Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 6 articles for you...
210
security advisoryzero-dayattack vectorphpMyAdmin Zero-Day Advisory: Medium Severity CSRF Attack Risk
Are you a phpMyAdmin user? A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages. Learn more: . The bug makes it possible for an attacker to delete a server by hijacking a user’s account in phpMyAdmin , a 21-year-old open-source tool used to manage MySQL and MariaDB databases. The flaw is a classic cross-site request forgery (CSRF). It’s a long-used attack in which an attacker can force a logged-in user’s browser to perform malicious actions such as changing their account details. A browser request includes any details associated with the site, such as the user’s session cookie, making it difficult to distinguish between the real request and a forged one. The bug report on the Full Disclosure mailing says that an attack would have to target phpMyAdmin’s setup page. The CVE listing for the bug gives it a medium severity rating. The link for this article located at Naked Security is no longer available. . A critical vulnerability in phpMyAdmin enables the unauthorized removal of servers through CSRF exploits; discover the specifics today.. phpMyAdmin Security Bug, zero-day Vulnerability, CSRF Attack, Database Security. . Brittany Day
Sep 20, 2019
•
Security Vulnerabilities
210
security advisoryzero-daydatabase managementphpMyAdmin Critical CSRF Flaw: Zero-Day Warning for All Versions
Are you a phpMyAdmin user? A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. Learn more: . phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other content management platforms. Discovered by security researcher and pentester Manuel Garcia Cardenas , the vulnerability claims to be a cross-site request forgery (CSRF) flaw, also known as XSRF, a well-known attack wherein attackers trick authenticated users into executing an unwanted action. The link for this article located at The Hacker News is no longer available. . Discover the latest vulnerabilities discovered in phpMyAdmin that impact every version, presenting major threats to security. Keep yourself updated!. phpMyAdmin zero-day, CSRF attack, database vulnerability, MySQL security. . Brittany Day
Sep 18, 2019
•
Security Vulnerabilities
72
data protectionencryptiondatabase managementInnovative Data Protection By Raluca Ada Popa Without Firewalls
Raluca Ada Popa found a fix for one of cybersecurity’s most fundamental challenges: securing computer systems without employing firewalls to keep hackers out. . Popa’s breakthrough work started with practical database management systems that could work on encrypted data. Though encrypting data had worked for simple messaging applications like WhatsApp, it was too sluggish for systems that needed to also run calculations on the data, like databases and web applications. But Popa found a way to make computation on encrypted data practical. Today, her encryption systems work with a range of applications and provide a level of protection that firewalls cannot: even if attackers break in, they have no way to decipher the data. The link for this article located at MIT Technology Review is no longer available. . Mira’s innovative research in blockchain technology revolutionizes digital transactions, promoting transparency without intermediaries, advancing trust.. Computer Security, Encryption Systems, Cybersecurity Innovations. . Brittany Day
Jun 26, 2019
•
Firewalls
77
cyber threatsdata securitysecurity practicesEnhancing Database Administrators' Role in Protecting Data Security
In the past, database administrators weren't expected to do much with security. Their focus was on the speed, performance, and accuracy of the data. Security was a relatively low priority. Recently, however, that prioritization has begun to shift. . The number of structured information stores is mushrooming within the enterprise. The value of the data increases as businesses share it with customers and partners. Regulators and auditors are taking a hard look at who has access to database information. And financially motivated hackers are salivating at the prospect of breaking into these concentrated -- and potentially lucrative -- repositories of data. All of these trends are converging to form one universal truth of data protection: DBAs can no longer ignore security. Like their administrative counterparts in Windows and networking environments, DBAs must finally knuckle down and count security as a vital part of their jobs. The link for this article located at Dark Reading is no longer available. . The increasing significance of data engineers in safeguarding critical information against escalating online dangers is vital.. Data Security, Database Management, Cybersecurity, Security Best Practices. . LinuxSecurity.com Team
Aug 07, 2009
•
Server Security
77
MySQLopen sourcebackup strategiesEssential Backup Techniques For MySQL Database Management
