Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 8 articles for you...
83
data protectionthreat analysisincident responseCombatting BlackLock Ransomware: Strategies for Linux Security Admins
Since its discovery in March 2024, BlackLock (also known as El Dorado or Eldorado) has quickly established itself as a serious threat within the ransomware-as-a-service ecosystem. Linux security admins face an adversary capable of targeting Linux environments alongside Windows and VMWare ESXi systems. Its custom malware poses an additional danger with its double extortion strategy involving data encryption and theft to coerce victims into paying ransom. . Linux administrators seeking to defend against BlackLock must keep systems updated, implement reliable backups, and increase endpoint security. Understanding BlackLock's infrastructure and tactics - such as sophisticated data leak sites or recruitment via cybercriminal forums - is also key. By being aware of their techniques and evolution, we can better safeguard environments against this rapidly growing threat. Let's take a closer look at BlackLock ransomware, its defining tactics and techniques, and practical measures you can take to secure your Linux environment against this advanced threat. The Rising Threat of BlackLock BlackLock’s ascent in the ransomware world has been nothing short of alarming. By Q4 of 2024, activity linked to BlackLock had surged by an astounding 1,425%, marking it as a threat that cannot be ignored. This exponential growth is due to its widespread campaigns and sophisticated ransomware attack approach. Unlike many ransomware groups that rely on off-the-shelf malware, BlackLock invests in developing custom malware tailored for maximum impact. This bespoke approach allows them to fine-tune their attacks to specific vulnerabilities, enhancing their success rate. Understanding BlackLock's Double Extortion Tactic BlackLock stands out for employing an advanced double extortion tactic. Traditional ransomware attacks primarily threaten victims with data encryption: attackers encrypt victim's data and demand payment in exchange for decryption keys. However, Blacklock takes this a step further by not onlyencrypting but also exfiltrating data. BlackLock victims risk their data being released publicly or sold if they fail to comply with ransom demands made by attackers. BlackLock uses this tactic to exert double pressure on victims. Data leaks can devastate businesses, as they threaten reputational harm, legal liability, and client trust issues - increasing the chance that victims pay the ransom and making this approach very lucrative for BlackLock. Practical Advice for Protecting Linux Environments Given BlackLock’s specific targeting of Linux systems, Linux security admins must adopt proactive and comprehensive defense strategies. Ensuring all systems are routinely updated with the latest security patches is a crucial first step. Outdated software often has unpatched vulnerabilities that attackers can exploit, so staying current is imperative. Beyond updates, admins should focus on implementing robust backup solutions . Having regular and isolated backups can mitigate the impact of ransomware by ensuring that critical data can be restored without succumbing to ransom demands. However, it is essential to test these backups regularly to ensure they function correctly when needed. Enhancing Endpoint Security Enhancing endpoint security is another essential aspect of combatting BlackLock. Implementing advanced endpoint protection solutions with real-time threat detection and response features can assist in quickly detecting and neutralizing ransomware before it causes irreparable harm to systems and data. As BlackLock often deploys customized malware, behavior-based detection mechanisms will prove particularly effective in mitigating risk. Reducing administrative privileges can limit the extent of an attack, providing users with only those permissions required for their roles. Using multi-factor authentication (MFA) on critical systems can further lower risk. This helps admins prevent ransomware from spreading across networks. Understanding BlackLock's Infrastructure Anessential aspect of combatting BlackLock involves understanding its infrastructure and evasion techniques. With secure communication mechanisms, BlackLock uses sophisticated data-leak websites that are well-protected against takedown attempts. Awareness of their operations and regularly checking known threat actor forums can provide valuable insights into upcoming threats or ongoing campaigns that BlackLock may undertake. BlackLock's recruitment on cybercrime forums indicates a well-planned and expanding operation. It also provides security professionals with early warning of new tools and techniques that collaborators might employ and provides critical intelligence gathering to anticipate attacks. The Importance of Incident Response Planning Even with the most stringent precautions in place, breaches may still occur. Therefore, having a comprehensive incident response plan in place is crucial - one that outlines specific steps for detecting, containing, and eliminating ransomware from your network, along with protocols for communicating with stakeholders and law enforcement officials in case an attack does occur. Regular incident response drills can help ensure that teams are prepared to act swiftly and