Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
210
security advisorycriticalcritical threatUtil-Linux Advisory: CVE-2024-28085 Critical Wall Command Exploit
A critical vulnerability has been found in the wall command of the util-linux package that poses a severe security threat to Linux systems. This vulnerability, known as WallEscape and tracked as CVE-2024-28085 , has been present in every package version for the past 11 years. . It allows an attacker to exploit escape control characters to create a fake SUDO prompt on other users' terminals, ultimately tricking them into revealing their sensitive information, such as administrator passwords. The vulnerability can be exploited under certain conditions, mainly when the "mesg" utility is active and the wall command has setgid permissions. What Are the Implications of this Issue? How Can I Mitigate My Risk? This longstanding vulnerability in Linux systems poses potential risks, as attackers with access to multi-user Linux servers can leverage it to deceive unsuspecting users. This vulnerability has remained undiscovered and unpatched for over a decade, raising questions about the effectiveness of security auditing processes in open-source software developmen t. One exploitation scenario involves a fake SUDO prompt being created for the Gnome terminal, tricking users into entering their passwords. This prompts us to consider the wide-ranging implications of this vulnerability. Does this mean similar vulnerabilities may exist in other commonly used Linux utilities and commands? Are there additional attack vectors that could exploit similar flaws in terminal emulators? These questions highlight the broader security implications that necessitate further examination. This vulnerability serves as a wake-up call for Linux admins, infosec professionals, and sysadmins to prioritize patching vulnerabilities promptly . The fact that the exploitation of WallEscape requires local access limits its severity to some extent. However, in multi-user environments like organizational servers, the risk is heightened. System administrators are advised to upgrade to linux-utils v2.40 or implement mitigations byremoving setgid permissions from the wall command or disabling the message broadcast functionality using the 'mesg' command. In terms of long-term consequences, this issue highlights the need for continuous security monitoring and regular updates in the Linux ecosystem. The discovery of this decade-old vulnerability reveals the importance of comprehensive security audits and continuous testing to uncover hidden weaknesses that might have been overlooked. Additionally, it highlights the significance of collaboration within the open-source community to ensure timely vulnerability identification and patching. Our Final Thoughts on This Linux 'wall' Bug This article aims to shed light on a critical vulnerability in Linux systems and raise important questions about the overall security landscape of open-source software. It is an urgent reminder for Linux admins and security practitioners to prioritize vulnerability patching and continuous security monitoring. By addressing the long-standing vulnerability and emphasizing the need for r obust security practices , admins can mitigate risk and improve Linux system security. . An alarming vulnerability has been identified within the wall command, enabling deceptive SUDO prompts to mislead individuals into disclosing their passwords.. Util-Linux, Wall Command, Critical Advisory, SUDO Exploits. . Anthony Pell
Mar 29, 2024
•
Security Vulnerabilities
83
security advisorysystem protectionexploit mitigationProtecting Devices from UEFI Exploits: Mitigating LogoFAIL Issues
A collection of new security vulnerabilities called LogoFAIL has been discovered hiding with the Unified Extensible Firmware Interfaces (UEFI) that we use for booting almost all modern computing devices. Linux or Windows, ARM or x86, it doesn't matter -- they're all vulnerable to these flaws! . This threat has been lurking in systems for decades. What makes it particularly concerning is the wide range of impacted consumer and enterprise-grade computers. The core of LogoFAIL is its exploitation of logos displayed on the device screen during the early boot process while UEFI is still running. Exploits occur during the earliest stages of the boot process. Hence, the attacks bypass UEFI defenses, such as Microsoft Secure Boot and Intel Secure Boot, that are meant to block bootkit infections. If you are vulnerable, you must make sure no one can get into the device in the first place. This requires patching your operating system and programs against all known attacks. Firmware fixes are on the way, but in the meantime, lock down your systems as much as you can so a LogoFAIL attacker doesn't gain a foothold. I found the article linked below helpful in understanding the specifics of this exploit and how to secure my systems against it. Check it out! . Protect your devices against LogoFAIL attacks targeting UEFI vulnerabilities in boot processes and ensure robust security practices.. LogoFAIL attacks, UEFI vulnerabilities, boot sector security, system hardening. . LinuxSecurity.com Team
Dec 14, 2023
•
Hacks/Cracks
79
security patchsystem stabilityprocess managementProposed Pkill_On_Warn Option for Boosting Kernel Security
Security researcher and Linux kernel contributor Alexander Popov has proposed a new kernel option called "pkill_on_warn" that would kill all threads in a process if that process provoked a kernel warning. This wouldn't change the default kernel behavior but if/when the patch is merged, booting the kernel with pkill_on_warn=1 would enable this new behavior to kill processes causing kernel warnings. . Currently when a process triggers a kernel warning there is no impact on that process by default. The Linux kernel does have a "panic_on_warn" option to cause a kernel panic when a warning happens, but pkill_on_warn would be less of an overkill and at least keep the system up and running. Security researcher and Linux kernel contributor Alexander Popov proposed this new pkill_on_warn option. Popov argued in the patch proposal, "From a security point of view, kernel warning messages provide a lot of useful information for attackers. Many GNU/Linux distributions allow unprivileged users to read the kernel log, so attackers use kernel warning infoleak in vulnerability exploits...Let's introduce the pkill_on_warn boot parameter. If this parameter is set, the kernel kills all threads in a process that provoked a kernel warning. This behavior is reasonable from a safety point of view described above. It is also useful for kernel security hardening because the system kills an exploit process that hits a kernel warning." The link for this article located at Phoronix is no longer available. . The suggested kill_on_alert feature intends to stop processes that trigger kernel alerts to improve system safety and reliability.. pkill_on_warn, kernel warning, exploit mitigation. . LinuxSecurity.com Team
Sep 30, 2021
•
Security Projects
79
exploit riskscyber attackssecurity flawsAnalyzing Internet Security Threats: Vulnerabilities And Risks
Updated: The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. . . .. The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities. Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red, as well as NIMDA worms - are on that list. . The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities i. updated, majority, worms, other, successful, cyber, attacks, possible, vulnerab. . LinuxSecurity.com Team
Oct 08, 2004
•
Security Projects
78
security advisoryapachechunk encodingApache Server: Chunk Encoding Worm Threat Investigation and Mitigation
In the wake of the Apache Chunk Encoding vulnerability, the fun just doesn't seem to end. There seems to be another worm on the loose. The details of it are still being investigated. Currently, there is a thread on . . . . In the wake of the Apache Chunk Encoding vulnerability, the fun just doesn't seem to end. There seems to be another worm on the loose. The details of it are still being investigated. Currently, there is a thread on Bugtraq dedicated to this discussion. Located at the website are what little details are known about this so called worm. It was recently captured by the honeypot running on Microlink.lt. It installs itself on whatever server it can find vulnerable to its exploit. The intermediate advice is to patch your server until more information can be found out. . Delve into the recent findings concerning the Apache worm tied to vulnerabilities in Chunked Encoding, along with preventive strategies. Take immediate action!. Apache Worm, Chunk Encoding, Server Exploit, Security Threats. . LinuxSecurity.com Team
Jun 28, 2002
•
Vendors/Products
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More