Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 15 articles for you...
210
security advisoryremote code executionpatch managementGoogle Chrome 124 Critical Security Update: Risks and Impact on Linux
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw enabling remote attackers to execute arbitrary code, potentially resulting in data loss or full system compromise. The Google Stable channel has been updated to 124.0.6367.78 for Linux, mitigating these dangerous bugs. To help you safeguard your critical Linux systems and sensitive data, let's examine the flaws found in Chrome and Chromium - its open-source foundation, their security implications, and the importance of patching to secure your systems. . What Vulnerabilities Have Been Discovered & Fixed in Google Chrome? A critical Type Confusion vulnerability has been found in the ANGLE graphics layer engine ( CVE-2024-4058 ). This flaw allows attackers to remotely execute arbitrary code or perform sandbox escapes, which can result in unauthorized access, data loss, corruption, or complete system compromise. This presents a significant threat to user privacy and information security. This vulnerability was discovered by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure. As a result, Google awarded them a $16,000 bounty. This raises questions about the effectiveness of Google's bounty program and whether the rewards are proportionate to the severity of the flaws discovered. It also highlights the role of ethical hacking and bug bounty programs in identifying and patching vulnerabilities. Another high-severity vulnerability identified is an out-of-bounds read in the V8 API ( CVE-2024-4059 ), also addressed in this update. However, Google Chrome withheld information regarding the reward for this issue. This lack of transparency raises concerns about how rewards are assigned in bug bounty programs and whether specific vulnerabilities are prioritized less. Admins and security practitioners must understand the full extent of the vulnerabilities and their implications, as this information can inform their risk assessment and mitigation strategies. Furthermore, a use-after-free condition hasbeen identified in the Dawn implementation of the WebGPU standard ( CVE-2024-4060 ). While details about the reward for this issue are also withheld, this issue emphasizes the importance of thoroughly testing and reviewing open-source software , as even popular and widely used projects can contain critical security flaws. What Are the Implications & Longterm Consequences of These Flaws? The implications of these vulnerabilities go beyond immediate risks. They raise questions about the effectiveness of the software development and testing processes employed by Google and the broader industry. We cannot understate the impact of these vulnerabilities on admins and organizations. They expose sensitive data, leading to financial loss and eroding trust in online platforms. Therefore, Linux admins and impacted organizations must immediately update Chrome to the latest version to ensure their systems are secure. You will find information on how to update to Chrome 124 here. Our Final Thoughts on These Google Chrome Bugs This critical security update for Google Chrome addresses several vulnerabilities, including a crucial flaw that enables attackers to steal data and fully compromise systems. In this article, we've highlighted the implications and raised questions about the effectiveness of bug bounty programs, the transparency of rewards, and the development and testing processes employed by Google. As security practitioners and members of the open-source community, it is crucial to understand the implications of these vulnerabilities and take immediate action to update systems and advocate for robust security practices . By staying informed and proactive , we can better protect ourselves and our organizations from potential cyber threats. . Assess fundamental weaknesses in the Chrome version 124 upgrade aimed at reducing vulnerabilities to data compromise and security breaches for Linux operating system users.. Chrome Security Update, Critical Flaws in Chrome, Linux Browser Security, BugBounty Program Insights. . Brittany Day
May 30, 2024
•
Security Vulnerabilities
215
security advisoryarbitrary code executionKDEKDE Warning: Global Themes May Cause Data Loss and Execution Threats
