Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Ahead With Linux Security News

Ironworm Hero Esm H350
Security Vulnerabilities Price Tag 1malware linux

IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
1 min read Security Vulnerabilities
14.Lock Code WorldMap Esm H350
Network SecurityPrice Tag 1system security Linux network

The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
3 - 5 min read Network Security
2.Motherboard Esm H350
Server SecurityPrice Tag 1open-source Linux administration

Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
3 - 6 min read Server Security
20.Lock AbstractDigital Circular Esm H350
Vendors/ProductsPrice Tag 1security breach linux

A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
5 - 10 min read Vendors/Products
30.Lock Globe Motherboard Esm H350
Security Trends Price Tag 1access control multi-tenant

Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
4 - 8 min read Security Trends
Filter Icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -1 articles for you...
210
19.Laptop Bed Esm H240
Price Tag 1data protectionkernel securityopen source initiative

Open-Source Summit Europe: Address Space Isolation for Kernel Improvements

IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated. Learn more in an interesting Phoronix article: . Mike Rapoport and James Bottomley presented at this week's Open-Source Summit Europe in France on Address Space Isolation within the kernel compared to the current structure of the kernel using a single address space. The still in-progress A.S.I. patches could allow for certain kernel contexts like the Kernel-based Virtual Machine (KVM) to have a separate address space to reduce the exposure of sensitive data. Kernel Address Space Isolation was proposed earlier this year but its impact is still to be fully evaluated in terms of the impact on code complexity and overall security benefits as well as performance. As such, this functionality isn't coming to a near-term kernel release but those wanting to find out more can do so via this PDF slide deck from the presentation. The link for this article located at Phoronix is no longer available. . During the Open-Source Summit Europe, Mike Rapoport and James Bottomley engaged in a conversation about Address Space Isolation and its implications for security.. Address Space Isolation, Kernel Security, Open Source Summit, Data Protection. . Brittany Day

Calendar 2 Nov 04, 2019 User Avatar Brittany Day Security Vulnerabilities
82
General Esm H240
Price Tag 1network securitysecurity assessmentfederal agency

DHS Failing Grade in Network Security Assessment Report

The US federal government's latest computer-security report has given the Department of Homeland Security a failing 'F' grade US federal departments and agencies are showing some improvement in protecting their computer networks, but many -- including the Department of Homeland Security . . . . The US federal government's latest computer-security report has given the Department of Homeland Security a failing 'F' grade US federal departments and agencies are showing some improvement in protecting their computer networks, but many -- including the Department of Homeland Security -- are failing, according to a government report released on Tuesday. The report, prepared for the House of Representatives' Committee on Government Reform, found that almost all agencies had improved their computer-security grade since last year. However, several key federal departments continued to fail to adequately protect their networks and earned an "F." The link for this article located at ZDNet.co.uk is no longer available. . The US federal government's latest computer-security report has given the Department of Homeland Sec. federal, government's, latest, computer-security, report, given, department, homeland. . Anthony Pell

Calendar 2 Dec 15, 2003 User Avatar Anthony Pell Government
Banner 1 1028x280 1708121660 1771599717
82
General Esm H240
Price Tag 1network securityrisk assessmentsecurity compliance

Government Agencies Network Security Report Card Reveals 14 Failures

The 24 major agencies of the U.S. government performed so poorly this year that lawmakers charged with overseeing government efficiency want to tie agencies' funding to network security procedures and force them to buy software only from a list of "qualified" . . . . The 24 major agencies of the U.S. government performed so poorly this year that lawmakers charged with overseeing government efficiency want to tie agencies' funding to network security procedures and force them to buy software only from a list of "qualified" products. Despite the redoubled attention to security since the terrorist attacks of Sept. 11, 2001, 14 of 24 federal agencies flat out flunked their efforts to improve network safety, according to the Computer Security Report Card released last month by the House Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. This fall, the subcommittee concluded that every major agency in the federal government houses significant network security weaknesses. The link for this article located at EWeek is no longer available. . The 24 major agencies of the U.S. government performed so poorly this year that lawmakers charged wi. major, agencies, government, performed, poorly, lawmakers, charged. . Anthony Pell

Calendar 2 Dec 04, 2002 User Avatar Anthony Pell Government
79
General Esm H240
Price Tag 1peer reviewsecure daemonpop3 server

Akpop3d Peer Review Invitation For Secure POP3 Daemon Development

Andreas Krennmair writes, "Because I found the design of Solar Designer's POP3 daemon popa3d somewhat obscure, I started writing my own POP3 daemon, called akpop3d. Now I want to ask the LinuxSecurity.com community to peer-review this program. Although I . . . . Andreas Krennmair writes, "Because I found the design of Solar Designer's POP3 daemon popa3d somewhat obscure, I started writing my own POP3 daemon, called akpop3d. Now I want to ask the LinuxSecurity.com community to peer-review this program. Although I did very thorough security checks, I can't be 100% sure unless somebody had a look at it. I'd be glad to get some feedback, be it potential security problems or new features, no matter whether as patch or as an idea." akpop3d is a POP3 daemon aimed to be small and secure. Despite its small size, it offers a lot of features. It is completely RFC 1939 compliant. The link for this article located at Andreas Krennmair is no longer available. . Sophia Reynolds seeks insights on her robust SMTP server, smtpdSecure, designed for collaborative evaluation and enhancement of security protocols.. akpop3d, secure daemon, pop3 server, security feedback. . LinuxSecurity.com Team

Calendar 2 Jan 13, 2002 User Avatar LinuxSecurity.com Team Security Projects
Banner 1 1028x280 1708121660 1771599717
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here