Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
79
security enhancementsystem securityLinux architectureLinux 6.15: MSEAL Memory Protection Enhancements for System Security
With the roll-out of Linux 6.15, security administrators are gaining access to a powerful new tool: MSEAL protection for system mappings. This feature safeguards critical virtual memory areas (VMAs) by locking down system mappings like vdso, vvar, and sigpage, ensuring they remain unchanged throughout a process’s lifecycle. . Especially beneficial for x86-64 and arm64 architectures, MSEAL is set to transform how admins approach memory protection in their environments. Let’s dive into the practical applications and benefits this new feature brings to the Linux security community. Understanding the Need for MSEAL The concept of system memory protection is a cornerstone of operating system security. Unfortunately, attackers who find innovative ways to exploit vulnerabilities, particularly memory corruption , often target this security. Many of these attacks manipulate pointers or commands to remap areas of memory that should be immutable. Traditionally, Linux has had mechanisms to protect certain areas of system memory. Still, the advent of MSEAL kicks this protection into high gear, providing a new level of defense against such vulnerabilities. What MSEAL Brings to the Table MSEAL offers a lock-down mechanism for critical memory components at its core, making them impervious to runtime modifications. This means you can prevent re-mapping of protected areas once they're set, which is crucial in preventing unauthorized access or tampering. The ability to maintain read-only and execute-only permissions on specific VMAs elevates the overall security, ensuring that threat actors cannot exploit these memory areas for malicious purposes. Understanding How MSEAL Works MSEAL achieves its protection by using a new system call that effectively seals certain VMAs. Doing so ensures that areas like vdso, vvar, and sigpage remain constant during the execution of a process. This is especially useful in environments where the integrity of these mappings is critical for system operations andsecurity. By using MSEAL, administrators can block attempts to remap these pages or change their protections after a process has started, closing a gap that has been historically exploited. Notable Benefits of Implementing MSEAL For us, Linux security admins, the benefits of implementing MSEAL are multifold. Firstly, protecting against a common vector for memory corruption exploits significantly reduces the attack surface. By maintaining the integrity of VMAs, we can have increased confidence that our systems are resilient against attacks that rely on altering process memory. Furthermore, this feature is supported on popular architectures like x86-64 and arm64, which have been widely adopted in enterprise environments, maximizing MSEAL's impact. Architectural Considerations While MSEAL currently supports x86-64 and arm64 architectures, we admins must understand its application within different system architectures. These architectures are prevalent in desktop and server environments, representing most systems used in business and enterprise settings. Implementing MSEAL on these platforms ensures a broad scope of security applications, providing a uniform method to secure memory across diverse systems. Plans for expanding support to other architectures could further this reliability, ensuring no potential exploitation paths are left open for attackers. Implementing MSEAL in Your Environment Getting started with MSEAL involves understanding your current memory protection mechanisms and identifying areas where MSEAL can enhance security. Incorporating MSEAL into existing security protocols requires a methodical approach: review current processes, identify critical VMAs for your applications, and evaluate how sealing these mappings will affect system performance and security. Additionally, we admins must keep abreast of the latest developments and best practices for implementing MSEAL to effectively leverage its full potential. Challenges and Considerations While MSEAL brings substantialbenefits, there are considerations to weigh. Admins must ensure that the locked-down VMAs do not interfere with legitimate operations requiring dynamic memory management. Understanding the trade-offs between immutability and functionality is key, as is testing in a controlled environment before rolling out broad changes. Additionally, staying informed about ongoing updates and improvements in MSEAL’s functionality will ensure compliance with the latest security standards and practices. Our Final Thoughts on MSEAL Protection in Linux 