Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 29 articles for you...
209
security measuresinsider threatopen source securityInsider Threats and Security Measures for Open Source Ecosystems
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While the open-source community successfully reacted to remove the malware , this event highlights the presence of spies within their midst and the need for stricter security measures. . Potential solutions exist, such as external certification processes or code reviews by external companies, but implementing them can be challenging. Understanding & Overcoming Insider Threats in Open-Source Environments The power of the open source community to quickly respond to crises like the XZ Utils backdoor must be highlighted, as exemplified by ethical hackers ' prompt removal of the malware. However, this also raises critical questions about the overall security and trust within the open-source ecosystem. One intriguing point to consider is the comparison between this incident and an internal corporate hack carried out by a disgruntled employee. It suggests that just as organizations face insider threats, the open source community may also be vulnerable to similar espionage acts. This analogy sparks curiosity and forces organizations to consider the implications of insider threats in a community built on trust. Recent attacks have raised thought-provoking questions regarding the need for stricter security measures in the open-source ecosystem. Implementing an external certification process or having external companies conduct code reviews and certify software could help reduce risk. However, these approaches have potential complications and legal liabilities. This tradeoff leads businesses to critically assess the balance between security measures and the fundamental principles of open-source collaboration. Organizations must also consider risks from within, where trusted users or contributors may abuse access or introduce malicious activity, making internal fraud prevention a critical part of securing Linux and open-source environments. Thisincident has significant implications for security practitioners, particularly Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. It challenges them to reevaluate their trust in contributors and consider implementing additional security training and measures to mitigate insider threats. CISOs and cybersecurity teams must always consider the potential risks insiders pose and explore ways to conduct internal source code reviews on open-source software. Looking ahead, the long-term consequences of this incident could result in a more cautious approach to open-source collaboration. Change will come slowly, and the open-source community may need to adapt to evolving threats by implementing new security measures and creating awareness of insider risks. Improving Open Source Security: Our Final Thoughts The recent XZ Utils backdoor incident and its implications for the open-source ecosystem highlight the need for security practitioners to remain vigilant and proactive in addressing insider threats while questioning the potential consequences of implementing stricter security measures. As security practitioners, reflecting on the vulnerabilities within open-source environments and considering how you can contribute to a safer and more secure community is critical. . Mitigating insider threats in open-source environments requires implementing strict code audits, certification processes, and fostering a transparent community culture to report issues.. insider threat, open source security, ethical hacking, security measures, code review. . Brittany Day
May 08, 2024
•
Security Trends
83
data breachinsider threatAWS securityCapital One Data Breach: Ex-Amazon Employee Used Cloud For Mining
Did you know that the ex-Amazon employee responsible for the Capital One breach earlier this year used the infiltrated cloud servers to mine cryptocurrency? Learn the details in this interesting The Next Web article: . The former Amazon Web Services employee thought to be behind the data breach of Capital One bank earlier this year appears to have also used the infiltrated cloud servers to surreptitiously mine cryptocurrency. According tocourt documents, Paige Thompson was indicted yesterday after hackingCapital One bank and 30 other entities, and has been charged with wire fraud, and computer fraud and abuse. Thompson allegedly created a software program to scan for and identify cloud customers that had incorrectly configured their firewalls, and in doing so, had left their systems exposed to external attacks. It appears that Thompson was able to exploit the vulnerability and send remote commands to servers to take control of those systems. The link for this article located at The Next Web is no longer available. . A past worker from Amazon hacked into Capital One's infrastructure to extract cryptocurrency. Uncover the specifics surrounding the violation.. Data Breach, Cloud Security, Cryptocurrency Mining, Insider Threats, AWS Vulnerabilities. . LinuxSecurity.com Team
Aug 29, 2019
•
Hacks/Cracks
81
security advisorydata breachinsider threatMorrisons: Insider Breach Liability Appeal Ruling Impact on Employees
