Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 23 articles for you...
76
cybersecurity initiativeopen source securityvulnerability disclosureCISA's Secure By Design Initiative and Its Impact on Cybersecurity
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This development aims to address the increasing cybersecurity threats individuals and organizations face. . This article highlights the efforts of companies such as Microsoft, Google, and Apple to prioritize security by default in their products. These security measures include encryption, multi-factor authentication, and automatic security updates. What Does This Initiative Involve & What Are the Implications for Cybersecurity? There has been a significant development in the tech industry as nearly 70 tech and cybersecurity companies commit to integrating default security features into their products. This "secure by design" pledge aims to enhance the baseline security of tech products and address vulnerabilities right from the point of sale. The initiative is led by the Cybersecurity and Infrastructure Security Agency (CISA) and supported by major companies, including Microsoft, IBM, and Amazon Web Services. This proactive move emphasizes the importance of cybersecurity in today's digital landscape and the need for secure software practices. According to the CISA, the goals of this initiative include: Increase the use of multi-factor authentication (MFA) across their products; Reduce default passwords across their products; Reduce one or more entire classes of vulnerabilities; Increase the installation of security patches by customers; Publish a vulnerability disclosure policy (VDP) that authorizes testing by members of the public on products, commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP, provides a clear channel to report vulnerabilities, and allows for public disclosure in line with coordinated vulnerability disclosure best practices and standards; Demonstrate transparency in vulnerability reporting by including accurate Common Weakness Enumeration (CWE) andCommon Platform Enumeration (CPE) fields in every CVE record for their products – and issue CVE in a "timely manner," at least for critical and high-impact bugs; and Make it easier for customers to spot evidence of intrusions affecting their products. Open Source: Pioneering the 'Secure-by-Design' Revolution As Linux admins, infosec professionals, internet security enthusiasts, and sysadmins, this development is significant as it demonstrates a proactive approach to cybersecurity. We know the benefits of built-in security, a key part of the open-source development model . Open-source software has publicly accessible code that anyone can view and contribute to, fostering thorough review by a vibrant worldwide community and resulting in the rapid detection and elimination of security issues. Software vulnerabilities cause the vast majority of breaches, and the initiative to embed security features directly into products could greatly reduce these risks. Embracing the open-source model would further enhance the inherent security of software developed under the secure-by-design initiative. The partnership between tech companies and cybersecurity experts to create more robust security features is particularly noteworthy. One security researcher states, "This collaborative effort will help address complex security challenges and lead to more resilient products." This collaboration is crucial in bridging the gap between theoretical security practices and real-world implementation. It raises questions about how this collaborative effort will impact the overall security landscape and whether it will result in a more standardized approach to security across different products. Another aspect to consider is the long-term consequences of this initiative. While embedding security features in products is a positive step, it could also create a false sense of security among users. One cybersecurity consultant warns, "Relying solely on built-in security features may lead users to believe they areinvulnerable to attacks." This raises concerns about user complacency and the need for ongoing education and awareness campaigns to ensure that users understand the limitations of these built-in security measures. Moreover, although the tech companies involved have signed the CISA's secure-by-design pledge, it is crucial to note that their commitments are voluntary. There are currently no measures in place to ensure that those who have signed on will hold up their end of the agreement. This is a critical consideration, as it is one thing to say you will adhere to a commitment and another to honor it in actuality. More must be done to ensure that companies uphold their promise to provide users with foundationally secure software. The impact of this initiative on security practitioners is significant. It could streamline security practices and reduce the burden of continuously patching vulnerabilities . However, it also raises concerns about vendor lock-in and the potential for companies to monopolize the security software market. As open-source advocates, it is essential to interrogate how this initiative aligns with the principles of openness, transparency, and collaboration that are the foundation of Linux and other open-source technologies. Our Final Thoughts on This Push for Built-in Security This initiative is a promising development in the tech industry. While it brings a positive shift towards proactive cybersecurity measures, it also raises questions about collaboration, a false sense of security, compatibility, and the balance between convenience and robustness. As security practitioners, it is crucial to critically analyze these implications and continue advocating for open-source practices and user education to strengthen overall security. . Leading technology firms are emphasizing integrated safety measures to address increasing cyberattack risks.. Secure By Design, Cybersecurity Practices, Open Source Security. . Dave Wreski
May 09, 2024
•
Organizations/Events
82
software securitycybersecurity initiativeopen source securityEnhancing Open Source Security Through US Software Act 2022
Cybersecurity continues to be a hot topic. More and more organizations are getting hit by ransomware attacks, critical open software vulnerabilities are making news, and we’re seeing industries and governments coming together to discuss initiatives to improve software security. . The U.S. government has been working with the tech industry and open source organizations such as the Linux Foundation and the Open Source Security Foundation to come up with a number of initiatives in the past couple of years. The White House Executive Order on Improving the Nation’s Cybersecurity without a doubt kick-started subsequent initiatives and defined requirements for government agencies to take action on software security and, in particular, open source security. An important White House meeting with tech industry leaders produced active working groups, and only a few weeks later, they issued the Open Source Software Security Mobilization Plan. This plan included 10 streams of work and budget designed to address high-priority security areas in open source software, from training and digital signatures, to code reviews for top open source projects and the issuance of a software bill of materials (SBOM). . The federal agencies are partnering with technology firms to bolster public digital safety through collaborative open source projects.. Open Source Security, Cybersecurity Legislation, Software Security Initiatives, Ransomware Protection, Tech Industry Collaboration. . Brittany Day
