Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 6 articles for you...
210
security advisoryubuntuGNOMEUbuntu Security Advisory: CVE-2025-3155 - Critical SSH Key Exposure
Linux security admins managing Ubuntu systems face a new security challenge, as r esearchers have exposed a critical vulnerability ( CVE-2025-3155 ) in the default help browser - Yelp - on Ubuntu desktop installations. This flaw, stemming from improper handling of XML content in GNOME's help documentation system, could potentially allow malicious help documents to execute arbitrary scripts. . This means sensitive system files, including SSH private keys, are at risk of exposure. Given the widespread use of Yelp in GNOME environments, it's crucial for admins to understand this vulnerability's impact on their security posture and to implement practical mitigation measures. Immediate steps include regularly updating system packages, restricting using Yelp with untrusted sources, and enhancing monitoring for unauthorized file access. Staying informed and proactive can make all the difference in safeguarding critical system information, so I'll provide you with more information on this flaw and strategies for securing your systems and SSH keys. Who is at Risk? This vulnerability affects users with Ubuntu desktop systems running GNOME desktop environments who use Yelp as their default help browser. However, any Linux distribution operating on GNOME may also be at risk if Yelp is used regularly as the help browser. Security admins managing these systems must remain cautious, as those downloading or accessing help documents from external or untrustworthy sources could be especially susceptible. Exploitation of this flaw provides attackers with an avenue into sensitive files, which could allow unauthorized system access, data theft, or further system compromise. Understanding The Security Impact of CVE-2025-3155 CVE-2025-3155 poses an immediate and serious security threat to affected systems, as it enables attackers to create deceptive help documents which, once opened in Yelp, can execute scripts designed to exfiltrate sensitive information including SSH private keys . Exploitationcould open a chain reaction of security breaches that allow attackers to gain unauthorized entry, install more malware programs, or steal sensitive data. We Linux security administrators must not underestimate the importance of this issue, as such vulnerabilities directly impact our system integrity and data confidentiality. Practical Mitigations for Impacted Ubuntu Users Addressing this vulnerability requires updating affected systems, restricting risky behaviors, and strengthening security measures. First and foremost, it is crucial to ensure all packages and repositories are up to date. Vendors such as Ubuntu regularly issue patches to address vulnerabilities, and applying these patches promptly will secure your systems against dangerous exploits. Canonical recently released patches mitigating CVE-2025-3155. Restricting Yelp use to trusted sources is another crucial mitigation strategy, helping administrators significantly lower the risk of inadvertently running malicious scripts on Yelp. Implementing monitoring solutions that track file access can quickly detect attempts by unauthorized parties to gain entry to sensitive files, and respond and mitigate suspicious activities should they arise. Enhancing Incident Response Preparedness to effectively respond in case of an incident is just as essential to safeguarding against one. Security admins should put an incident response plan into action that addresses risks posed by vulnerabilities like CVE-2025-3155, such as SSH keys being compromised. This plan should detail immediate response actions like key revocation procedures, system audits, and restoring affected systems from secure backups . This preparedness helps mitigate potential damages quickly while restoring system integrity. Another aspect of incident response involves informing users about risks and instructing them to recognize suspicious activity. An educational approach to security empowers individual users and fosters an organization-wide culture focused onsecurity awareness. By teaching users to identify potentially malicious help documents early, vulnerability exploitation can be avoided altogether or stopped in its early stages. Looking Ahead: The Importance of Taking Proactive Security Measures While responding to this particular vulnerability is crucial, it also serves as a timely reminder of the broader significance of proactive security measures. Linux security administrators should systematically revisit and modify their security practices in response to changing threats by conducting regular security audits, instituting comprehensive access controls, and encouraging an atmosphere of safety among their users. Security posture can be strengthened further through vigilant monitoring and tools that offer real-time insights, like monitoring tools that notify administrators immediately about anomalous activities requiring immediate action before significant damages result. Incorporating best practices for handling sensitive information, like encrypting SSH keys or multifactor authentication , provides additional layers of protection. Our Final Thoughts: What Can We Learn from CVE-2025-3155? CVE-2025-3155 is an alarming reminder of the ever-changing cybersecurity threats we admins face today. By staying informed and applying timely updates while taking protective measures against this vulnerability, we can safeguard our systems with security management strategies that prioritize awareness and preparedness. By understanding the risks posed by this vulnerability and taking appropriate actions, we can protect our systems and maintain the integrity and confidentiality of our operations. Awareness, preparedness, and proactive strategies collectively form the backbone of effective system security management. . Critical vulnerabilities found in CentOS documentation tools expose confidential system files. Discover strategies to protect your API tokens securely.. SSH Risks, Ubuntu Security, XML Exploit Mitigation. . Brittany Day
Apr 10, 2025
•
Security Vulnerabilities
83
data protectionsecurity breachransomwareMitigating Cicada3301 Ransomware Risks on Linux Systems
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called Cicada3301, which some experts believe has links with BlackCat (aka ALPHV) due to similarities in operations. Cicada3301 is a Rust-based ransomware that targets Windows and Linux/ESXi hosts. . To help you secure your systems and data, I'll explain how this ransomware operates and offer practical advice you can implement to mitigate risk. Understanding the Cicada3301 Ransomware The Rust-based Cicada3301 ransomware targets predominantly small to midsized businesses through targeted attacks. Vulnerabilities serve as initial system entryways, likely through exploits made available via vulnerability scans. One unique aspect of Cicada3301 is that it uses compromised user credentials to execute PsExec, an otherwise legitimate program used for remote execution. This makes detection difficult as PsExec remains legitimate and more challenging to spot than its alternatives. Cicada3301 utilizes ChaCha20 for encryption, fsutil to evaluate symbolic links and encrypt redirected files, IISReset.exe to stop IIS services and encrypt files that would otherwise be locked for modification or deletion, as well as IISReset.exe to stop these IIS services and encrypt any locked files which otherwise block changes and deletion. It follows similar behavior patterns to BlackCat in clearing all event logs, deleting shadow copies via the shadowcopy-delete command-line utility, and increasing MaxMpxCt value so it can support higher volumes of traffic, such as SMB PsExec requests. Source: morphisec Cicada3301 can also target Virtual Machines (VMs), shutting down backup and recovery services and hard-coded lists of processes. Additionally, this ransomware targets 35 file extensions: sql, doc, rtf, xls, jpg, jpeg, psd, docm, xlsm, ods, ppsx, png, raw, dotx, xltx, pptx, ppsm, gif, bmp, dotm, xltm, pptm, odp, webp, pdf, odt, xlsb, ptox, mdf, tiff, docx, xlsx, xlam, potm,and txt. Investigations unveiled additional tools like EDRSandBlast that utilize vulnerable signed drivers to bypass EDR detections. Cicada3301 has been observed using this technique—as used by the BlackByte ransomware group previously—which suggests they may have collaborated to gain initial access to enterprise networks. Analysis of the ESXi version of Cicada3301 uncovered that this ransomware could use intermittent encryption to encrypt files larger than 100 MB and use a parameter named "no_vm_ss" for encryption without shutting down virtual machines running on its host machine. Understanding who may fall prey to attacks by Cicada3301 is essential. The ransomware attacks primarily target small to midsized businesses through targeted opportunistic attacks exploiting vulnerabilities, likely with help from operators of Brutus Botnet to gain initial entry to enterprise networks. Practical Advice for Mitigating Risk Linux admins can take specific practical measures to mitigate ransomware attacks, including: Regularly updating operating systems and software. Using reliable antivirus programs and firewalls. Disabling unneeded services and ports. Making regular backups of critical files and database backups. Providing regular training awareness programs on how to avoid ransomware attacks and other forms of phishing and malware attacks. Offering regular backup storage systems offsite. Regularly training staff on how to recognize these types of attacks. Our Final Thoughts on Cicada3301 Ransomware The Cicada3301 ransomware variant is a hazardous threat that targets both Windows and Linux/ESXi hosts. It is capable of embedding PsExec, clearing almost all event logs, and using legitimate tools to cause damage. Due to these characteristics, it may be hard to detect or prevent. Therefore, sysadmins must take proactive measures to safeguard their systems against possible attacks by regularly updating systems with patches, training employees for increased awareness, andbacking up critical files regularly. These measures will significantly lower the risks associated with ransomware attacks. . Explore the workings of the Cicada3301 malware, including its tactics, and discover effective strategies to safeguard your networks from potential vulnerabilities.. Cicada3301 Ransomware,Rust-Based Threats,Cyber Attack Prevention,Data Recovery,Linux Security. . Brittany Day