The KDE team has warned Linux users about the potential risks of installing global themes. They have emphasized the need for vigilance and careful consideration when downloading and using themes, even from official sources like the KDE Store. Global themes and widgets created by third-party developers can run arbitrary code, resulting in unexpected consequences, including deleting personal data. At least one user had had their files wiped after installing a faulty global Plasma theme. . What Are the Risks of Installing Global Themes? How Can I Avoid These Dangers? KDE's warning highlights an important issue that could have significant implications for Linux users and the broader open-source community. The fact that arbitrary code execution is required for global themes to customize the desktop's appearance raises concerns about security and integrity. The potential for malicious actors to exploit this functionality is a severe security risk that should not be taken lightly. It is crucial to note the lack of resources for reviewing the code used in each global theme before they are included in the official KDE Store. This raises questions about the responsibility of both the developers and the users. While developers should ensure that their themes are thoroughly tested and free from malicious code or vulnerabilities , users should exercise caution and thoroughly evaluate them or rely on reviews from trusted sources. KDE has shared one specific incident where a global theme deleted personal data using the rm -rf command without warning or confirmation. This is a concerning example of potential damage. This incident highlights the need for robust security measures and thorough validation processes within the KDE Store and other repositories to ensure the safety of Linux users. The implications of this issue go beyond data loss. It raises questions about users' trust and confidence in the themes available in open-source repositories. Malicious actors' ability to upload themes withoutproper vetting or oversight can undermine the overall security of the Linux ecosystem. The KDE team and other open-source communities must take immediate steps to address this issue, including implementing more robust validation processes and promoting user awareness and education about the potential risks. Linux admins must remain vigilant and exercise caution when downloading and installing themes or any other software, even from trusted sources. They should thoroughly evaluate the code and functionality of themes before implementation, considering the potential consequences of executing arbitrary code on their systems. Our Final Thoughts on the Implications of KDE's Warning This article serves as a timely reminder to the Linux community about the importance of security and caution, even within the open-source world. The previously mentioned data loss incident is a stark reminder of the potential risks and the need for robust security measures. As security practitioners, we must remain proactive in identifying and mitigating potential vulnerabilities and educating users about the dangers they face. . KDE alerts users regarding dangers posed by global themes that could erase personal files. Discover strategies to safeguard against these risks.. KDE Themes Risks, Open Source Security, Linux Data Security. . Brittany Day
Mar 22, 2024
•
Desktop Security
79
security advisorycriticaldebianDebian 12.3 Release Postponed Because of EXT4 Data Loss Issue
The Debian project has announced that it is delaying the release of its next version, Debian 123. This delay is because developers are working on fixing a bug that causes EXT4 file systems to become corrupt. . The bug occurs when the system writes too much data in too short a time to the EXT4 file system, leading to data loss and corruption. This affects only some distributions based on Debian, such as Ubuntu, Linux Mint, and Raspbian. The bug was found by a developer named Timo Teräs, who posted about it on Launchpad, an open-source collaboration website owned by Canonical Ltd. After finding out about the bug, Canonical contacted Debian about it and suggested that they delay releasing their new version until they could fix this issue. The team at Debian then decided to delay their release until they could fix this problem so that there would not be any risk posed by using EXT4 file systems within their operating system (OS). Check out the article linked below for more details on this bug. I'm disappointed to see this release put on hold, but happy to see the Debian team prioritizing security over speed. The link for this article located at Phoronix is no longer available. . Debian delays version release for EXT4 data corruption issue, ensuring system integrity before launch.. Debian Release Delay, EXT4 Corruption Issue, Data Loss. . LinuxSecurity.com Team
Dec 10, 2023
•
Security Projects
210
security advisorycriticaldata lossLinux Kernel 5.12 RC2 Early Release: Critical Swap File Issue Resolved