6.15 Linux 6.15's introduction of MSEAL protection for system mappings is a significant advancement for Linux security administrators, offering a robust solution to protect against memory corruption exploits. By ensuring essential VMAs are locked from modification, MSEAL significantly enhances system security, particularly on widely used x86-64 and arm64 platforms. As we look to strengthen our security posture, adopting MSEAL reflects a proactive step towards securing our environments against emerging threats. With a focus on implementation and ongoing adaptation of this tool, organizations can secure memory integrity and ensure robust protection against unauthorized modifications. . MSHIELD unveils groundbreaking improvements for safeguarding memory, bolstering defense for x86-64 and arm64 systems.. Memory Protection Techniques, System Security Enhancements, Linux Architecture Innovations, MSEAL Implementation Guide. . Brittany Day
Apr 08, 2025
•
Security Projects
83
malwareweb filteringexploit prevention.sys Directory Threats: Understanding Malware Delivery and Exploits
Our read Paul observed malware being delivered from the ".sys" directory of various web sites. The URL follows the scheme: =.... . In response to clicking on the link, the user is asked to install the software. According to Paul, he observed the link being delivered via Facebook which of course makes the message more plausible and it is likely that users install the software thinking it came from a "Friend". Before adding a specific block for ".sys", Paul's web filter caught about 60% of these exploits. Once a user follows the link, additional exe files are downloaded from ".sys" directories. The file names Paul observed are p.exe, go.exe and v2captcha21.exe. The link for this article located at SANS is no longer available. . Understand the risks associated with ".sys" folders that distribute malicious software via misleading downloads.. Malware Delivery, Exploit Prevention, Web Filtering. . LinuxSecurity.com Team
Mar 24, 2010
•
Hacks/Cracks
83
web attacksexploit preventionexploit kitExploit Kit Q406 Roll-Up Drives 71% Of December Web Attacks
A multi-exploit hack pack was responsible for nearly three-fourths of all Web-based attacks during December, a security company said Tuesday. Tagged with the moniker "Q406 Roll-up," the attack kit was behind 70.9% of last month's attacks, reported Atlanta, Ga.-based Exploit Prevention Labs. Up to a dozen different exploits make up the kit, which includes several exploits derived from the proof-of-concept code that researcher HD Moore published in July 2006 during his "Month of Browser Bugs" project. . The link for this article located at Information Week.com is no longer available. . A comprehensive malware suite is accountable for a significant portion of December’s online assaults, exposing critical cybersecurity vulnerabilities.. Hack Kit Trends, Web Exploits, Cyberattack Statistics, Exploit Prevention. . LinuxSecurity.com Team
Jan 25, 2007
•
Hacks/Cracks
77
Red HatSuSEintrusion preventionExplore ISS Proventia Server For Linux: Intrusion Prevention Features
Internet Security Systems announced Linux support for its Proventia Server Intrusion Prevention System product line. Key features of Proventia Server for Linux include vulnerability-based intrusion prevention, Buffer Overflow Exploit Prevention (BOEP) and support for Red Hat Enterprise Linux and SuSE Linux Enterprise Servers. . The link for this article located at Net-Secuity.org - LogError is no longer available. . Explore the capabilities of ISS Proventia Server on Linux, emphasizing its strengths in intrusion prevention and enhancing system security.. Proventia Server, Intrusion Prevention System, Linux Security. . LinuxSecurity.com Team
Apr 12, 2006
•
Server Security
78
security advisorycritical issuebug fixIE: Critical Advisory on 3 Unpatched Flaws and Exploit Mitigation
IE is subject to a trio of unpatched vulnerabilities, security firm Secunia warned yesterday. It warns that two of the three unfixed security bugs are on the "critical" list.< . . .. IE is subject to a trio of unpatched vulnerabilities, security firm Secunia warned yesterday. It warns that two of the three unfixed security bugs are on the "critical" list. These "deadly duo" could be exploited in tandem to bypass security features in Windows XP SP2 and trick users into downloading malicious files. Flaws in the function used to warn users that they are downloading a potentially executable file and a separate bug that can be used to spoof the file extension in the "Save HTML Document" dialog give attackers the opportunity to disguise malicious executable files as innocuous HTML documents. The vulnerabilities, published by hacker cyber flash, have been confirmed on a fully patched system with IE 6.0 and Windows XP SP2. Secunia advises IE users to Disable Active Scripting support and the "Hide extension for known file types" option as workarounds in advance of a patch from Microsoft. Secunia describes the flaws as "moderately critical". The link for this article located at theregister.co.uk is no longer available. . CVE Alliance alerts regarding unresolved vulnerabilities in Firefox, advising users to take proactive steps to mitigate possible threats.. Internet Explorer Risks, Unpatched Issues, Critical Exploits, Security Flaws. . LinuxSecurity.com Team
