Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
83
cyber threatsbackup strategiesransomwareDouble-Extortion Ransomware Insights and Defensive Strategies for Linux
As cybersecurity evolves, so too has its threats. Symantec recently identified an emerging threat aimed at Linux systems. This new type of ransomware (called double extortion by its creators) encrypts files and exfiltrates and holds onto data, demanding ransom payments in return. Such sophisticated cybercriminal tactics highlight their audacity while attacking many enterprise and cloud environments - an audacious move by cybercriminals targeting such essential infrastructure as server farms. . Here is more insight into this ransomware's mechanisms, its danger, and exploited vulnerabilities, along with actionable insights for Linux administrators looking to protect themselves and fortify defenses against attack. How Does This Ransomware Work & What Makes It So Dangerous? This ransomware variant , believed to have been created by an English- and Spanish-speaking actor, leaves behind a ransom note (/root/README.txt and /user/[username]/README.txt) outlining the steps victims must follow. Furthermore, its relentless behavior involves shutting down processes like PostgreSQL, MongoDB, MySQL, Apache2, Nginx, and PHP-FPM to stop recovery or interference during the attack. It hijacks /etc/motd files to display warning messages, creating a sense of urgency and fear among victims. When files have been encrypted, a ransom note in English and Spanish states that significant volumes of sensitive data have been stolen and encrypted. The perpetrators demand contact via Session, an anonymous messaging app, to negotiate ransom payment in return for decryption keys, emphasizing their preference for secure communication channels. This ransomware poses an extraordinary danger due to its Double-Extortion technique. Not only are files encrypted, making them inaccessible, but exfiltrated data also provides attackers with additional leverage against businesses. Companies could experience operational capacity loss due to this ransomware attack, and their confidentiality and integrity could be breached, potentiallyleading to regulatory penalties and irreparable reputation damage. Who Is At Risk? This attack is non-discriminatory in its approach. If left vulnerable, any Linux system—found across much of the Internet, cloud infrastructures, and enterprise backends—could become a ransomware attack victim. Organizations with significant data assets, operational reliance on affected databases or services, and inadequate security postures are particularly at risk from this malware threat. Fortifying Defenses: A Guide for Administrators In response to this ever-present danger, Linux administrators must employ multiple layers of defenses to protect their systems and data. Here is some practical and specific advice for defending against this ransomware: Recurring Backups: Create encrypted off-site backups of all critical information to protect against possible attacks. Regular encrypted off-site backups could act as your safety net in case of an attack. Process and Service Monitoring: Establish monitoring to detect unanticipated stops or modifications of critical services (e.g., PostgreSQL and MongoDB) to detect and address malicious activities promptly. Apply Patches & Updates: Apply regular security updates and patches that could protect against ransomware threats. Access Controls: Employ stringent access controls and permission policies to restrict administrative privileges to only essential processes or users. Intrusion Detection Systems: Use file integrity monitoring and intrusion detection systems (IDS) to detect changes or suspicious activities on your systems. Educate and Train: Raise awareness within your operational teams about cyber threats and safe practices. Phishing often serves as an entryway to malware infections. Network Segmentation: Divide your network into segments to prevent intrusions from spreading and provide enhanced protection for sensitive areas through improved controls. Our Final Thoughts on This Ransomware The recentrise of double-extortion ransomware targeting Linux systems is a stark reminder of cyber adversaries' increasing sophistication and audacity. It underscores the necessity of adopting a proactive security strategy comprised of technological solutions and a culture of awareness and preparedness. Organizations can significantly lower their risks by understanding the nature of ransomware attacks, recognizing signs of an attack, and taking recommended security measures to secure systems and data against cyber threats. Vigilance, preparedness, and resilience are key to protecting system and data integrity in an ever-evolving cyber threat environment. . Double-extortion ransomware poses a serious threat to Linux systems, encrypting data and demanding ransom while threatening to leak sensitive information. Linux Ransomware, Data Exfiltration, Malware Prevention, Cyber Threats. . Anthony Pell