effectively should a ransomware attack occur. Such drills help identify any gaps or flaws in their response plans and allow them to fine-tune processes and procedures. Our Final Thoughts on Staying Vigilant in the Face of This RaaS Threat BlackLock's rapid ascension as a significant ransomware threat reinforces the necessity of vigilance and preparation to combat attacks like these. By understanding BlackLock's tactics, techniques, and infrastructure, we can better defend our environments against potential attacks. Staying up-to-date with ransomware developments, regularly updating and backing up systems , strengthening endpoint security, and having an incident response plan are essential components of an effective defense strategy. In the face of sophisticated adversaries like BlackLock,taking a proactive and informed approach is the only effective means of protecting sensitive data while upholding your Linux system's safety and integrity. . System administrators need to remain informed and bolster device safety measures to tackle BlackLock ransomware with efficiency.. Linux Ransomware Protection, BlackLock Threat, Endpoint Security Strategies. . Brittany Day
Feb 20, 2025
•
Hacks/Cracks
83
incident responsebackup strategiesransomwareLockBit 4.0 Ransomware Warning: Prepare Linux Defenses Now
LockBit ransomware group recently made headlines when they revealed their upcoming version, LockBit 4.0, signaling an imminent increase in sophisticated cyberattacks against Linux systems and VMware ESXi infrastructure. This announcement serves as a wake-up call for Linux security admins to fortify defenses against potential incursions with proactive strategies for protecting their systems against ransomware attacks. . In this article, I'll examine this threat in detail, explain how it differs from previous LockBit variants, and offer practical advice for securing your systems against evolving Linux ransomware variants. Examining Previous LockBit Ransomware Variants Over time, LockBit ransomware has evolved significantly , with each version becoming increasingly sophisticated and challenging to combat. Initial versions, such as LockBit 1.0 and 2.0, targeted Windows systems by encrypting files and demanding ransom payments to unlock them. They used techniques like phishing emails and exploit kits to infiltrate networks quickly with fast encryption speeds, leaving victims no time to react quickly enough. LockBit evolved along with Linux ransomware trends. By the time LockBit 3.0 debuted, it had integrated more advanced features. Targeting Linux systems--an indication of their rising use in corporate environments--it began using data exfiltration techniques if its ransom wasn't paid. This evolutionary step demonstrated LockBit's adaptability and its developers' commitment to staying ahead of cybersecurity defenses, making it a formidable threat in today's ransomware environment. Understanding & Mitigating the LockBit 4.0 Threat LockBit ransomware has long disrupted various industries by encrypting data and demanding ransom for its release. LockBit 4.0 is more advanced than previous versions, using different techniques to penetrate Linux systems more rapidly. Their use of multiple Tor sites indicates an enhanced infrastructure intended to bypass detection efforts and takedown attempts..Understanding these evolving tactics is integral for Linux security administrators to anticipate and counter this threat. Effective measures you can implement to mitigate your risk of LockBit 4.0 attacks include: Timely Patching and Updates A key part of preparing for LockBit 4.0 involves ensuring all Linux systems are up-to-date with security patches , as cybercriminals often exploit vulnerabilities to gain entry to systems. Regularly upgrading the kernel , your Linux distro(s) , and software packages installed is necessary to close any security gaps ransomware may exploit. Admins should implement an efficient patch management process by prioritizing critical updates while scheduling lower-priority patches accordingly. Regular Backup Strategies Regular backup strategies are a critical defense against ransomware attacks. Regular backups ensure that organizations can restore their data without falling prey to ransom demands in the event of infection. For best results, these backups must be stored offline to avoid compromise by ransomware. Testing the process periodically helps ensure recovery can occur efficiently and effectively when required. Adding solutions with versioning capabilities may even enable organizations to retrieve information back from before infection occurs. Advanced Endpoint Protection Deploying advanced endpoint protection solutions tailored for Linux systems is another essential measure to combat ransomware attacks. Such solutions must include behavior-based detection techniques capable of recognizing suspicious activities that might indicate ransomware intrusions, along with signature-based detection, Machine Learning, and heuristic analysis for enhanced detection and response capabilities against ransomware threats. Network Segmentation and Access Controls Network segmentation is essential in controlling ransomware across an organization's infrastructure. Administrators can limit and control potential malware from spreading laterally by breaking theirnetwork into smaller segments. Implementing strict access controls ensures that only authorized