & How Does It Operate? Dr. Web's team identified TgRat as a Trojan that utilizes the Telegram corporate messaging application as its target platform. Once it has infiltrated systems, TgRat uses Telegram bots to establish communication channels with each other, turning an everyday application into an instrument of cybercrime. Once infected, TgRat starts verifying its victim by comparing its hash against a predefined string. If it matches, TgRat activates, connects to the internet, and initiates contact with its Telegram-controlled command-and-control (C&C) server for control and communication purposes. The use of Telegram is particularly ingenious, as traffic to its servers is typically perceived as harmless and thus hides trojan activity. Attackers can then send commands to an infected system through private Telegram groups to complete various tasks, such as downloading and uploading files, running commands, or taking screenshots. Who Does This Threat Target? Organizations using Linux servers are at particular risk, especially if their network security measures do not actively monitor encrypted traffic or the execution of unrecognizable scripts. Telegram is a widely used app, so its data exchange could bypass traditional security frameworks unnoticed. Companies without rigorous endpoint protection or segmentation could be vulnerable to system infiltration if even one node is compromised and falls prey to widespread system infiltration. Defensive Strategies Against TgRat for LinuxAdmins To effectively defend against threats like TgRat, system admins should implement a multi-layered security plan. Below are steps you can take to protect Linux servers: Implement Strict Network Monitoring: For adequate network security, utilize intrusion detection systems (IDS) and intrusion prevention systems (IPS), with monitoring software configured to flag any potentially unwanted communication from known messaging platforms like Telegram. Regular Software Updates: To stay secure from trojans such as TgRat, keep all system software and dependencies updated . Updates often contain patches for security holes exploitable by these threats. Robust Encryption and Access Controls: Encryption alone may not protect against Trojan attacks, especially using encrypted channels like Telegram to send commands to computers and mobile phones. Implement strict access controls and use application whitelisting so only authorized scripts and processes can run. Comprehensive Antivirus Solutions: Employ reputable and up-to-date antivirus solutions capable of detecting known trojans and suspicious system behaviors related to unknown malware variants. Employee Education and Awareness: Since trojans may arrive through phishing attacks or social engineering techniques, raising employee awareness of unexpected links or attachments is one of the best defense mechanisms against trojans. Backup and Disaster Recovery Plans: Maintain regular backups stored safely offline and update them as often as necessary. An effective disaster recovery plan can significantly limit any data breach damage. Segmenting Networks: Dividing up your network into segments can limit how far an attacker can travel laterally across it if they gain entry to one area. Our Final Thoughts on TgRat The recent discovery of the TgRat trojan targeting Linux servers is a stark reminder of how cybercriminals exploit widely used technologies, even ones traditionally considered secure , like Linux. Nosystem is immune from sophisticated malware attacks. Proactive security enhancement and monitoring with swift response strategies will be critical in combatting future cybersecurity threats. . Discover a range of exciting activities and adventures designed to create lasting memories for everyone in your group and enhance your experience. TgRat Trojan,Linux security,malware threats,remote access trojan,cybercrime prevention. . Dave Wreski
Aug 05, 2024
•
Server Security
83
ransomwarethreat detectionattack strategiesUnderstanding Play Ransomware's New Linux Variant Targeting ESXi
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This development represents a significant evolution of ransomware strategies, and admins and businesses must understand these threats to implement effective defenses against them. . To help you understand this discovery in the context of the growing Linux ransomware threat and measures you can take to secure your systems against it, I'll break down how this ransomware has evolved and its infection mechanism and discuss best practices you can implement to protect against it. Understanding the Evolution of Play Ransomware Since its discovery in June 2022, the Play ransomware group has earned notoriety for employing double-extortion tactics and advanced evasion techniques to cause significant disruption across various sectors, particularly those in the US and Latin America. While historically associated with attacks against Windows systems running VMWare ESXi virtualization platforms, their recent expansion into Linux environments running VMWare ESXi signals an alarming trend because such environments often host critical business applications and data. Infection Mechanism of the Linux Variant The Linux variant of Play ransomware exhibits advanced evasion techniques and an attack strategy explicitly tailored for ESXi environments. Before executing its payload, this malware verifies whether or not it is running on an ESXi system; otherwise, it terminates and deletes itself immediately to minimize traces and reduce detection chances. Once inside an ESXi environment, ransomware uses several shell script commands to initiate its attack. These commands, executed via the ESXi shell interface, include: Scanning and Powering Off VMs: The script detects all virtual machines (VMs) by running vim-cmd vmsvc/getallvms and powers them off using vim-cmd vmsvc/power.off. Setting Custom Welcome Messages: The malware modifies the welcome message of anESXi host via the command esxcli system welcomemsg set -m=. Encryption: The ransomware can encrypt VM disk files, configuration files, and metadata files, which contain essential applications and user data that could otherwise halt business operations. It uses