Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 7 articles for you...
72
sql injectioncybersecurity researchvulnerability managementWAF Bypass Method Discovered in Claroty Research on Cambium Security
Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors. . Claroty’s researchers discovered the method following an analysis of Cambium Networks’ wireless device management platform. They discovered a SQL injection vulnerability that could be used to obtain sensitive information, such as session cookies, tokens, SSH keys and password hashes. Exploitation of the flaw worked against the on-premises version, but an attempt to exploit it against the cloud version was blocked by the Amazon Web Services (AWS) WAF, which flagged the SQL injection payload as malicious. Further analysis revealed that the WAF could be bypassed by abusing the JSON data sharing format . JSON syntax is supported by all major SQL engines and it’s enabled by default. The link for this article located at Security Week is no longer available. . Experts at Claroty uncovered a technique that circumvents leading vendor WAF protections, highlighting weaknesses within Cambium's systems.. WAF Bypass, SQL Injection Vulnerability, Cybersecurity Research. . Brittany Day
Dec 14, 2022
•
Firewalls
83
data securitysecurity researchthreat detectionUndetected RotaJakiro Linux Malware Exfiltrates Sensitive Data
Researchers have discovered a dangerous strain of Linux malware Dubbed " RotaJakiro " that went undetected for three years, enabling its operators to harvest and exfiltrate sensitive data from infected systems. . A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems. Dubbed " RotaJakiro " by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate encryption and behaves differently for root/non-root accounts when executing." The link for this article located at The Hacker News is no longer available. . Uncover the cunning Windows virus SneakyRodent that remained hidden for over three years, quietly siphoning off confidential information.. Linux Malware,RotaJakiro,Data Exfiltration,Data Security,Malware Threat. . LinuxSecurity.com Team
Apr 29, 2021
•
Hacks/Cracks
67
reverse engineeringcybersecurity researchsoftware protectionHARES Software Protection: Innovative Anti-Reverse Engineering Method
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It. At the SyScan conference next month in Singapore, security researcher Jacob Torrey plans to present a new scheme he calls Hardened Anti-Reverse Engineering System, or HARES. Torrey The link for this article located at Wired is no longer available. . Discover an innovative approach that has the potential to transform how software safeguards itself from reverse engineering, as introduced by Jacob Torrey.. Software Protection, Anti-Reverse Engineering, Cybersecurity Research. . LinuxSecurity.com Team
Feb 12, 2015
•
Cryptography
83
attack methodscybersecurity researchscarewareInvestigating Search Engine Manipulation Tactics in Cybersecurity
The techniques used by unloveable rogues who automate search engine manipulation attacks themed around breaking news to sling scareware have been unpicked by new research from Sophos.. A research paper published on Wednesday by Sophos researchers Fraser Howard and Onur Komili lifts the lid on the search engine optimisation techniques used by hackers to hook surfers into their scams. Attackers use automated kits to apply blackhat SEO methods The link for this article located at The Register UK is no longer available. . Experts from Sophos expose strategies employed by cybercriminals in manipulating search engine results—uncover the methods.. Search Engine Manipulation,Cybersecurity Tactics,Automated SEO. . LinuxSecurity.com Team
Mar 31, 2010
•
Hacks/Cracks
74
network securityreverse engineeringcybersecurity researchInnovative Botnet Communication Analysis and Reverse Engineering Techniques
Networks of compromised computers controlled by a central server, better known as botnets, are a Swiss Army knife of tools for online criminals. Hackers can use these co-opted systems to churn out spam, host malicious code, hide their tracks on the Internet, or flood a corporate network to cut off its access to the Web.. Whenever a new botnet appears, researchers race to reverse engineer the software it installs on a victim's machine, and to decode the way each bot communicates with the controlling server. Because these communications are often encrypted, such analyses can take weeks or months. Now researchers from the University of California at Berkeley and Carnegie Mellon University have created a way to automatically reverse engineer the communications between compromised computers and their controlling servers. In a paper to be presented this week at the Association for Computing Machinery's Conference on Computer and Communications Security, the researchers show how automatic reverse engineering can decipher the structure and purpose of the communications between a command-and-control server and its bots. The link for this article located at Technology Review is no longer available. . Scientists reveal strategies for deconstructing malware interactions and strengthening defense mechanisms against cyber threats.. Botnet Analysis, Cybersecurity Research, Reverse Engineering Techniques, Network Security, Malicious Software Insights. . Alex