personnel can enter sensitive parts of their network, decreasing the chances of unwarranted access leading to further ransomware proliferation. Furthermore, monitoring traffic for unusual patterns may assist with the early identification of possible compromises or breaches. User Awareness and Training Human error remains a primary factor in cyberattacks, so increasing user awareness of ransomware threats and training them to recognize suspicious activities can significantly lower the risk of infection. Regular security awareness training sessions should be held, emphasizing phishing attempts and social engineering tactics hackers use to deploy ransomware. Encouraging all users to report suspicious activities promptly increases the chances of identifying and remedying threats faster. Incident Response Planning An effective incident response plan is key to mitigating the effects of ransomware attacks. An incident response plan must clearly outline steps to be taken once an attack has been detected, such as isolating infected systems, communication protocols, and the roles and responsibilities of an incident response team. By regularly updating and testing this plan, teams will be ready to respond swiftly and effectively to minimize damage, restore operations quickly, and reduce downtime while mitigating its overall impact. Staying Informed Through Threat Intelligence Staying abreast of the latest ransomware developments is key to building an effective defense against LockBit 4.0. Subscribing to security newsletters from trusted sources is one way of staying informed. Threat intelligence services offer insight into new tactics, techniques, and procedures (TTPs) used by ransomware groups that may assist in anticipating attacks and taking proactive measures before an infection occurs. Continuous Improvement and Evaluation Security is an ongoing process that requires continuous evaluation.Assessing existing security measures against emerging threats is key to staying one step ahead, and conducting regular security audits or vulnerability assessments is the best way to gain an overview of an organization's security posture and any weaknesses that need addressing. Threat-hunting activities may also help identify risks that have eluded traditional detection mechanisms. Our Final Thoughts on The Emerging LockBit 4.0 Ransomware Threat LockBit 4.0 underscores the ongoing and evolving nature of ransomware attacks on Linux systems. Linux admins must proactively strengthen system defenses and prepare for potential attacks. Employing timely patching and updates, robust backup strategies, advanced endpoint protection technologies, network segmentation strategies, and extensive user training strategies can significantly lower the risk of ransomware attacks. Maintaining an effective incident response plan and staying abreast of security threats through threat intelligence is integral to an effective security posture. With the constantly evolving cyber threats admins and organizations face, continuous improvement and vigilance remain crucial for safeguarding Linux environments from sophisticated ransomware attacks like LockBit 4.0. . Investigating the impact of LockBit 4.0 on Linux infrastructures and strategies for administrators to enhance security against ransomware threats in the current landscape.. LockBit 4.0,Linux Ransomware,Security Best Practices,Endpoint Protection. . Brittany Day
Dec 23, 2024
•
Hacks/Cracks
77
network securityrisk managementsecurity strategiesProtecting Linux Servers From TgRat Trojan Risks and Strategies
Recently, new information revealed by Doctor Web virus analysts has sent shockwaves through the cybersecurity world. It details a new cyber threat aimed specifically at Linux servers: the TgRat Trojan. This advanced Remote Access Trojan (RAT) is stealthier than its Windows equivalent, first seen in 2022. . To help you understand and protect against this emerging attack, I'll explain how TgRat works, who is at risk, and the defensive measures you can implement to secure your Linux servers. What Is TgRat & How Does It Operate? Dr. Web's team identified TgRat as a Trojan that utilizes the Telegram corporate messaging application as its target platform. Once it has infiltrated systems, TgRat uses Telegram bots to establish communication channels with each other, turning an everyday application into an instrument of cybercrime. Once infected, TgRat starts verifying its victim by comparing its hash against a predefined string. If it matches, TgRat activates, connects to the internet, and initiates contact with its Telegram-controlled command-and-control (C&C) server for control and communication purposes. The use of Telegram is particularly ingenious, as traffic to its servers is typically perceived as harmless and thus hides trojan activity. Attackers can then send commands to an infected system through private Telegram groups to complete various tasks, such as downloading and uploading files, running commands, or taking screenshots. Who Does This Threat Target? Organizations using Linux servers are at particular risk, especially if their network security measures do not actively monitor encrypted traffic or the execution of unrecognizable scripts. Telegram is a widely used app, so its data exchange could bypass traditional security frameworks unnoticed. Companies without rigorous endpoint protection or segmentation could be