encryption techniques that encrypt files with ".PLAY" extensions and drops a ransom note in the root directory; this note also appears on the ESXi client login portal, locking administrators out until their ransom has been paid. Evasion Techniques & Detection Challenges The Play ransomware group's ability to bypass security measures is particularly alarming. The malware often comes compressed in RAR files alongside Windows variants to increase its chances of reaching its targets without being flagged by security systems. PsExec, NetScan, WinSCP, WinRAR, and Coroxy backdoor tools associated with these ransomware infections reside on servers that are crucial parts of its infection chain. Tracking and neutralizing them remains challenging due to their widespread use in legitimate operations. How Is the Play Ransomware Group Tied to Prolific Puma? The Play ransomware group has been linked with Prolific Puma, an obscure cybercriminal group. Prolific Puma is notorious for producing domains using its Destination Generation Algorithm (DGA) that it sells to other cybercriminals to evade detection; domains linked with Prolific Puma infrastructure share numerous similarities in registration patterns and IP address resolution. IP Address 108.61.142.190 hosts multiple tools used by Play ransomware and registers domain names like ztqs.info and zfrb.info through providers like Porkbun and NameCheap - evidence supporting a mutualistic relationship, where Play ransomware uses Prolific Puma's evasion services to expand its malicious activities. Practical Mitigation Strategies for Protecting Against Ransomware Attacks on ESXi Environments Given the sophisticated nature of the Play ransomware group and its Linux variant, administratorsmust employ a multi-layered defense strategy to protect ESXi environments from potential attacks. Here are some actionable mitigation strategies: Regular Backups: Critical data and configurations must be regularly backed up online or on separate network segments to prevent an attack from encrypting them. Backup verification should also occur regularly to ensure data integrity and rapid recovery capabilities. Patch Management: Maintain all systems, including VMWare ESXi, with the latest security patches to reduce vulnerability to ransomware. Network Segmentation: Implement network segmentation to limit malware's movement laterally across networks. Limit access to ESXi environments and critical systems only to personnel required and ensure proper security monitoring and incident response procedures are in place. Advanced Threat Detection: Utilize advanced threat detection and intrusion prevention systems. Review logs regularly for unusual activity and conduct regular security audits. Access Controls: Employ multi-factor authentication when accessing ESXi environments or critical systems. Limit the use of administrative privileges and regularly review access policies. User Education and Awareness: To increase employees' awareness of ransomware and phishing attacks , employees should be educated, and mock phishing exercises should be conducted. Our Final Thoughts on Combating the Growing Linux Ransomware Threat Adopting these strategies, Linux administrators can reduce the risks posed by ransomware attacks and ensure the resilience of their ESXi environments. As ransomware tactics constantly evolve, staying informed and proactive is vital in protecting critical business operations from disruption. . Uncover the rising menace of Play ransomware that is increasingly focusing on ESXi systems and delve into practical defense measures.. Linux Ransomware, ESXi Security, Threat Mitigation, Ransomware Defense, Linux Malware. . Brittany Day
Jul 23, 2024
•
Hacks/Cracks
209
social engineeringbackdoor attackcybersecurity awarenessTargeted Attacks on Open Source Maintainers Highlight Security Risks
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently targeting the Linux xz data compression library, XZ Utils . Many believe the attempt to backdoor Linux’s xz data compression library might not be an isolated incident. According to the OpenJS Foundation and Open Source Security Foundation (OpenSSF) , there has been a series of suspicious emails that appear targeted at a popular unnamed JavaScript project that the OpenJS Foundation hosts. . What Targeted Threats Have Been Identified Targeting Open-Source Maintainers? The emails were sent from different names, all with GitHub-associated email addresses, and were constructed around the same theme. The suspected attackers were trying to get themselves added as project maintainers to “address any critical vulnerabilities” but didn’t provide details on these vulnerabilities, which raises suspicion. This approach is similar to how the backdoor was introduced into XZ/liblzma, and as a result, it has been flagged as a potential security danger. Two other popular JS projects also received similar messages, raising more concern that certain groups of attackers are looking to introduce backdoors into open-source projects. Moreover, OpenJS immediately flagged the potential security concerns to cybersecurity and infrastructure security agencies within the United States Department of Homeland Security (DHS). This kind of attack is not new, yet it seems an effective way for attackers to infiltrate an open-source project. Therefore, it is critical to note that project maintainers must be extra vigilant and perform rigorous checks when adding contributors as maintainers. According to the article, this attack method utilizes social engineering techniques and exploits a sense of duty that maintainers feel toward their projects to infiltrate them. What Can Be Done to Combat This Threat? The attack method exploits the maintainers’ sense of socialresponsibility to deceive them. As such, promoting technical expertise and sharing knowledge about emerging threats and attack methods is imperative. Additionally, it is necessary to ensure that open-source projects are well-funded and their maintainers are adequately supported. This would serve as a significant deterrent against potential social engineering attacks. As such, governments and other organizations must allocate resources to help secure the broader