Sep 03, 2024
•
Hacks/Cracks
210
security advisoryattacklinuxZero-Click Bluetooth Attacks Affect Linux: Important Security Implications
Vulnerabilities have been discovered in Bluetooth technology that affect various operating systems. As Linux admins, infosec professionals, Internet security enthusiasts, and sysadmins, it is crucial to understand the implications of these vulnerabilities and the impact they may have on our work. Let's have a closer look at these flaws, how they work, their impact on Linux users, and how to mitigate your risk. . What Are These Vulnerabilities & How Do They Impact My Security? Researchers have discovered zero-click Bluetooth flaws that enable attackers to secretly pair with devices as keyboards and inject keystrokes without user interaction. The vulnerabilities affect Android, iOS, Linux, macOS, and Windows, posing a serious threat to billions of devices worldwide. Bluetooth technologies power wireless keyboards, mice, game controllers, and other peripherals used by billions of devices around the globe, highlighting the widespread nature of these vulnerabilities and the potential for malicious actors to exploit them across various platforms. The Linux Bluetooth implementation allows keyboards to initiate pairing without authentication or user confirmation ( CVE-2023-45866 ). This means that an attacker could remotely pair as a Bluetooth keyboard and inject keystrokes without the user's knowledge. The implications of these vulnerabilities are significant. They expose a potential attack vector that could compromise a wide range of devices. For Linux admins, it highlights the importance of keeping Bluetooth settings secure and applying the available patch in BlueZ. How Can I Mitigate My Risk? Infosec professionals and sysadmins must be aware of the vulnerabilities within their respective operating systems and take necessary measures to mitigate the risks, such as promptly applying patches as they are released by their distribution(s). Additionally, it raises questions about the overall security of Bluetooth technology and the need for cryptographic authentication and consent for allpairing attempts. From a broader perspective, these vulnerabilities highlight the ongoing cat-and-mouse game between security researchers and malicious actors. As technology evolves, so do the methods used by attackers to exploit it. This constant battle emphasizes the need for a proactive approach to security, with regular updates and patches and adopting best practices to secure Bluetooth connections. Our Final Thoughts on the Recent Zero-Click Bluetooth Flaws In conclusion, the article sheds light on the serious threats posed by zero-click Bluetooth attacks across major operating systems. It highlights vulnerabilities in Android, iOS, Linux, macOS, and Windows and raises important questions about the security of Bluetooth technology as a whole. As security practitioners, it is crucial to stay informed about these vulnerabilities, apply patches and updates, and advocate for improved authentication and consent mechanisms in Bluetooth pairing. By taking these steps, we can better protect the devices and systems we manage and mitigate the risks associated with these vulnerabilities. . Different operating systems are vulnerable to no-click Bluetooth exploits, urging Linux system administrators to enhance and fortify device security.. Bluetooth Security Threats, Linux Admins Security, Zero-Click Attacks. . Brittany Day
Jan 14, 2024
•
Security Vulnerabilities
210
security advisorycriticalexploitDebian: DSA-5488-1 Critical: Thunderbird Memory Safety Threats Mitigated
A critical memory safety bug has been discovered in Thunderbird 115.0 and Thunderbird 102.13 ( CVE-2023-4056 ). Due to the severity of this vulnerability's threat to the confidentiality, integrity, and availability of impacted systems, it has received a National Vulnerability Database base score of 9.8 out of 10. Other severe vulnerabilities have also been found in Thunderbird, including improper validation of the Text Direction Override Unicode Character in filenames ( CVE-2023-3417 ) and copying of an untrusted input stream to a stack buffer without checking its size ( CVE-2023-4050 ). . These issues could be exploited to cause a denial of service, obtain sensitive information, bypass security restrictions, perform cross-site tracing, or execute arbitrary code. Critical updates for Thunderbird have been released that mitigate these severe vulnerabilities. We urge all impacted users to apply the updates issued by Debian , Debian LTS , Oracle , RedHat , Rocky Linux , SciLinux , Slackware , and Ubuntu now to prevent data compromise or loss of system access and to protect their online privacy and security. To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s) . . Severe vulnerability discovered in Firefox may pose significant threat risks. Patch now to bolster your defenses.. Thunderbird Security, Memory Bug, Threat Mitigation, Software Updates. . Brittany Day
Sep 15, 2023
•
Security Vulnerabilities
210
security advisorymitigationLinux kernelLinux KVM: CVE-2022-27672 Critical AMD Cross-Thread Threat Mitigation