vulnerable to system infiltration if even one node is compromised and falls prey to widespread system infiltration. Defensive Strategies Against TgRat for LinuxAdmins To effectively defend against threats like TgRat, system admins should implement a multi-layered security plan. Below are steps you can take to protect Linux servers: Implement Strict Network Monitoring: For adequate network security, utilize intrusion detection systems (IDS) and intrusion prevention systems (IPS), with monitoring software configured to flag any potentially unwanted communication from known messaging platforms like Telegram. Regular Software Updates: To stay secure from trojans such as TgRat, keep all system software and dependencies updated . Updates often contain patches for security holes exploitable by these threats. Robust Encryption and Access Controls: Encryption alone may not protect against Trojan attacks, especially using encrypted channels like Telegram to send commands to computers and mobile phones. Implement strict access controls and use application whitelisting so only authorized scripts and processes can run. Comprehensive Antivirus Solutions: Employ reputable and up-to-date antivirus solutions capable of detecting known trojans and suspicious system behaviors related to unknown malware variants. Employee Education and Awareness: Since trojans may arrive through phishing attacks or social engineering techniques, raising employee awareness of unexpected links or attachments is one of the best defense mechanisms against trojans. Backup and Disaster Recovery Plans: Maintain regular backups stored safely offline and update them as often as necessary. An effective disaster recovery plan can significantly limit any data breach damage. Segmenting Networks: Dividing up your network into segments can limit how far an attacker can travel laterally across it if they gain entry to one area. Our Final Thoughts on TgRat The recent discovery of the TgRat trojan targeting Linux servers is a stark reminder of how cybercriminals exploit widely used technologies, even ones traditionally considered secure , like Linux. Nosystem is immune from sophisticated malware attacks. Proactive security enhancement and monitoring with swift response strategies will be critical in combatting future cybersecurity threats. . Discover a range of exciting activities and adventures designed to create lasting memories for everyone in your group and enhance your experience. TgRat Trojan,Linux security,malware threats,remote access trojan,cybercrime prevention. . Dave Wreski
Aug 05, 2024
•
Server Security
83
cyber threatssecurity incidentransomwareExploring CL0p Ransomware's Threats to Linux Systems and Businesses
"Variants of CL0p were initially only found on Windows systems, but the gang also developed a Linux variant toward the end of 2022, reflecting the diversity of endpoint operating systems used by modern businesses. In an interesting, flawed technical glitch, security researchers noted that the Linux version’s encryption is easily reversible using a simple decryptor." . CL0p is a notorious name on the ransomware scene, and with good reason. The gang’s members have been responsible for a series of high-profile attacks since security researchers first spotted their ransomware strain in the wild back in 2019. Our internal data shows that CL0p continues to cause havoc and will likely supplant LockBit as the top ransomware gang in 2023. Here is a deep dive into the CL0p ransomware and the gang’s attacks. CL0p is the name given to a group of Russian-speaking threat actors who use a ransomware strain that appends the extension .CL0p onto encrypted system files. The gang’s members tweaked a previously used ransomware strain known as CryptoMix to create ransom.CL0p. The group is financially motivated and began its operations by targeting businesses earning at least $5 million in annual revenues. Among the techniques used in traditional CL0p ransomware attacks are local file deletion, evading sandboxes, downloading tools from external URLs and halting system processes. Attacks commonly feature the Truebot tool, which collects and transmits information about the local system in addition to loading malicious shell code and other program modules. The popular adversary simulation tool Cobalt Strike helps CL0p threat actors expand their network access to multiple systems. The link for this article located at Security Boulevard is no longer available. . The LockBit ransomware group broadens its approach by targeting macOS systems, exploiting vulnerabilities and wreaking havoc throughout networks.. CL0p Ransomware, Linux Malware, Threat Actors, Cybercrime, EndpointSecurity. . LinuxSecurity.com Team
Aug 21, 2023
•
Hacks/Cracks
78
cyber threatsmalware defensephishing preventionDefend Mac And Linux Devices Against Cyber Threats With Microsoft Defender
Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows. . Microsoft’s security tools aren’t just for Microsoft platforms, because attackers don’t just go after Windows. “Over the last few years, we’ve seen the threat landscape evolve where attackers and cyber criminals are targeting all platforms equally,” Tanmay Ganacharya, partner director for security research at Microsoft, told TechRepublic. “We’ve seen a significant rise in vulnerabilities being found and reported for non-Windows platforms, and also in malware and threat campaigns in general.” . Microsoft's security solutions bolster defenses for Windows and Unix systems against emerging cybersecurity challenges aimed at access credentials.. Microsoft Defender, Endpoint Protection, Cross-Platform Security, Malware Defense, Phishing Prevention. . LinuxSecurity.com Team