Dec 14, 2022
•
Government
79
security issuescybersecurity initiativesoftware maintenanceGoogle's Open Source Crew Supports Critical Projects and Security
The Google Open Source Maintenance Crew will support under-resourced critical open-source products to fix security issues. . Google has created a new "Open Source Maintenance Crew" who will help upstream maintainers of critical open-source projects to handle bugs and patching processes. The new team is part of Google's contribution to the White House's push to improve cybersecurity in open source and protect software supply chains following the White House's January summit with major tech vendors , including Microsoft, Google, IBM and Amazon Web Services. . Google's Open Source Development Team seeks to improve assistance for vital projects while strengthening cybersecurity protocols.. Open Source Maintenance, Google Initiative, Cybersecurity Support, Critical Security Issues, Software Supply Chain. . LinuxSecurity.com Team
May 26, 2022
•
Security Projects
82
cyber threatsdata protectioncybersecurity initiativeIndia's Cybersecurity Initiative: Safeguarding Digital Infrastructure
India’s Prime Minister, Narendra Modi, is preparing for a digital revolution that includes strategies to improve cybersecurity for a digital India; however, as the divide between users and nonusers of the internet narrows, the risk for cyber-attacks increases, according to Prem Behl, Chairman of Exhibitions India Group. As a result, defending India’s critical infrastructure, financial institutions and data security from hackers is critical as the nation advances into the digital age.. In addressing potential solutions to the issues of paramount concern in India’s financial institutions, Behl applauded a joint venture between The Floor and Cyber Security Group, based in Tel Aviv and Hong Kong. "It’s time for India to get smart about cybersecurity, and tapping into one of the world’s largest pools of talent and know-how in cybersecurity, will secure the banking and government infrastructure systems against cyber-attacks." The link for this article located at InfoSecurity is no longer available. . As India's digital landscape expands, the surge in cyber attacks poses significant challenges; implementing robust measures is crucial to safeguard organizations and sensitive information.. Digital Transformation,Cybersecurity Initiatives,Data Protection Strategies,Financial Security Measures. . Brittany Day
Jul 06, 2018
•
Government
82
security advisorylaw enforcementcybersecurity initiativeUK Advisory on Tor: Enhancing Law Enforcement and Digital Privacy
The UK Parliamentary Office of Science and Technology (POST) has issued a POSTnote titled . The bulk of the four-page document explains Tor's operations and along the way notes that one of its applications is helping law enforcement agencies (LEAs) to mask their own activities It then considers what the UK's government and LEAs might do about Tor. The link for this article located at The Register UK is no longer available. . The Australian administration proposes supporting VPNs to help authorities combat cybercrime while improving public safety through increased online privacy.. Tor Browser, Cybersecurity Initiatives, Digital Privacy, UK Law Enforcement. . Alex
Mar 10, 2015
•
Government
82
national securityinfrastructure protectioncybersecurity initiativeObama Signs Executive Order For Cybersecurity Infrastructure Protection
US President Barack Obama has signed an executive order seeking better protection of the country's critical infrastructure from cyber attacks that are a growing concern to the economy and national security. . The long-expected executive order, unveiled in the State of the Union speech, follows last year's failed attempt by the US Congress to pass a law to confront continuing electronic attacks on the networks of US companies and government agencies. The link for this article located at Stuff NZ is no longer available. . President Biden issues a presidential memorandum to strengthen cyber defenses in order to safeguard essential services against potential threats.. Cybersecurity Measures, National Security Initiatives, Critical Infrastructure Protection. . Anthony Pell
Feb 14, 2013
•
Government
82
network defensecybersecurity initiativedigital threatDARPA Cyber Colloquium: Collaboration For Enhanced Network Defense
It's been a rough week for digital security in the USA, with China accused of hacking satellites and stealing secrets (claims they deny). Now it looks like the United States is planning on better readying itself for electronic threats by bumping up its cyber arsenal, both offensive and defensive. . At an event dubbed the "cyber colloquium," DARPA stated it needed to beef up its network security, and asked for academics, researchers, and "visionary hackers" to help it do so. With cyber-attacks a very real threat, DARPA wants to move away from plugging leaks, and on to prevent them from happening in the first place. The agency also has its sights set on being more prepared to use those capabilities offensively.. In a gathering named 'digital dialogue,' the NSA invites partners to improve defense mechanisms and tackle online vulnerabilities.. DARPA Cyber Initiative, Network Security Enhancement, Digital Threat Mitigation. . Dave Wreski
Nov 08, 2011
•
Government
76
cybersecurity initiativehacker collaborationDARPA programDARPA Cyber Fast Track Program Empowers Non-Traditional Hackers
The Defense Advanced Research Projects Agency on Thursday launched Cyber Fast Track, an effort to fund innovative cybersecurity efforts by groups and people who don't usually do work for the government, including hobbyists, boutique security labs, and other small groups of hackers, DARPA project manager Peiter "Mudge" Zatko announced at Black Hat, a UBM TechWeb event, in Las Vegas.. The Cyber Fast Track program, first announced at the annual ShmooCon cybersecurity conference in January, will fund between 20 and 100 projects a year, Zatko said. The short, fixed-price contracts will be awarded with little turnaround time--about 10 days from the receipt of proposals--based on a simple proposal template so as to lower the barrier to entry. Projects will be carried out over no more than a few months. The link for this article located at Information Week is no longer available. . The Pentagon's Digital Innovation Initiative encourages unconventional tech experts to develop cutting-edge defenses for national security systems.. DARPA Funding, Cybersecurity Initiative, Hacker Collaboration. . Anthony Pell
Aug 05, 2011
•
Organizations/Events
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More