open-source ecosystem. Funding for security developers has already had a tremendous effect, for example, the security-focused Alpha-Omega project , which Microsoft, Amazon, and Google support. Germany’s Sovereign Tech Fund aims to support foundations like OpenJS to strengthen infrastructure and security. Our Final Thoughts on This Attack This attack is a clear example of how attackers can infiltrate open-source projects by exploiting users’ trust to introduce backdoors. Consequently, we recommend coordinating efforts from different organizations and collaborating globally within the open-source ecosystem. In essence, this will help ensure that open-source developers are better equipped to identify such threats and mitigate them promptly. Therefore, more resources, a coordinated approach, knowledge sharing, and adequate funding are imperative in raising open-source security levels to protect our interconnected open-source projects and shared digital economies. . Open-source software is vital to tech, yet it's increasingly under attack. Discover insights on motives behind these assaults and ways to secure projects. Open Source Security, Backdoor Attacks, Developer Vigilance, Cyber Threats, Trust Exploitation. . Brittany Day
Apr 16, 2024
•
Security Trends
82
security programcybersecurity awarenessvulnerability disclosurePentagon's Vulnerability Disclosure Program Boosts Hacker Reports
Hackers are crawling all over the US Department of Defense’s websites. Don’t worry, though: they’re white hats, and DoD officials are quite happy about the whole thing. . Four years after it first invited white hat hackers to start hacking its systems, the Pentagon continues asking them to do their worst – and a report released this week says that they’re submitting more vulnerability reports than ever. The DoD’sDepartment of Defense Cyber Crime Center(DC3) handles cybersecurity for the DoD, and is responsible for tasks including cyber technical training and vulnerability sharing. It also runs the DoD’s Vulnerability Disclosure Program (VDP). The link for this article located at Naked Security is no longer available. . The collaboration with ethical hackers at the Pentagon has resulted in a notable rise in the number of vulnerability reports filed over the past four years.. White Hat Hacking, Pentagon Cybersecurity, Vulnerability Reporting. . Brittany Day
Mar 05, 2020
•
Government
82
data protectionsecurity breachhacking incidentCongress Hacking Incidents Demand Transparency By US Senators
Take a look at the security headlines, and you’ll see report after report of businesses and large organisations being hacked. . Sensitive databases are accessed, passwords are stolen, email archives are plundered, innocent people are put at risk and corporations get a kick up the backside that they need to take security more seriously. But what you don’t tend to hear about are hacks of computer systems belonging to the US Congress. The link for this article located at TripWire is no longer available. . Sensitive databases are accessed, passwords are stolen, email archives are plundered, innocent peopl. report, security, headlines, you’ll, businesses, large. . Brittany Day
Mar 14, 2019
•
Government
83
data breachpersonal informationhacker attackData Leak Exposes Personal Information of German Politicians
The German political establishment is reeling after personal data and communications from hundreds of politicians including Chancellor Angela Merkel were released by hackers. . Discovered only yesterday, the information had actually been released over the past fortnight by Twitter user ‘G0d’, who claims to be based in Hamburg and whose biog indicates is a security researcher with an interest in “satire & ironie.” The link for this article located at ZDNet is no longer available. . Dutch officials, led by Prime Minister Rutte, encounter repercussions as cybercriminals expose private information and messages from numerous individuals.. Data Breach, Cybersecurity Awareness, Political Security, Hacker Attack, Data Leak. . LinuxSecurity.com Team
Jan 04, 2019
•
Hacks/Cracks
76
critical infrastructurecybersecurity awarenesselection securityCollaboration Essential For Election Security At DEFCON 26
Speaking at DEFCON 26 in Las Vegas on the subject of “Securing our Nation's Election Infrastructure”, Jeanette Manfra, assistant secretary, Office of Cybersecurity and Communications from the Department of Homeland Security stressed the need for public and private sector collaboration. . She said that “instead of thinking of individual risk and your own part, try to think about enterprise and government as a whole.” In terms of critical infrastructure, Manfra said that this is “purely voluntary in the private sector” and includes “everyone working for yourself or your company, and this includes academic institutions and the broader private and public partnership to work together to figure our critical infrastructure.” The link for this article located at InfoSecurity is no longer available. . At DEFCON, Jeanette Manfra emphasizes the importance of uniting efforts to strengthen vital infrastructure and ensure the integrity of electoral systems.. Election Security,Cybersecurity Solutions,Public Private Partnership. . Brittany Day
Aug 12, 2018
•
Organizations/Events
83
consumer protectiononline bankingdata theftBeware Cybercrime: Protect Your Data While Shopping Online
Online threats are part-and-parcel of life on the Web -- but the end of the year proves to be a lucrative time to give cybercriminals the gift of your bank details or personal data.. As the holiday season comes in to full swing, more consumers use online banking and retail sites to complete their Christmas shopping. However, consumers are often duped by a number of tactics employed by criminals to profit from a lack of security awareness. The link for this article located at ZDNet Blogs is no longer available. . Amidst the festive period, the dangers of digital shopping escalate as cybercriminals intensify their efforts to exploit personal information.. Online Shopping, Data Protection, Cybercrime Awareness, Holiday Risks. . LinuxSecurity.com Team
Nov 13, 2013
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More