CVE-2022-27672 is being made public today as the "Cross-Thread Return Address Predictions" bug affecting various AMD and Hygon processors. This vulnerability affects the SMT mode where one sibling thread transitions out of the C0 state and the other sibling thread could use return target predictions. . The good news is that the Linux kernel is already protected against the AMD Cross-Thread Return Address Predictions bug as part of its Spectre V2 mitigation. But the Linux Kernel-based Virtual Machine (KVM) for virtualization does require special handling now for this bug as otherwise could result in a VM guest-controlled return target being consumed by the sibling thread. Patches were posted today to mitigate KVM for Linux 6.2, 6.1, and 5.15 LTS. Again, these kernel patches just affect KVM usage as using the standard Spectre V2 mitigations are good enough for just protecting the kernel itself. So for those not making use of KVM virtualization, there isn't much to be concerned about with today's CVE-2022-27672 disclosure. The link for this article located at Phoronix is no longer available. . AMD has issued a crucial update to tackle the Cross-Thread Return Address Predictions vulnerability affecting KVM, enhancing security in multi-threaded environments. AMD Cross-Thread Bug,Linux KVM Security,Kernel Mitigation,Spectre V2 Patch. . Brittany Day
Feb 15, 2023
•
Security Vulnerabilities
83
malwaremitigationtransformationProtect Linux and Windows Against Necro Bot's Code Morphing Attacks
The Necro Python bot - which targets both Linux and Windows systems - changes its code to evade traditional security detection. Learn the details, and get advice on how to secure your systems. . Cybercriminals often use automated bots to deploy malware infections, take control of remote computers and carry out other cyberattacks. Though a bot sounds like it might be limited in intelligence and flexibility, a sophisticated bot can do a lot of damage on behalf of the attacker. A report published Thursday by threat intelligence provider Cisco Talos looks at one bot that includes code morphing as part of its repertoire. . Discover the methods employed by the Phantom Coder tool to bypass security measures and implement strategies to secure your Linux and Windows environments.. malware threats, bot detection, Linux protection, cyber attack prevention, code morphing techniques. . LinuxSecurity.com Team
Jun 07, 2021
•
Hacks/Cracks
210
open sourceenterprise securitysecurity threatUnderstanding Open-Source Threats and Mitigation Strategies
Neglecting basic security practices exposes companies to long-standing security threats. Learn what you can do to mitigate the risk that security vulnerabilities pose to your business: . Currently, about 96 percent of the applications in the enterprise market use open-source software. On the one hand, this makes development easier for both developers and third-party vendors. On the other hand, it presents risks and exposes some die-hard vulnerabilities. The reason behind the open-source vulnerability relies exactly on its openness, as the same code is seen by all users, including attackers. Therefore, once they find an exploit or flaw, they will use it to cause harm, retrieving sensitive data from systems that have not been updated. Attackers can lurk inside a network for months undetected, as happened with the Equifax breach in 2017 , which exposed 145 million customers due to outdated software. The link for this article located at Security Today is no longer available. . Overlooking security in open-source projects can leave organizations vulnerable to enduring risks. Explore effective defense measures.. Open Source Vulnerability, Enterprise Security, Security Practices. . Brittany Day
Aug 20, 2019
•
Security Vulnerabilities
74
attackddosmitigationAnycast Mitigates February DDoS Attack on Internet Backbone
An attack in early February on key parts of the backbone of the internet had little effect, thanks to new protection technology, according to a report released this week. The distributed denial-of-service attack on the Domain Name System (DNS) proved the effectiveness of the Anycast load-balancing system, the Internet Corporation for Assigned Names and Numbers (ICANN) said in a document published on Thursday. ICANN regulates internet domain name and address registration and operates one of the main so-called root DNS servers. . "The internet sustained a significant distributed denial-of-service attack, originating from the Asia-Pacific region, but stood up to it," according to the ICANN document, which attributed the internet's fortitude to Anycast's routing of traffic to the nearest server. DNS serves as the address book for the internet, mapping text-based domain names to the actual numeric IP addresses of servers connected to the internet, and vice versa. A distributed denial-of-service attack seeks to bring targeted servers down by sending an onslaught of traffic from multiple sources, typically compromised PCs. The link for this article located at CNET News.com is no longer available. . The unprecedented DDoS on the web infrastructure in March prompted the deployment of advanced Anycast solutions, bolstering resilience.. Anycast Technology, DDoS Attack Mitigation, DNS Security, Internet Backbone Protection, Network Traffic Management. . Bill Locke
Mar 14, 2007
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More