Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 1 articles for you...
81
forensicscomputer crimedigital evidenceUnderstanding Trojan Defense Risks in Cyber Crime and Forensics
In October, 2002 Julian Green was arrested in Devon, England after police searched his home PC and found examples of child pornography. ISP had logs identified Green as the person responsible for the downloads, and the existence of the child porn on his PC seemed to be all the corroboration the constable would have needed to obtain a conviction. However, a defense forensic expert also found evidence that there were Trojans planted on Green's computer that were designed to piggyback his browser, and log into porn sites. The Trojans probably were downloaded as e-mail attachments -- made all the more likely by the fact that Green had a teenage son. Unable to definitively prove that Green knowingly and intentionally downloaded the files, the prosecution dismissed the charges. . . .. According to Greek mythology, the seer Laocoon, a priest of Apollo, warned the residents of Troy against accepting into their city the giant wooden horse designed by Odysseus and created by the architect Epeius. His famous warning, "Trojans, trust not the horse. Whatever it be, I fear the Greeks, even when bringing gifts," applies equally today to importing unknown files as it did to the Trojans 4,000 years ago. We think we know all about the dangers of Trojan horses, but there is a new and more dangerous legal wrinkle to consider. In the past few months, a couple of people in England were acquitted based upon the so-called "Trojan defense" -- what we criminal lawyers used to call the "SODDI" defense: Some Other Dude Did It. The Trojan defense presents two equally frightening problems: the possibilities of acquitting the guilty, or convicting the innocent. In the first case, given the nature of electronic evidence, virtually all computer crime prosecutions rely on "circumstantial" evidence. To prove that John Doe, for example hacked into ABC company, you collect IP history logs and other corroborating data, maybe engage in an IRC chat with John Doe, get a warrant or subpoena for his ISP information, show a pattern of activity consistentwith the hacking, and then (if you are a law enforcement agent) get a warrant to kick in Mr. Doe's door and seize his computer. If the forensic examination of the computer shows hacking files, access to hacking sites, relevant e-mail, and even versions of the malicious code, it's a slam-dunk case for conviction. Right? But what if, in addition to all of this "evidence," you also find the existence of a Trojan horse server -- say, a version of Optix Pro or another remote access program. Does the mere existence of such a program provide a Get Out of Jail Free card? Probably not. However, given the ephemeral nature of electronic evidence, and the fact that it can always be altered, how confident would you be that Doe was in fact guilty beyond a reasonable doubt? The higher the hacker's profile, the more attractive a target he or she may make for other hackers. And after all, if you were a hacker, would you want to store your contraband files on your own machine, or, like the cuckoo, would you keep your eggs in another bird's nest? Such "file parking" strategies have been used by hackers for years. The link for this article located at SecurityFocus is no longer available. . The Trojan defense in electronic crime cases challenges the validity of circumstantial evidence, revealing how malware can mislead on culpability in legal settings. Trojan Defense, Digital Security, Forensic Evidence, Computer Crime, Cybersecurity. . LinuxSecurity.com Team
Jan 21, 2004
•
Privacy
81
open sourceintellectual propertylegal risksWho Is Responsible for Misappropriated Software in Linux?