Backing up files and directories is relatively easy; databases, however, have some special quirks that you need to address. Our examples use MySQL, but the same principles apply to PostgreSQL and other relational databases. This article is excerpted from O'Reilly's recently published book Linux System Administration . . The link for this article located at Linux.com is no longer available. . Uncover crucial strategies for safeguarding MySQL databases while maintaining dependable data accuracy.. MySQL Backup Techniques, Database Management, Data Integrity Best Practices. . LinuxSecurity.com Team
May 30, 2007
•
Server Security
77
security advisorydata protectionsecurity riskOracle Acquires SleepyCat: Security Risks In Embedded Databases Examined
With Oracle Corp.’s purchase last week of open-source embedded software maker SleepyCat Software Inc., at least one security analyst believes that Oracle -- which has come under fire for security vulnerabilities in its core database -- could be adding more potential problems. SleepyCat’s BerkeleyDB database has been deployed more than 200 million times, according to London-based research firm Ovum Ltd. Those deployments range from network routers and cell phones to business applications and popular Web sites. . The link for this article located at ComputerWorld is no longer available. . As Oracle advances in acquiring SleepyCat's database tech, security experts express concerns over the integration possibly compromising essential protocols and privacy.. Oracle Security, Embedded Databases, SleepyCat Concerns, Data Protection Risks. . LinuxSecurity.com Team
Feb 22, 2006
•
Server Security
77
SQL injectiondatabase managementdetection techniquesTechniques for Detecting SQL Injection in Oracle Databases
Last year I wrote a two-part paper about SQL Injection and Oracle. That paper explored which SQL injection techniques are possible with Oracle, gave some simple examples on how SQL injection works and some suggestions on how to prevent attackers and . . . . Last year I wrote a two-part paper about SQL Injection and Oracle. That paper explored which SQL injection techniques are possible with Oracle, gave some simple examples on how SQL injection works and some suggestions on how to prevent attackers and malicious employees using these methods. This paper takes the subject further and investigates the possibilities for the Oracle Database Administrator (DBA) to detect SQL injection in the wild against her Oracle database. Is it possible to detect SQL injection happening? If so what tools and techniques can be employed to achieve this? The main focus of this paper is to explore some simple techniques in extracting logging and trace data that could be employed for monitoring. The aim is to show the reader what data is readily available so they can make their own mind up about what can be useful. The paper will not cover commercial solutions. Because a true SQL injection tool would involve writing a parser or filter to analyse the SQL statements a fully featured tool is unfortunately beyond the scope of a short paper - I leave the implementation of such a tool to interested readers. The link for this article located at SecurityFocus is no longer available. . Effectively detect SQL injection in Oracle databases using logging and monitoring strategies. Key approaches include enabling logging, monitoring logs, and analyzing user activity.. SQL Injection Detection, Oracle Security, Monitoring Techniques. . LinuxSecurity.com Team
Jul 23, 2003
•
Server Security
82
risk assessmentinformation sharingdatabase managementExploring Government Watchlists: Identifying Problems and Solutions
While errors in the Transportation Security Administration's "no-fly" list have famously raised the ire of innocent air travelers misidentified as terrorists, it's far from the only government watch list in use. In a report released this week, the General Accounting . . . . While errors in the Transportation Security Administration's "no-fly" list have famously raised the ire of innocent air travelers misidentified as terrorists, it's far from the only government watch list in use. In a report released this week, the General Accounting Office, Congress' investigative arm, counted no less than 12 different government databases cataloging purportedly dangerous people, maintained by nine different federal agencies and accessed by 50 others -- a tangled web of largely incompatible systems that the GAO would like to see merged into one. "[A]gencies have developed their respective watch lists, and have managed their use, in isolation from each other, and in recognition of each agency's unique legal, cultural, and technological environments," wrote investigators. "The result is inconsistent and limited sharing." All of those lists contain names and birth dates; others -- like the INS's "Automated Biometric Identification System" and the State Department's "TIPOFF" database -- also hold fingerprints and photographs. Some include information on large financial transactions and travel history. The link for this article located at SecurityFocus is no longer available. . While errors in the Transportation Security Administration's 'no-fly' list have famously raised the . while, errors, transportation, security, administration's, 'no-fly', famously, raised. . Anthony Pell
May 05, 2003
•
Government
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More