Supermarket giant Morrisons has been told by the Court of Appeal that it is liable for the actions of a malicious insider who breached data on 100,000 employees, setting up a potential hefty class action pay-out.. An original High Court ruling last year said the UK chain was “vicariously liable” for the actions of former employee Andrew Skelton — a disgruntled internal auditor who published the details, which included NI numbers, birth dates and bank account data. The link for this article located at InfoSecurity is no longer available. . Morrisons grapples with accountability following unauthorized access to worker information, igniting fears of a potential collective lawsuit compensation.. Morrisons Liability Case, Insider Threat, Data Breach, Employee Information, Class Action Risks. . LinuxSecurity.com Team
Oct 23, 2018
•
Privacy
81
data protectioncybersecurityIT securityAnalysis of GDPR Effects on Insider Threats in UK and Germany
According to new research from Clearswift, the introduction of GDPR has led to a slight drop in insider threats in both the UK and Germany. Survey respondents said that insider threats make up 65% of reported incidents in 2018, compared to 73% last year.. German companies reported similar declines, with insider error incidents at 75% this year, down from 80% last year. The research surveyed 400 senior IT decision makers from global organizations with more than 1,000 employees and found that 38% of IT security incidents occur as a direct result of their employees’ actions, with 75% of all incidents originating from their extended enterprise, which includes employees, customers and suppliers. Former employees represent 13% of cybersecurity incidents for the participating organizations. The link for this article located at InfoSecurity is no longer available. . Studies indicate a reduction in insider threats following the implementation of GDPR, underscoring advancements in IT security among firms.. Insider Threats, GDPR Impact, IT Security, Data Protection. . LinuxSecurity.com Team
Jul 22, 2018
•
Privacy
83
data breachrisk assessmententerprise securityAnalyzing Insider Threats And Their Impact On Enterprise Security
If recent statistics are any indication, enterprise security teams might be greatly underestimating the risk that insider threats pose to their organizations.. One study, by Crowd Research Partners, shows just 3% of executives pegged the potential cost of an insider threat at more than $2 million. Yet, according to Ponemon Institute, the average cost of insider threats per year for an organization is more than $8 million.. Research indicates that merely 4% of leaders misjudge the financial impact of insider threats at $2.5 million, whereas the typical expenses are above $9 million.. Insider Threat, Financial Risks, Security Cost Assessment. . LinuxSecurity.com Team
Jun 30, 2018
•
Hacks/Cracks
76
security insightssecurity conferenceinsider threatUncovering Insider Threats: Insights from DerbyCon 5.0 Conference
Salted Hash is in Louisville, Kentucky for DerbyCon 5.0. All weekend long, in-between talks and training, this blog will be updated with various items of note from the show or thoughts form those attending. Today's starter topic is insider threats. . This topic isn't new, but it hasn't really gone away either. A friend shared some data from a company called Bay Dynamics. They do predictive analytics, so insider threats is a subject they're rather interested in following. . Delve into revelations about insider threats shared at DerbyCon 5.0, highlighting advancements in predictive analytics and engaging discussions around proactive security measures.. insider threat, security conference, DerbyCon, predictive analytics. . Dave Wreski
Mar 14, 2017
•
Organizations/Events
82
security initiativeinsider threatgovernment programObama's Insider Threat Initiative: Leaker Detection and Concerns
The Obama Administration has a comprehensive "insider threat" program to detect leakers from within government. This is pre-Snowden. Not surprisingly, the combination of profiling and "see something, say something" is unlikely to work.. In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents. The link for this article located at Schneier on Security is no longer available. . In an initiative aimed at rooting out future leakers and other security violators, President Barack . obama, administration, comprehensive, 'insider, threat', program, detect, leakers, within. . Dave Wreski
Jul 29, 2013
•
Government
81
data securityrisk managementaccess managementManaging Privileged Access for Data Security and Compliance
While most attention today is placed on containing complex malware and outside hacking threats, enterprises could significantly improve their risk posture by taking a look at how well they manage the access they give privileged insiders, such as network and database administrators and other IT professionals. What most organizations find is that they don't have a firm enough grip on the access these users have.. To keep sensitive information safe and to maintain regulatory compliance, it's crucial that privileged insider access be properly managed. The link for this article located at CSO Online is no longer available. . To keep sensitive information safe and to maintain regulatory compliance, it's crucial that privileg. while, attention, today, placed, containing, complex, malware, outside, hacking, threats. . LinuxSecurity.com Team
Dec 23, 2011
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More