Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
83
security advisoryrootkitbrute forceCentOS 7: TeamTNT Attack Advisory moderate: Brute Force Total Compromise
Security researchers have recently observed an alarming resurgence of TeamTNT , a notorious hacking group known for targeting cloud infrastructures. Their latest campaign zeroes in on Virtual Private Server (VPS) environments running CentOS, particularly version 7. . On a broader scale, this threat highlights the growing complexity of securing cloud infrastructure and the risks associated with running outdated systems like CentOS 7. To help you better understand and proactively address this emerging threat, I'll discuss the nature of these attacks, what makes CentOS 7 an attractive attack target, and practical steps Linux admins and organizations can take to mitigate risk. The Anatomy of the Attack TeamTNT's attack methodology has evolved over the years, making it a significant threat to cloud infrastructures. The latest campaign begins with a Secure Shell (SSH) brute force attack on the target's assets. Once access is gained, a malicious script is uploaded, which initiates a series of harmful actions to compromise the server's security. The script is multifaceted, involving the following tactics and steps: Disable Security Features: It starts by disabling the existing security mechanisms to avoid detection. Log Deletion & System Modification: It deletes logs and modifies crucial system files to cover its tracks. Crypto Miner Killer: The script searches for and kills existing cryptocurrency mining processes, ensuring that TeamTNT can monopolize the system's resources. DNS Setting Changes: DNS settings are altered to Google’s servers, possibly to bypass existing security filters. Rootkit Installation: The script installs the Diamorphine rootkit , a loadable kernel module that covertly allows the attacker to execute malicious activities. Backdoor Creation: It also creates a backdoor user with root access and installs a public key for secure access. The Diamorphine rootkit provides covert capabilities such as silent execution, hiding processes,and allowing the attacker to gain root access at will. Additionally, the script further locks down the system by modifying file attributes, making it difficult for administrators to unlock and recover protected files. Why Is CentOS 7 Particularly Vulnerable? CentOS 7, while widely used, is particularly vulnerable for several reasons: Discontinued Support: Although still prevalent, CentOS 7 no longer receives regular updates and security patches, making these systems an easy target for attackers. Older Kernel Vulnerabilities: CentOS 7 runs on older Linux kernel versions, which may contain vulnerabilities that have been patched in later releases. Usage in Cloud Environments: CentOS 7 is commonly used in VPS and cloud environments, making it an attractive target for cryptojacking and other resource-intensive attacks. These inherent vulnerabilities and often lax security practices in cloud setups make CentOS 7 an ideal target for TeamTNT's malicious campaigns. TeamTNT's Resurgence Highlights The Growing Complexity of Securing Cloud Infrastructures The resurgence of TeamTNT underscores a broader trend: the increasing complexity of securing cloud environments. The attack surface has significantly expanded with the rapid adoption of cloud-native technologies like Kubernetes and Docker. Sophisticated threat actors can easily exploit misconfigurations and weak security practices. As cloud deployments become more complex, so do threat actors' tactics, requiring organizations to evolve their security measures continually. Practical Mitigation Strategies for Admins & Organizations To protect against these sophisticated attacks, Linux administrators must adopt a multi-layered security approach. Here are some specific and practical steps they can implement: Strengthen SSH Configurations: Use strong, unique passwords or SSH keys for authentication. Disable root login via SSH and create a separate user with sudo privileges. Implement rate limiting and intrusion detectiontools like Fail2Ban to thwart brute force attacks. Regular Updates and Patch Management: Update your OS regularly and apply the latest security patches . For CentOS 7, consider using community-supported repositories for essential updates. Kernel Hardening: Use module signing and disable loadable kernel modules unless necessary. Implement kernel hardening measures like SELinux or AppArmor. Monitor for Rootkits: Employ rootkit detection tools like chkrootkit and rkhunter . Regularly check for unusual system behaviors that could indicate rootkit installation. Secure Containerized Environments: Ensure Docker and Kubernetes configurations follow security best practices. This includes setting resource limits, network segmentation, and enabling role-based access control. Firewall Configuration: Set firewalls to allow only essential services and restrict SSH access to a select set of IP addresses. Enhanced Security Measures: Utilize security tools that rapidly detect and respond to advanced threats. Security Information and Event Management (SIEM) solutions and Intrusion Detection Systems (IDS) can mitigate risks before they escalate. Our Final Thoughts on This Emerging Linux Security Threat The resurgence of TeamTNT serves as a stark reminder of the growing threats to cloud infrastructures. While CentOS 7 remains a popular choice for VPS, its discontinuation and associated vulnerabilities make it an attractive target for sophisticated cybercriminals. By implementing robust security practices, regularly updating systems, and continuously monitoring for threats, Linux administrators can significantly mitigate the risks posed by groups like TeamTNT. Securing cloud environments is an ongoing battle, but organizations can stay one step ahead of malicious actors with the right strategies and tools in place. . Analyzes the emergence of TeamTNT as a formidable menace targeting CentOS VPS, focusing on their tactics, exploited weaknesses, and countermeasures for Linuxsystem administrators.. TeamTNT Threats, Securing CentOS 7, VPS Security Best Practices, Linux Attack Mitigation, Cloud Security Challenges. . Anthony Pell
Sep 23, 2024
•
Hacks/Cracks
83
security advisoryweb attackbrute forceBitdefender: MIT Web Attacks From Compromised Servers Overview
SECURITY FIRM Bitdefender has traced a number of brute force web site attacks on a server at the Massachusetts Institute of Technology (MIT),. A report on the firm's security blog, called Malware City, claims that a hacking attack against the MIT.edu infrastructure started with a malicious script on one MIT server. The link for this article located at The Inquirer is no longer available. . A report on the firm's security blog, called Malware City, claims that a hacking attack against the . security, bitdefender, traced, number, brute, force, attacks, server. . LinuxSecurity.com Team
Nov 04, 2011
•
Hacks/Cracks
74
network securityremote attackcyber threatHome Routers: Remote Attacks Through Malicious JavaScript Exploit
They have demonstrated that users could open up their router's traffic as a result of visiting a web page loaded with malicious javascript. The researchers said, "Settings on the router can be changed, including the DNS servers used by members of small, quickly erected internal networks. The attacks do not exploit any vulnerabilities in the user's browser. Instead, all they require is that the browser run JavaScript and Java Applets." While the threat to home routers is real, said the researchers, no actual attacks have so far taken place. Users would also first have to be persuaded to visit a malicious website for any attack to take place. . . Individuals face dangers since residential networking devices can be exploited remotely through harmful codes embedded in websites.. home routers security, remote attack prevention, javascript risks. . Benjamin D. Thomas
Feb 20, 2007
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More