Aug 13, 2024
•
Hacks/Cracks
83
malwarecyber attackssecurity implicationsUnderstanding DinodasRAT Linux Malware Threats and Defense Measures
A Linux version of the multi-platform backdoor malware called DinodasRAT has been spotted in cyberattacks across several countries. The malware, also known as XDealer, is a C++-based threat that can harvest sensitive data from compromised systems. . The prevalent and evasive malware can be attributed to China-nexus threat actors. This discovery raises significant security implications and emphasizes the importance of proactive measures for Linux administrators and infosec professionals. What Are the Security Implications of DinodasRAT Linux Malware? The emergence of a Linux variant of DinodasRAT is a development concern for security practitioners in the Linux community. Its targeted attacks on Red Hat-based distributions and Ubuntu Linux indicate the need for heightened vigilance in these environments. As Linux admins and system administrators, we must stay up-to-date with the latest threat intelligence and security advisories to protect our infrastructure from this evolving threat landscape. One intriguing aspect of this malware is DinodasRAT's persistence mechanism through SystemV or SystemD startup scripts. This technique enables the malware to establish a foothold on the compromised system, making it challenging to detect and mitigate. Linux admins and sysadmins must thoroughly review the startup scripts on their machines to ensure that this backdoor is not leveraging them. DinodasRAT also can perform various malicious activities, such as file operations, process enumeration, and shell command execution. This comprehensive feature set indicates that the malware operators have significant control over the compromised systems, posing a severe threat to data exfiltration and espionage. Infosec professionals should consider conducting thorough security assessments and penetration tests to identify potential vulnerabilities this malware may exploit. Moreover, DinodasRAT's utilization of the Tiny Encryption Algorithm (TEA) for encrypting command and control (C2) communicationshighlights the sophistication of this threat. This raises questions about how organizations can effectively monitor and detect such encrypted communications, especially in environments with many Linux servers. Investing in robust threat intelligence solutions and maintaining secure network monitoring practices becomes critical to identifying any malicious activity associated with DinodasRAT. The implications of DinodasRAT's presence in cyberattacks across multiple countries cannot be ignored. It prompts us to reevaluate our security strategies and consider potential long-term consequences. As security practitioners, we must question whether our current defenses are adequately equipped to withstand such targeted threats. This article reminds Linux admins, sysadmins, and infosec professionals to continuously enhance their knowledge and skills to safeguard their systems against evolving malware variants. Our Final Thoughts on DinodasRAT Linux Malware The discovery of the Linux version of DinodasRAT highlights the evolving nature of cyber threats and the importance of maintaining robust security measures. Linux admins, infosec professionals, and sysadmins must remain vigilant, update their defenses, and adopt proactive security practices to protect their infrastructure from this and similar malware variants. By leveraging threat intelligence, conducting regular security assessments, and implementing encryption monitoring techniques, we can counter the impact of DinodasRAT and mitigate its potential damage. . DynoesRAT represents significant threats for Unix environments, especially regarding information theft and ongoing presence methods.. DinodasRAT Linux, Backdoor Threats, Malware Security, Linux Admins, Cybersecurity Risk. . Dave Wreski
Mar 31, 2024
•
Hacks/Cracks
67
ransomwaresecurity threatLinuxNew Money Message Ransomware Affects Linux And Windows Systems