It's the next big Linux controversy: Who should be liable if customers wind up using software that was created from misappropriated intellectual property? Linux resellers are not especially eager to tackle the question, but they know it lurks just over . . . . It's the next big Linux controversy: Who should be liable if customers wind up using software that was created from misappropriated intellectual property? Linux resellers are not especially eager to tackle the question, but they know it lurks just over the horizon, thanks to the filing of the SCO-IBM lawsuit earlier this year. Ever since then, chief information officers have been reading that they could be vulnerable to future litigation for using open-source software. None of this has escaped the attention of Microsoft and other like-minded suppliers of proprietary software. They are making sure customers know all about the protection plans they offer in the event that a company winds up in this sort of legal bind. . The growing dependence on software across industries has ignited a debate over accountability, especially when algorithms use unlawfully obtained intellectual property. Software Liability, Open Source Risks, Intellectual Property. . LinuxSecurity.com Team
Jul 21, 2003
•
Privacy
81
data protectionmobile securitysmartphone securityProtecting Data on PDAs and Smartphones to Avoid Legal Issues
Companies are risking legal action by failing to protect data held on personal digital assistants (PDAs) and smartphones, according to a survey. While there are no official statistics about the number of these devices that have been stolen, as many as . . . . Companies are risking legal action by failing to protect data held on personal digital assistants (PDAs) and smartphones, according to a survey. While there are no official statistics about the number of these devices that have been stolen, as many as a quarter of staff surveyed on PDA usage by mobile security firm Pointsec Mobile Technologies claimed to have either lost or had their PDA stolen. Two in five users have lost a mobile phone, with the most frequent places being taxis and restaurants. But what was seen as merely irritating in the past now has more serious consequences, as 85 per cent of users say that they use their PDA as a business tool. The link for this article located at VNUNet is no longer available. . Safeguarding information on mobile devices and tablets is essential; organizations might encounter regulatory challenges.. Data Privacy, Mobile Devices, Digital Assistant Risks. . LinuxSecurity.com Team
Jul 11, 2003
•
Privacy
82
digital forensicssecurity researchonline privacySecurity Experts Remove Online Work Due To Legal Worries
Two well-known computer security experts pulled down their works from the Internet this week for fear of being prosecuted under 1998's Digital Millennium Copyright Act. Along with the threatened lawsuit of Princeton computer-science professor Edward Felten, and the arrest of Russian . . . . Two well-known computer security experts pulled down their works from the Internet this week for fear of being prosecuted under 1998's Digital Millennium Copyright Act. Along with the threatened lawsuit of Princeton computer-science professor Edward Felten, and the arrest of Russian encryption expert Dmitry Sklyarov, the incidents are the latest to point at what is quickly becoming a touchy environment for security experts. "When they started to arrest people and threaten researchers, I decided the legal risk was not worth it," said Fred Cohen, a well-known security consultant and a professor of digital forensics, who took his evidence-gathering tool--dubbed Forensix--off his Web site earlier this week. See our local announcement of this story. The link for this article located at ZDNet is no longer available. . A pair of data security professionals removed their online resources amid concerns about potential legal repercussions from changing intellectual property regulations.. Digital Copyright Act, Legal Risks, Security Experts, Online Privacy, Research Freedom. . Anthony Pell
Sep 06, 2001
•
Government
83
internet lawcomputer crimecyber countermeasuresLegal Risks of Cyber Countermeasures for Businesses Against Hackers
Companies should be wary of carrying our counter attacks against hackers, even despite the fact that they still cannot rely on police for help. Companies cannot rely on the police to protect them from computer crime, but . . . . Companies should be wary of carrying our counter attacks against hackers, even despite the fact that they still cannot rely on police for help. Companies cannot rely on the police to protect them from computer crime, but they should be wary of carrying out counter attacks against hackers because this could raise legal problems, say experts. Speaking at the recent Infosecurity Europe conference, Peter Sommer, a lawyer specialising in Internet law, said the police do not have enough resources to tackle Internet crimes, with little prospect of much improvement in the next few years. The link for this article located at ZDNet is no longer available. . Organizations must approach retaliatory measures against cybercriminals with caution, considering potential legal consequences and the scarcity of law enforcement assistance.. Cyber Countermeasures, Legal Risks, Internet Law, Hacker Response. . LinuxSecurity.com Team
May 10, 2001
•
Hacks/Cracks
67
network securitydata encryptioninternet privacyUnderstanding VPN Security Threats in Legal Environments and Settings
The next step is the virtual private network, which is essentially an encryption code for a specific law firm or litigation group. Data is encrypted as it is being sent on the Internet's public lines to isolate it from . . . . The next step is the virtual private network, which is essentially an encryption code for a specific law firm or litigation group. Data is encrypted as it is being sent on the Internet's public lines to isolate it from adjacent traffic. But this type of network is indeed "virtual" because it is still using the same public telephone lines as all other Internet users. This is not a separate physical network at all. Still, many litigators feel that a virtual private network affords complete security and trust the complexity and sophistication of the encryption makes them secure when using the Web for the transfer of confidential data. But, like Olivier in the Marathon Man, I ask once again: "Is it safe?" I think not. The link for this article located at NY Law.com is no longer available. . The next step is the virtual private network, which is essentially an encryption code for a specific. virtual, private, network, which, essentially, encryption, specific. . LinuxSecurity.com Team
Jan 09, 2001
•
Cryptography
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More