Nov 13, 2009
•
Network Security
83
security toolmalware analysiscybersecurity researchCult of the Dead Cow Introduces New Malware Analysis Tool for Researchers
In the annals of computer "(in)security," few groups are as well known as the Cult of the Dead Cow (cDc). They are now adding a new chapter to their infamous history with the release of a new malware search engine that enables researchers to analyze over 31,000 "hostile" files. It's all part of an effort the cDc calls "offensive computing." Originally founded in 1984, cDc and its members are well known for a number of their efforts over the past 22 years. . The link for this article located at eSecurityPlanet.com is no longer available. . The link for this article located at eSecurityPlanet.com is no longer available.. annals, computer, '(in)security, groups, known. . LinuxSecurity.com Team
Aug 09, 2006
•
Hacks/Cracks
82
federal plancybersecurity researchR&D recommendationsFederal Cybersecurity Coordination Recommendations on R&D
The Bush administration has drafted a federal plan to improve cybersecurity research and development. Yesterday, the National Science and Technology Council, a Cabinet-level body that coordinates governmentwide science and technology policies, issued a preprint release of the “Federal Plan for Cyber Security and Information Assurance Research and Development.. In addressing gaps in the country’s current cybersecurity activities, the 121-page report recommends setting R&D priorities and strengthening coordination between agencies and the private sector. The plan also calls for implementing emerging technologies, road maps and metrics. It does not address specific funding levels or budgets. Industry officials and lawmakers had been urging the administration to improve federal cybersecurity and information assurance R&D. Officials are billing this plan as the first step toward developing a federal agenda. Members of more than 20 government organizations prepared the document as part of the Interagency Working Group on Cyber Security and Information Assurance. The link for this article located at Federal Computer Week is no longer available. . In addressing gaps in the country’s current cybersecurity activities, the 121-page report recommen. administration, drafted, federal, improve, cybersecurity, research, development. . Brittany Day
Apr 25, 2006
•
Government
83
cybersecurity researchmalware outbreakworm analysisExploring Witty Worm Origins: Target Systems and Exploit Methods
The Witty worm, which infected more than 12,000 servers a year ago, came from a single computer in Europe and used a U.S. military base's vulnerable systems to kick-start the epidemic, according to an analysis released by three researchers this week. . The researchers combined records from the initial spread of the Witty worm along with an analysis of the random number generator used by the program to pick its targets and discovered that the worm almost certainly spread initially from a computer owned by a customer of a European Internet Service Provider. The analysis also found that about 10 percent of the Internet's addresses would not have been generated, thus infected, by the Witty worm and that 110 computers at a U.S. military base were likely among a "hit list" of systems that were targeted explicitly by the worm. "We hope that the principle of exploiting a worm's structure will be more broadly applicable to forensics of future worms," said Vern Paxson, senior researcher with International Computer Science Institute at the University of California at Berkeley and one of the three researchers who co-authored the analysis of the Witty worm. Paxson, along with another researcher at ICSI and a computer science graduate student at the Georgia Institute of Technology, published the results in a paper this week, including new details of the worm's spread. The link for this article located at SecurityFocus is no longer available. . Investigations have traced the Clever caterpillar's beginnings and expansion, illuminating its primary target platforms and evaluation techniques.. Witty Worm, Malware Analysis, Cybersecurity Research. . LinuxSecurity.com Team
May 25, 2005
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More