Linux Kernel 5.12 RC2 has been released early due to a nasty swap file bug. Do not use Linux Kernel 5.12 RC1 for testing - you stand to lose data! . In the Kernel mailing list, Linus Torvalds announced the early release of Linux Kernel 5.12 rc2. The reason for early release because of a critical swap file bug that exists in Linux Kernel 5.12 rc1 which may cause direct damage to your file system data by overwriting them. If your Linux distribution uses swap files (not swap partition) and if you are running the Linux Kernel 5.12 rc1 then you are probably impacted. . The release of Linux Kernel 5.12 RC2 has been expedited in response to a significant swap file problem that poses threats of potential data loss.. Kernel Update, Critical Bug, Early Release, Data Loss, Linux Kernel. . Brittany Day
Mar 09, 2021
•
Security Vulnerabilities
83
security advisorycriticaldata lossLinux 5.1 Critical Advisory: Data Loss Risk from FSTRIM on LVM and dm-crypt
As a forewarning to those using LVM, dm-crypt, and Samsung solid-state drives, this combination in some manner(s) may lead to data corruption if using the Linux 5.1 kernel. . Linux FSTRIM/Discard is being too aggressive leading to data loss on certain setups, which at this point seem to be isolated to those using LVM and dm-crypt. The device mapper bug in Linux 5.1 is causing for blocks to be discarded wrongly or too much and that can lead to "massive data loss" issues. The link for this article located at Phoronix is no longer available. . The FSTRIM utility in Linux could significantly threaten data integrity for users of Logical Volume Management, dm-crypt, or Samsung SSDs. Linux Kernel, Data Loss Bug, Overly Aggressive FSTRIM, LVM, dm-crypt. . LinuxSecurity.com Team
May 25, 2019
•
Hacks/Cracks
83
malwarecybersecuritylegal documentsUS Law Firm Battles Major Data Loss From Cryptolocker Ransomware
A small US law firm has bravely admitted losing its entire cache of legal documents to the Cryptolocker Trojan despite attempting to pay the $300 (. According to TV reports, Goodson The link for this article located at TechWorld is no longer available. . According to TV reports, GoodsonThe link for this article located at TechWorld is no longer availabl. small, bravely, admitted, losing, entire, cache, legal, documents, cryptoloc. . LinuxSecurity.com Team
Feb 07, 2014
•
Hacks/Cracks
77
security threatsmalware riskdata lossEC2 Security Concerns: Unauthorized Access And Malware Risks
Using Amazon's EC2 (Elastic Compute Cloud) can pose a security threat to organizations and individuals alike, though Amazon's not to blame, according to researchers from Eurecom, Northeastern University, and SecludIT. . Rather, third parties evidently are not following best security practices when using preconfigured virtual machine images available in Amazon's public catalog, leaving users and providers open to such risks as unauthorized access, malware infections, and data loss. The researchers say similar security vulnerabilities may be present in other public clouds from such providers as Rackspace, IBM, Joyent, and Terremark. The underlying message is that for all the power and opportunity of public clouds, providers and users alike need to approach with caution and embrace best security practices. Cloud infrastructure providers can't be expected to assess the security of every image, bit, and transaction that occurs on their machines any more than an apartment landlord can be responsible for everything that happens within his or her complex -- that is, what tenants do behind closed doors in the spaces they rent. The link for this article located at InfoWorld is no longer available. . Rather, third parties evidently are not following best security practices when using preconfigured v. using, amazon', (elastic, compute, cloud), security, threat, organizations, individua. . LinuxSecurity.com Team
Nov 10, 2011
•
Server Security
77
data backupdata losssecurity practiceEssential Strategies for Data Protection on World Backup Day
Hello, world! Today it's your Backup Day. World Backup Day is a new idea promoted by a small team of Redditors, and it's a good idea. You can never be too careful when it comes to backing up.. By the way, this is about your data, and not calling your buddies over for help in a hostile situation, which is not really my area of expertise. So let's talk backups! Basically it means putting your data in multiple places so that if something happens to one place (let's say you forget your laptop on the top of your car and subsequently back over it), that important PowerPoint presentation you've been working on isn't lost. The link for this article located at CNET is no longer available. . Safeguarding your information is crucial. Keep your vital documents safe; find out how to remain secure this World Backup Day.. Secure Data Backup, Multi-Location Storage, Prevent Data Loss. . LinuxSecurity.com Team
Apr 01, 2011
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More