Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 11 articles for you...
210
security advisorycode executionservice disruptionX.Org: Security Advisory on Severe Memory Flaws and Code Execution Risks
After recent heap overflow, out-of-bounds write, and privilege escalation flaws brought X.Org into the spotlight, more severe memory safety, use-after-free, heap buffer overread, and code execution vulnerabilities have been identified in the popular X server. These issues affect the X.Org X11 server. . To help you secure your systems against exploits leading to service disruption, data compromise, and other damaging repercussions, we'll explore the vulnerabilities found, their impact, and how to mitigate them. What Vulnerabilities Have Been Found in the X.Org X11 Server? What Is the Impact of These Flaws? Vulnerabilities discovered in X.Org X11 include: The X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could use this issue to cause the X Server to crash or obtain sensitive information. ( CVE-2023-6478 ) The X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. ( CVE-2023-6816 ) The X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. ( CVE-2024-0229 ) The X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. ( CVE-2024-0408 ) The X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. ( CVE-2024-0409 ) The X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could use this issue to cause the X Server to crash or execute arbitrary code. ( CVE-2024-21885 ) The X.Org X Serverincorrectly handled devices being disabled. An attacker could use this issue to cause the X Server to crash or execute arbitrary code. ( CVE-2024-21886 ) Heap buffer overread/data leakage in ProcXIGetSelectedEvents. ( CVE-2024-31080 ) Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. ( CVE-2024-31081 ) User-after-free in ProcRenderAddGlyphs. ( CVE-2024-31083 ) These vulnerabilities could have severe repercussions on impacted systems, enabling attackers to disrupt services and steal sensitive information, potentially resulting in the complete compromise of your critical Linux systems. How Can I Secure My Systems Against These X.Org Bugs? An essential X.Org update that fixes these issues has been released. We urge all impacted users to update to the latest version of X.Org as soon as possible. Applying the patches released by your distro(s) will protect your systems against attacks leading to downtime and compromise. To stay informed of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter , and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on X for real-time updates on advisories for your distro(s) . . With new vulnerabilities in X.Org, adopting a multi-layered security approach is crucial. Steps like patching, access controls, and user education are essential. X.Org security, Memory safety fixes, Linux code execution, Open source update. . Anthony Pell
Apr 15, 2024
•
Security Vulnerabilities
212
security advisoryexploit riskdata compromiseExploit Risks of Misconfigured Azure Services in EmojiDeploy Attack Chain
Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system. . An attack chain exploiting misconfigurations and weak security controls in a common Azure service is highlighting how lack of visibility impacts the security of cloud platforms. The "EmojiDeploy" attack chain could allow a threat actor to run arbitrary code with the permission of the Web server, steal or delete sensitive data, and compromise a targeted application, Ermetic stated in its Jan. 19 advisory . An attacker could use a trio of security issues affecting the common Source Code Management (SCM) service — a cloud service used by many Azure applications without an explicit indication to the user, according to Ermetic. The issues demonstrate that the security of cloud platforms are undermined by the lack of visibility into what those platforms do under the hood, says Igal Gofman, head of research for Ermetic. The link for this article located at DarkReading is no longer available. . A vulnerability pathway leveraging insufficient configurations and lax defenses in a widely used Azure platform could present significant threats.. AzureService, CloudSecurity, MisconfigurationRisk, AttackChain. . Brittany Day
Jan 26, 2023
•
Cloud Security
83
security advisoryincident reportnetwork breachLabCorp Data Security Incident: Numerous Patient Records Exposed
LabCorp, a healthcare diagnostics company, has shut down its systems after a suspected network breach, which could have put millions of health records at risk. . In a report to the United States Securities and Exchange Commission, the company announced that during the weekend of July 14 2018, it had detected suspicious activity on its IT network and immediately took specific systems offline. The company said that the suspicious activity has been detected only on LabCorp Diagnostics systems, and that "there was no indication that it affected systems used by Covance Drug Development." The link for this article located at InfoSecurity is no longer available. . LabCorp's potential cyber attack threatens vast amounts of health data, leading to system lockdown for security measures.. LabCorp Breach, Network Compromise, Health Data Security. . LinuxSecurity.com Team
