Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
78
security advisorycredential theftuser educationCanonical Enhances Snap Store Security Against Credential Theft Scams
Canonical has taken steps to address the growing problem of cryptocurrency credential-stealing apps in the Snap store by introducing manual reviews for all new Snap name registrations. This move by Canonical reflects a temporary measure to tackle the influx of scam apps. . This change signifies an acknowledgment of the severity of the problem and an effort to enhance the security of the Snap store. However, it also raises questions about the effectiveness of the prior automated review process and the potential backlog the manual review may create. Why Are These Scams & Canonical's Policy Changes Significant for Admins & Security Practitioners? These scams exploit users' trust by masquerading as legitimate apps and employing simple social engineering techniques to extract their credentials. Apps look legitimate because the Snap Store badges them as 'safe.' In one case, a Snap store user lost nine Bitcoins, valued at approximately $490,000, after installing a fake "Exodus" wallet app. This issue raises larger concerns about cryptocurrency and non-fungible token (NFT) trading security. It prompts questions about the lack of regulation and the potential risks of engaging in digital currency transactions. It also highlights the importance of critical thinking and due diligence when dealing with new technologies and financial instruments. This issue serves as a wake-up call for security practitioners to reevaluate security practices. Linux admins, infosec professionals, and sysadmins must be vigilant and stay informed about the latest scams and vulnerabilities in the open-source ecosystem. The need for a multifaceted approach to security, combining technological advancements and user education, must also be emphasized. While efforts like manual review processes help mitigate risks, they may not be foolproof. From a long-term perspective, it is crucial to underscore the importance of establishing trust in app stores and ensuring the integrity of software repositories. These scams raiseconcerns about the decentralization of app distribution and the potential lack of oversight in open-source ecosystems. Could these scams be prevented or mitigated if the app distribution process were more centralized and regulated? Should there be stricter guidelines and audits for app developers? Our Final Thoughts on the Implications of These Snap Store Scams This article aims to provide valuable insights into the challenges faced by the Snap store in addressing cryptocurrency credential-stealing apps. The implications of these scams go beyond financial losses, bringing into question the trust and security of open-source software distribution. As security practitioners, we must remain vigilant and continually reassess our measures to protect users from emerging threats in the digital landscape. . Canonical takes action against scams in the Snap store by implementing manual evaluations to bolster security and safeguard user confidence in their applications.. Cryptocurrency Security, App Review Process, User Education, Digital Currency Risks. . Brittany Day
Mar 31, 2024
•
Vendors/Products
67
security advisorydata theftweb application securityCanonical Snap Store Incident: Investigating Malicious Apps Threat
Several fake cryptography applications have appeared on Canonical's Snap Store . These web application security vulnerabilities seek to steal user funds and inflict other damaging data and network security issues. Canonical is investigating the matter, and access is restricted while investigating the risky cryptography today.. Snap users have reported these recently published Snaps since they are potentially malicious in stealing user funds. The Snap Store has removed the reported risks and incorporated a manual review requirement for new registrations so threat actors cannot impersonate legitimate applications with similar names to manipulate Snap users. Here is the report Canonical’s Snap Store has utilized to notify users: "If you try registering a new snap while the requirement is active, you will be prompted to ‘request reserved name.’ The name will be registered upon a successful manual review from the Snap Store staff. Uploading and releasing revisions for existing snaps will not be affected. We apologize for any inconvenience this may cause our Snap publishers and developers. It is the most prudent action at this moment. We want to thoroughly investigate this incident without introducing any noise into the system. More importantly, we want to ensure that our users have a safe and trusted experience with the Snap Store. Please bear with us while we conduct our investigation. We will provide a more detailed update in the coming days." . Users report malicious apps in Canonical's Snap Store, leading to enhanced security measures being implemented during the ongoing investigation. Malicious Applications,Snap Store Safety,Canonical Security,Data Theft Risks,Web Application Threats. . LinuxSecurity.com Team
Oct 01, 2023
•
Cryptography
81
security riskseavesdroppingprivacy threatPrivacy Threats From Alexa and Google Home: Eavesdropping Risks
Have you heard that Amazon- and Google-approved apps are turning voice-controlled devices into "smart spies"? Learn more about this serious privacy threat: . By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever —and the sounds the devices capture can be used in criminal trials . Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords. . Uncover the security risks associated with smart devices like Alexa and Google Home, which can be exploited by harmful applications that listen in and harvest sensitive information.. Amazon Alexa, Google Home, Smart Devices, Eavesdropping Threats, Privacy Risks. . LinuxSecurity.com Team
Oct 22, 2019
•
Privacy
81
security advisoryAndroidapp misrepresentationGoogle App Removal: Strengthening Android Security Against Misuse
Google has remotely removed two free apps from several hundred Android phones because the apps misrepresented their purpose and thus violated Android developer policies, according to a company spokesman.. This marks the first time Google has used the Remote Application Removal Feature that allows the company to delete apps for security reasons that have been installed through Android Market. The apps were proof-of-concept programs designed to test the feasibility of distributing a program that could later be used to take control of the device in an attack, according to Jon Oberheide, the developer who wrote and distributed them. The one app--called RootStrap--executed code that merely printed a message on the phone that says "Hello World," while the second app did the exact same thing but was disguised as a preview of the "Twilight Saga: Eclipse" movie, he said in an interview with CNET on Friday. There were about 50 downloads of the RootStrap app and 250 to 350 of the Twilight app, though some people later uninstalled them, he said. Oberheide has developed a program that could be used to bootstrap a rootkit, effectively allowing someone to remotely take control of a phone by having an app already installed on it phone home to fetch code that could exploit a vulnerability on the device, he said. The link for this article located at CNET is no longer available. . The recent implementation of Remote App Deletion by Google underscores the potential dangers linked to misleading applications in the Android ecosystem.. Remote App Removal, Android Security, Misleading Applications. . LinuxSecurity.com Team
Jun 27, 2010
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More