Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
67
data protectionencryption techniquesdisk encryptionFull Disk Encryption Techniques For Enhanced Data Protection
Today, full-system encryption in software is feasible and practical. Here's how to get up and running using solutions from PGP, McAfee, Sophos, and open-source options TrueCrypt and DiskCryptor. There was a time, not all that long ago, when a fully-encrypted system disk was something only for people with money to burn. . You bought a special disk controller which performed hardware-based encryption, and then trusted the hardware vendor to make sure everything was implemented properly -- e.g., that they were using a good algorithm, that the key size for the encryption wasn't laughably short, and so on. Today, full-system encryption in software is both feasible and practical -- although how practical will depend on the workload involved. But it's not a security silver bullet, much as it might seem to be from the outside. It can, and does, add a layer of protection that greatly reduces the risk of data compromise in the event hardware is lost or stolen. But that protection depends entirely on how it's implemented, and whether or not the user's been educated in the way an encrypted system works. The link for this article located at Information Week is no longer available. . Explore robust strategies for complete drive encryption utilizing both commercial and community-driven applications to improve information safety.. full System Encryption, Software Encryption Options, Disk Encryption Best Practices, Open Source Encryption, Data Security. . LinuxSecurity.com Team
Dec 14, 2009
•
Cryptography
67
data protectionkey managementuser authenticationEssential Dos and Don'ts for Full Disk Encryption Best Practices
Full disk encryption (FDE) systems use strong encryption algorithms to automatically protect all data stored on the hard drives of PCs and laptop computers. Users can access the data via an authentication device, such as a password, token or smart card. This enables the system to retrieve the key that decrypts the disk. On many systems, functions such as key management, access control, lock-outs, reporting and recovery are all managed centrally. . According to John Girard, an analyst at Gartner, the main differences among available products derive from their varying approaches to management, encryption strength, user authentication, policy management and value-added features, such as protection of information on removable media. Here we'll look at two prime considations in selecting encryption solutions, as well as dos and don'ts suggested by veterans of encryption implementation. The link for this article located at CSO Online is no longer available. . When implementing full disk encryption, blend expert advice with best practices. Follow essential dos and don’ts to effectively secure sensitive data.. Full Disk Encryption, Data Protection Strategies, Key Management Best Practices. . LinuxSecurity.com Team
Oct 22, 2009
•
Cryptography
77
data protectionsecure storagepassword encryptionBest Practices for Securely Storing Passwords Using MD5 Hashing
If you are developing a password-protected web site, you have to make a decision about how to store user password information securely. What is "secure," anyway? Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users' passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted. Scrambling the passwords using some home-brewed algorithm may add some obscurity but not true "security." Another approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5). . MD5 encryption is a one-way hashing algorithm. Two important properties of the MD5 algorithm are that it is impossible to revert back an encrypted output to the initial, plain-text input, and that any given input always maps to the same encrypted value. This ensures that the passwords stored on the server cannot be deciphered by anyone. This way, even if an attacker gains reading permission to the user table, it will do him no good. The link for this article located at Web Cheat Sheet is no longer available. . MD5 hashing, though not the most secure, provides fast performance, fixed output size, easy implementation, and compatibility with legacy systems for password storage. MD5 Encryption, Secure Passwords, Hashing Techniques. . LinuxSecurity.com Team
Sep 29, 2006
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More