Jul 19, 2018
•
Hacks/Cracks
83
security advisorycyber incidenthealthcareHealthEquity: 23000 Accounts Compromised Due To Email Breach
Sometimes all it takes is one employee to spark a cybersecurity wildfire, as HealthEquity learned this week. The company, which handles more than 3.4 million health savings accounts, suffered a data breach when an unauthorized person accessed an employee's email account.. The incident took place on April 11 and was discovered two days later. When the company learned an employee's email was compromised, it removed access to the mailbox and hired a forensics firm to confirm the breach did not affect other HealthEquity systems. The link for this article located at DarkReading is no longer available. . The incident took place on April 11 and was discovered two days later. When the company learned an e. sometimes, takes, employee, spark, cybersecurity, wildfire, healthequity, learned. . LinuxSecurity.com Team
Jun 15, 2018
•
Hacks/Cracks
83
security advisoryunauthorized accesssecurity incidentDrupal.org User Data Breach Investigation: Unauthorized Access Revealed
The Drupal.org security team says it has discovered unauthorised access to Drupal.org and groups.drupal.org account information which has exposed user names, country, and email addresses along with hashed passwords. . No credit card information was stored on the servers, but the investigation is ongoing and the team says it "may learn about other types of information compromised". The link for this article located at H Security is no longer available. . Inquiry in progress following the revelation of unauthorized entry into user records on Drupal.org, revealing confidential details.. Drupal Security, User Data Breach, Unauthorized Access, Account Security. . LinuxSecurity.com Team
May 30, 2013
•
Hacks/Cracks
83
cyber threatsecurity riskgovernment securityState Employee Phishing: Risks to Data Security From Official Emails
The email sent to several thousand of state employees in early February looked official. It featured the state logo and a familiar warning that email access was about to be cut off because the employee. If an employee clicked, a screen popped up asking for more data, including the employee The link for this article located at Forbes is no longer available. . Public sector workers are encountering phishing attacks as cybercriminals send spoofed communications to obtain confidential information.. State Employee Cybersecurity, Phishing Risks, Data Security Threats. . LinuxSecurity.com Team
Mar 07, 2013
•
Hacks/Cracks
83
security advisorycyber attacknetwork breachSwaggSec Claims Breach of Warner Bros and China Telecom Networks
A hacking group is claiming to have breached the networks of Warner Bros. and China Telecom, releasing documents and publishing login credentials.. Swagger Security, or "SwaggSec," announced the breach Sunday on Pastebin, providing a link to the files on The Pirate Bay. The group has been active since early this year when it claimed credit for stealing user names and passwords for an ordering system belonging to the contract manufacturer Foxconn, which builds devices for technology companies including Apple. The link for this article located at Computer World is no longer available. . The hacker collective known as 'SwaggSec' asserts it has infiltrated both Paramount Pictures and China Unicom, releasing confidential files online.. SwaggSec,Hack,Credentials,Network Security,Cybersecurity. . LinuxSecurity.com Team
Jun 04, 2012
•
Hacks/Cracks
83
cybercrimesecurity incidentdata compromised33ds Team Breaches Rival Hacker's Online Shop Selling Compromised Access
A hacking group called d33ds broke into the online shop of a rival hacker who sells unauthorized access to high-profile websites and data.. This illegal marketplace has been used in the past to advertise information stolen from websites belonging to the U.S. Army, the U.S. Department of Defense, the South Carolina National Guard and other institutions. Its owner, a hacker calling himself Srblche, also offered services that included compromising the particular servers his customers wanted. According to Rob Rachwald, director of security strategy at security firm Imperva, Srblche is believed to be Kuwaiti. "We tracked his Facebook profile," Rachwald said Thursday. The link for this article located at Computer World is no longer available. . An adversarial cybercriminal's digital store is infiltrated by a competing faction, disclosing a seedy bazaar for hacked web platforms.. Compromised Websites, Cybercrime, Hacking Group, Data Breach, Security Incident. . LinuxSecurity.com Team
Nov 04, 2011
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More