Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
83
hackingcyber crimecomputer fraudRomanian Hackers Charged In U.S. Point-Of-Sale Data Theft Scheme
Four residents of Romania have been charged for their alleged participation in a multimillion-dollar scheme to remotely access point-of-sale systems at more than 150 Subway restaurants and other U.S. merchants and steal payment card data, the U.S. Department of Justice said.. The four-count indictment, unsealed Wednesday, charges the four Romanians with conspiracy to commit computer fraud, wire fraud and access device fraud. Charged in U.S. District Court for the District of New Hampshire were Adrian-Tiberiu Oprea, 27, of Constanta, Romania; Iulian Dolan, 27, of Craiova; Cezar Iulian Butu, 26, of Ploiesti; and Florin Radu, 23, of Rimnicu Vilcea. Oprea was arrested last week in Romania and is in custody there, the DOJ said in a press release. Dolan and Butu were arrested upon their entry into the U.S. in August 2011 and remain in custody. Radu remains at large. The link for this article located at Network World is no longer available. . Three individuals from Romania arrested for allegedly plotting to compromise payment terminals and unlawfully access credit card information from businesses in the United States.. Payment Card Data Theft, Point-of-Sale Hacking, Romania Cyber Crime. . LinuxSecurity.com Team
Dec 08, 2011
•
Hacks/Cracks
67
data protectionsecurity practicespayment systemsUnderstanding P2P Encryption Security for PCI Compliance
The most secure P2PE option is to replace existing payment terminals with newer hardware devices offering built-in encryption capabilities. With encryption at the read head, all mag stripe data is encrypted on the hardware terminal itself as soon as the consumer swipes his or her card. No readable data ever leaves the unit, eliminating the risk of theft as it traverses the merchant network. This strategy completely defuses the threat of online attacks.. In the wake of the highly publicized payment card security breaches of the past few years, point-to-point encryption (P2PE) has emerged as a frontrunner in the search for a stronger defense against data compromise. The technology is also being touted as a solution to limit the scope -- and therefore the expense -- of complying with the Payment Card Industry Data Security Standard (PCI DSS). Yet the ability of P2PE to improve security as well as reduce PCI scope is entirely dependent on the implementation. Both the encryption points selected and the encryption methodologies used will have a direct effect on how well cardholder data is protected between the time it leaves the payment terminal and arrives at its destination.. In the wake of the highly publicized payment card security breaches of the past few years, point-to-. secure, option, replace, existing, payment, terminals, newer, hardware, devices. . LinuxSecurity.com Team
Mar 01, 2011
•
Cryptography
82
data protectioncybersecuritypayment securityHeartland Payment Systems Launches E3 End-to-End Encryption Innovations
Heartland Payment Systems, the victim last year of a massive data breach of sensitive card data, vowed after that devastating event to develop new security gear based on end-to-end encryption between itself and its merchants to prevent such a breach from occurring again. That's now taking shape, but slowly.. "We have a long way to go," acknowledges Heartland CEO Bob Carr, pointing out the so-called E3 payment terminals, intended for small-to-midsize customers, are but the first step, "with more advanced technologies coming in the summer" intended for use between Heartland's network and much larger merchants that would require more back-end integration into processing systems. "We're not ready to help all of them yet," he acknowledges. The six greatest threats to U.S. cybersecurityThere is as of yet no end-to-end encryption requirement for debit- and credit-card processing, though the Payment Card Industry (PCI) Security Standards Council, which sets technical standards used by payment processors and merchants, is expected to weigh in on that topic in its upcoming PCI standard this October. The link for this article located at IT World is no longer available. . Leading executive at Heartland emphasizes advancements in comprehensive encryption for transaction processes post-security incident, promising enhanced safety.. Heartland Payment Systems, Payment Security, Data Protection, Payment Processing, Cybersecurity Advancements. . Alex
Jul 01, 2010
•
Government
83
identity theftdigital crimecredit cardAlbert Gonzalez Indicted For Largest Credit Card Theft In History
The same guy responsible for the TJX breach, and now serving time, is now accused of stealing 130 million credit cards from 7-Eleven and two unnamed retail chains. The best part is that he once worked with federal authorities to identify co-conspirators in another online theft. The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins, The New York Times. In an indictment, the Justice Department said that Albert Gonzalez, 28, of Miami and two unnamed Russian conspirators made off with more than 130 million credit and debit card numbers from late 2006 to early 2008. Prosecutors called it the largest case of computer crime and identity theft ever prosecuted. According to the government, the culprits infiltrated the computer networks of Heartland Payment Systems, a payment processor in Princeton, N.J.; 7-Eleven; Hannaford Brothers, a regional supermarket chain; and two unnamed national retailers. . Authorities accuse Albert Gonzalez alongside two associates in a groundbreaking scheme involving the fraudulent acquisition of more than 130 million credit and debit card records.. Credit Card Theft, Cybersecurity Threats, Digital Crime. . LinuxSecurity.com Team
Aug 18, 2009
•
Hacks/Cracks
74
buffer overflowcross-site scriptingsecurity risksAnalyzing E-Commerce Security Risks: SQL Injection and More
The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. The different types of vulnerabilities discussed here are SQL injection, cross-site scripting, information disclosure, path disclosure, price manipulation, and buffer overflows. . . .. The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. The different types of vulnerabilities discussed here are SQL injection, cross-site scripting, information disclosure, path disclosure, price manipulation, and buffer overflows. Successful exploitation of these vulnerabilities can lead to a wide range of results. Information and path disclosure vulnerabilities will typically act as initial stages leading to further exploitation. SQL injection or price manipulation attacks could cripple the website, compromise confidentiality, and in worst cases cause the e-commerce business to shut down completely. There are a number ofreasons why security vulnerabilities arise in shopping cart and online payment systems. The reasons are not exclusive to these systems, but their impact becomes much greater simply because of the wide exposure that an online website has, and because of the financial nature of the transactions. One of the main reasons for such vulnerabilities is the fact that web application developers are often not very well versed with secure programming techniques. As a result, security of the application is not necessarily one of the design goals. This is exacerbated by the rush to meet deadlines in the fast-moving e-commerce world. Even one day's delay in publishing a brand new feature on your website could allow a competitor to steal a march over you. We've typically found this in cases where e-commerce sites need to add functionality rapidly to deal with a sudden change in the business environment or simply to stay ahead of the competition. In such a scenario, the attitude is to get the functionality online; security can always be taken care of later. Another reason why security vulnerabilities appear is because of the inherent complexity in most online systems. Nowadays, users are placing very demanding requirements on their e-commerce providers, and this requires complex designs and programming logic. The link for this article located at is no longer available. . The tremendous increase in online transactions has been accompanied by an equal rise in the number a. tremendous, increase, online, transactions, accompanied, equal, number. . Anthony Pell
Apr 28, 2004
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More