Nov 26, 2022
•
Vendors/Products
214
security issuemalwarecyber threatShikitega Malware: New Threat to Linux Desktops and IoT Devices
AT&T Alien Labs has discovered Shikitega, a new Linux malware program targeting desktops and IoT devices. . AT&T Alien Labs has discovered a new Linux malware program targeting endpoints and IoT devices. Usually, Linux malware targets servers and cloud instances. You know, where there’s big-time CPU horsepower to turn to cryptocurrency mining . Shikitega, however, likes to go for the low-hanging fruit of desktops and IoT devices. Of course, it will happily attack servers as well. Like all malware, it’s an equal opportunity attacker. . Unveiling Shikitega, an emerging malware strain aimed at Linux workstations and Internet of Things gadgets, heightening cybersecurity worries.. Shikitega malware, Linux security, IoT Device Malware. . Brittany Day
Sep 30, 2022
•
IoT Security
83
security threatendpoint protectionbpf malwareThousands of Linux Systems Compromised by BPFDoor Chinese Malware
Researchers have uncovered a highly-evasive Chinese surveillance tool using the Berkeley Packet Filter (BPF). The malware, dubbed BPFDoor, is present on “thousands” of Linux systems, its controller has gone almost completely unnoticed by endpoint protection vendors despite it being in use for at least five years. . This is the second malware type using BPF in Linux for covert surveillance revealed this year, following Pangu Lab’s discovery of an apparent NSA backdoor, which they named Bvp47 in Feb 2022. Security researcher Kevin Beaumont suggested at the time that BPF (or extended BPF, eBPF) was being used by other threat actors. Beaumont, who previously worked at Microsoft, warned then of the security implications of bring eBPF to other platforms beyond Linux, including Windows. “I really, really hope Microsoft have threat modelled what will happen to security when they bake eBPF into the base OS,” he said on Twitter. (Microsoft in March 2021 announced a new open source project to make eBPF work on Windows 10 and Windows Server 2016 and later.) . Uncover the hidden Chinese spyware BPFDoor, a BPF-centric menace stealthily operating for half a decade, targeting Linux environments.. BPF Malware, Chinese Tools, Linux Security, Covert Surveillance, Endpoint Threats. . LinuxSecurity.com Team
May 10, 2022
•
Hacks/Cracks
74
application securityinput validationcyber defenseExploring Whitelisting as an Underrated Security Technology
Last week we looked at security technology some readers consider overvalued. This week we're back to study the other side of the coin. Here are four techniques and related technologies several cited as underrated in today's security fight. Since one security pro's miracle tool is another's waste of budget, it's no surprise that a couple of the technologies panned last week are praised here.. Whitelisting Application security is something companies increasingly worry about, as the number of business and personal apps proliferate. Hackers are targeting everything from online banking apps to the gaming apps popular on such social networks as Facebook. Web Application Firewalls (WAFs) are among the technologies designed to reduce the risk. One of the more overlooked features of the technology is whitelisting -- the art of allowing only traffic known to be valid to pass through the gate; thus providing an external input validation shield over the application. Andy Willingham, senior security engineer at E-chx Inc. and founder of AndyITGuy Consulting, believes whitelisting and URL filtering are too quickly dismissed as too difficult. "Most people think that it's too hard to limit what people can run and where they can go," he said. "We've reached the point where we can't just let people do what they want. Too many preach that if we want to attract and retain good employees that we have to allow them to install programs and surf freely but until we get virtual environments to the point where everything is its own virtual session and can be 'cleared' at will or regularly, then we have to start locking down." Chris Young, a VP at ISM Inc., said the biggest setback for this technology has been inconsistency on the management side, but that this piece is improving. "We are at the point where this is no longer a problem and new programs can be added with minimal/no admin assistance in a secure and controlled manner," he said. "On the endpoint it should not be seen as a locking down of the system in that userswon't be able to have any freedom, but it provides admin/user education in the sense that it forces admins/users to check what they are downloading first to make sure it is a legit program and conforms to company policy." The link for this article located at CSO Online is no longer available. . Utilizing often-overlooked techniques like application whitelisting can significantly enhance cybersecurity measures by allowing only trusted apps to run, reducing risks and potential damage.. Underrated Security Technologies, Whitelisting, Application Security. . Alex
Mar 19, 2010
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More