Cyble Research and Intelligence Labs (CRIL) discovered a new ransomware group called Money Message. Both Windows and Linux operating systems are targeted by this ransomware, which can encrypt network shares. Experts believe that threat actors may use stealer logs in their operations. . More than five victims publicly identified as having been impacted by Money Message, the majority of whom are Americans, have already been reported since it was first noticed in March 2023. Industries represented by the victims include BFSI, transportation and logistics, and professional services. The gang targets its victims using a double extortion method that entails exfiltrating the victim’s data before encrypting it. The group posts the data on their leaked website if the ransom is unpaid. The Elliptic Curve Diffie-Hellman (ECDH) key exchange and ChaCha stream cipher algorithm are used by the Money message ransomware to encrypt data on a victim’s Computer and demand a ransom for its release. Researchers stated that , like other ransomware groups, this ransomware does not rename the file after encryption. The link for this article located at Cyber Security News is no longer available. . At least six individuals have been named as having suffered due to Money Message, with most being residents of the United States.. Money Message Ransomware, Data Encryption Threat, Cyber Attack Alerts. . LinuxSecurity.com Team
Apr 10, 2023
•
Cryptography
83
data securitysecurity researchthreat detectionUndetected RotaJakiro Linux Malware Exfiltrates Sensitive Data
Researchers have discovered a dangerous strain of Linux malware Dubbed " RotaJakiro " that went undetected for three years, enabling its operators to harvest and exfiltrate sensitive data from infected systems. . A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems. Dubbed " RotaJakiro " by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate encryption and behaves differently for root/non-root accounts when executing." The link for this article located at The Hacker News is no longer available. . Uncover the cunning Windows virus SneakyRodent that remained hidden for over three years, quietly siphoning off confidential information.. Linux Malware,RotaJakiro,Data Exfiltration,Data Security,Malware Threat. . LinuxSecurity.com Team
Apr 29, 2021
•
Hacks/Cracks
210
security advisorymalware threatdata exfiltrationZoom: Researcher Mazin Ahmed Exposes Multiple Vulnerabilities at DEF CON 28
Security researcher Mazin Ahmed demonstrated multiple serious vulnerabilities in the popular Zoom app, two of which impact Linux users, at DEF CON 28. . Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application. According to cybersecurity researcher Mazin Ahmed , who presented his findings at DEF CON 2020 yesterday, the company also left a misconfigured development instance exposed that wasn't updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched. The link for this article located at The Hacker News is no longer available. . Zoom has tackled significant security issues, notably within its Linux application, as pointed out by analyst Mazin Ahmed.. Zoom Security Issues, Linux Data Exfiltration, DEF CON 28 Vulnerabilities, Malware Threats, Research Findings. . Brittany Day
Aug 10, 2020
•
Security Vulnerabilities
83
security advisoryremote accessrootkitAWS Servers Breached: Rootkit Installed by Hacker Group
A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre. . That’s according to a report from the UK’s Sophos published late last week, which has raised eyebrows and questions in the security industry. The attackers neatly sidestepped AWS security groups (SGs); which, when correctly configured, act as a security perimeter for associated Amazon EC2 instances. The unnamed target of this attack had correctly tuned their SGs. But with a rootkit installed on their AWS servers that gave attackers remote access, the compromised Linux system was still listening for inbound connections on ports 2080/TCP and 2053/TCP: something that eventually triggered Sophos’ intervention. The link for this article located at CBR Online is no longer available. . An advanced cybercriminal organization infiltrated Azure cloud systems, deploying a trojan for unauthorized entry and information theft.. AWS Security Breach, Rootkit Attack, Data Exfiltration, Cloud Security, Remote Access Threats. . LinuxSecurity.com Team
Mar 05, 2020
•
Hacks/Cracks
74
penetration testingicmp tunnelingnetwork infiltrationExploring ICMP Tunneling Techniques for Improved Network Access
The scenario is you are without Internet connectivity anywhere. You have found either an open wireless access pointed or perhaps you're staying in a hotel which permits rented Internet via services like Spectrum Interactive [1] (previously known as UKExplorer). You make the connection, whether its physically connecting the Ethernet cables, or instructing you're wireless adapter to lock onto the radio signal. You are prompted with some sort of authorization page when you open a browser. You don't have access to it, so what do you do? . The link for this article located at NullDigital.net is no longer available. . Explore ICMP tunneling methods that enable evasion of online barriers and penetration into secured networks.. ICMP Tunneling, Network Security Techniques, Data Exfiltration. . Benjamin D. Thomas
Jun 30, 2006
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More