Nov 18, 2004
•
Vendors/Products
79
buffer overflowsecurity measuresLinux toolsComprehensive Study on Buffer Overflows and Linux Defense Strategies
A technical overview of heap and buffer overflows, Linux tools that can be used to reduce their risk, the kinds of exploits these tools can prevent, and more. "This study deals with the various kinds of overflows (heap, stack) to understand how they work and how they may be used to execute malicious code. . .. A technical overview of heap and buffer overflows, Linux tools that can be used to reduce their risk, the kinds of exploits these tools can prevent, and more. "This study deals with the various kinds of overflows (heap, stack) to understand how they work and how they may be used to execute malicious code ; then it focuses on a few Linux solutions (Grsecurity features, Libsafe...), and explains how they behave, which kinds of exploits they prevent respectively... It aims at presenting an overview of generic solutions which may be applied to a whole system, although it is a non-exhaustive one." On november 2, 1988 a new form of threat appeared with the Morris Worm, also known as the Internet Worm. This famous event caused heavy damages on the internet, by using two common unix programs, sendmail and fingerd. This was possible by exploiting a buffer overflow in fingerd. This is probably one of the most outstanding attacks based on buffer overflows. This kind of vulnerability has been found on largely spread and used daemons such as bind, wu-ftpd, or various telnetd implementations, as well as on applications such as Oracle or MS Outlook Express... The link for this article located at Pierre-Alain FAYOLLE, Vincent GLAUME is no longer available. . Heap and buffer overflows are prevalent vulnerabilities from improper memory handling. Mitigation on Linux includes GDB, Valgrind, ASan, SSP, Fortify Source, ASLR, and SELinux/AppArmor. Buffer Overflow Mitigation,Linux Security Tools,Exploit Reduction Techniques,System Defense Strategies. . LinuxSecurity.com Team
Mar 27, 2002
•
Security Projects
83
unauthorized accessbuffer overflowdata breachUnsecured Cookies and Buffer Overflow Threats in Applications
Other breaches include buffer-overflow attacks as well as tampering with CGI scripts and unencrypted cookies to gain unauthorized access and steal identities. In the latter, hackers take advantage of Web browsers or cookies that sometimes erroneously reveal customer account information because the applications don't check account-ID parameters.. . .. Other breaches include buffer-overflow attacks as well as tampering with CGI scripts and unencrypted cookies to gain unauthorized access and steal identities. In the latter, hackers take advantage of Web browsers or cookies that sometimes erroneously reveal customer account information because the applications don't check account-ID parameters. "Companies have done a pretty good job installing firewalls and protecting networks," says Pete Lindstrom, director of security strategies at analyst firm Hurwitz Group. "The area with the greatest vulnerability now is in the applications themselves. It's proving to be an easier target." Data from SecurityFocus, a San Mateo, Calif., company that provides vulnerability alerts and security advice, supports what Lindstrom says. SecurityFocus, which collects data from 9,000 sites in more than 140 countries, has found most hackers target ports in the firewall that are passageways to applications. Of the more than 10 million security incidents SecurityFocus tracked the first week of February, 64% targeted port 80, which is the application port. About 9% targeted port 139, used for Windows networking and file sharing, and 6% targeted FTP on port 21. The link for this article located at Information Week is no longer available. . Other breaches include buffer-overflow attacks as well as tampering with CGI scripts and unencrypted. other, breaches, include, buffer-overflow, attacks, tampering, scripts, unencrypted. . LinuxSecurity.com Team
Feb 25, 2002
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More