Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 12 articles for you...
215

GNOME's New Feature to Alert on Secure Boot Risks in UEFI Systems

GNOME is planning to protect insecure hardware by notifying users more about their firmware security status. . When you install Linux on your UEFI-enabled computer, you have to disable Secure Boot because the live USB will refuse to boot with the option enabled. Some mainstream Linux distributions support Secure Boot, but it is still challenging to set up for many other distributions (and with Nvidia hardware onboard). While things may not have improved over the years, Secure Boot is an essential protection feature in general. . Explore GNOME's initiatives aimed at alerting users about their firmware security conditions in relation to Secure Boot vulnerabilities.. Secure Boot, GNOME Notifications, UEFI Security, Firmware Status, Linux Hardware Risks. . Brittany Day

Calendar%202 Aug 02, 2022 User Avatar Brittany Day Desktop Security
83

Trickbot Malware Targets Linux Firmware: New Threat Emerges

Despite recent takedown efforts, persistent Trickbot operators are back with a new module call "Trickboot" that detects UEFI/BIOS firmware vulnerabilities. The Trickbot malware is no longer only at threat to Windows users - it is now targeting Linux systems as well. . Security researchers have discovered the notorious Trickbot malware has changed and is now targeting firmware. The malware, often used by threat actors to drop ransomware, has garnered much attention over the past few months with multiple takedown attempts, including a technical disruption reportedly led by U.S. Cyber Command. Microsoft led a legal takedown in October, which offered a temporary pause in activity. Despite those efforts, Trickbot operators have updated the malware with new capabilities. . The Trickbot malware adapts to exploit vulnerabilities within the firmware of Linux systems, leading to heightened anxieties.. Trickbot Malware, Firmware Security, Linux Threats, Ransomware Risks. . LinuxSecurity.com Team

Calendar%202 Dec 04, 2020 User Avatar LinuxSecurity.com Team Hacks/Cracks
79

Custom Hardware Authentication Keys With Google's OpenSK Project

Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. . Google has released an open-source implementation called OpenSK . It’s a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. FIDO is a standard for secure online access via a browser that goes beyond passwords. There are three modern flavours of it: Universal Second Factor (U2F), Universal Authentication Factor (UAF), and FIDO2. UAF handles biometric authentication, while U2F lets people authenticate themselves using hardware keys that you can plug into a USB port or tap on a reader. That works as an extra layer on top of your regular password. The link for this article located at Naked Security is no longer available. . Google hasreleasedan open-source implementation calledOpenSK. It’s a piece of firmware that you ca. interested, using, hardware, security, online, services, securely. . LinuxSecurity.com Team

Calendar%202 Feb 03, 2020 User Avatar LinuxSecurity.com Team Security Projects
79

NSA Coreboot Project Aims To Safeguard Firmware From Attacks

A NSA open-source security project will increase security in machines by essentially placing a machine's firmware in a container to isolate it from threat actors. Learn more in an interesting CyberScoop article: . A years-long project from researchers at the National Security Agency that could better protect machines from firmware attacks will soon be available to the public, thelead NSA researcher on the project tells CyberScoop. The project will increase security in machines essentially by placing a machine’s firmwarein a container to isolate it from would-be attackers. A layer of protection is being added to the System Management Interrupt (SMI) handler—code that allows a machine to make adjustments on the hardware level —as part of the open source firmware platform Coreboot. The link for this article located at CyberScoop is no longer available. . An extensive initiative by the NSA is focused on bolstering hardware safety from firmware vulnerabilities through the segregation of firmware from potential risks.. Firmware Security, Open Source Project, Cybersecurity Research, Threat Isolation. . LinuxSecurity.com Team

Calendar%202 Aug 26, 2019 User Avatar LinuxSecurity.com Team Security Projects
78

Netgear Router Firmware Update 10,000 Devices Security Threat

After a pair of very public disclosures in the last two weeks, Netgear published new firmware for vulnerabilities in its routers that have been publicly exploited. . Researchers discovered as many as 10,000 routers had been taken over, according to data lifted from one of the command and control servers involved in an attack against a victim investigated by Compass Security Schweiz Ltd., of Switzerland. . A significant number of 10,000 Netgear routers experienced a security breach; firmware updates have been released to bolster these devices against potential threats.. Netgear Firmware Update, Router Security Patch, Public Exploit Fix. . LinuxSecurity.com Team

Calendar%202 Mar 14, 2017 User Avatar LinuxSecurity.com Team Vendors/Products
83

Security Flaw in Intel x86 Architecture Enables Undetectable Rootkits

A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers, a security researcher said Thursday. Such malware could be undetectable by security products.. The vulnerability stems from a feature first added to the x86 architecture in 1997. It was disclosed Thursday at the Black Hat security conference by Christopher Domas, a security researcher with the Battelle Memorial Institute. The link for this article located at CSO Online is no longer available. . An architectural vulnerability in ARM chips might allow malware to embed itself in hardware, escaping the scrutiny of antivirus programs.. x86 Architecture, Rootkit Risk, Malware Threats. . LinuxSecurity.com Team

Calendar%202 Aug 07, 2015 User Avatar LinuxSecurity.com Team Hacks/Cracks
81

CIA's Efforts to Breach Apple Security Through Encryption Attacks

Researchers sponsored by the U.S. government have reportedly tried to defeat the encryption and security of Apple devices for years. . Several presentations given between 2010 and 2012 at a conference sponsored by the U.S. Central Intelligence Agency described attempts to decrypt the firmware in Apple mobile devices or to backdoor Mac OS X and iOS applications by poisoning developer tools.. NSA's efforts to undermine Google security exposed in analysis documents from 2011-2013.. Apple Device Security, CIA Research, Encryption Attempts. . LinuxSecurity.com Team

Calendar%202 Mar 11, 2015 User Avatar LinuxSecurity.com Team Privacy
83

Buffer Overflow in UEFI EDK1: Severity and Threat Overview

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.. Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips. The link for this article located at The Register UK is no longer available. . Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c. security, researchers, found, buffer, overflow, vulnerability, within. . LinuxSecurity.com Team

Calendar%202 Jan 07, 2015 User Avatar LinuxSecurity.com Team Hacks/Cracks
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200