Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 100 articles for you...
209

Business Email Compromise with AI Enhancements and New Defense Strategies

Business Email Compromise used to be a numbers game — mass-blasted emails, broken English, an obvious "URGENT WIRE TRANSFER" subject line. That era is over. Generative AI has turned BEC into a tailored, low-noise operation that mimics writing style, voice, and even video presence. This piece looks at what's actually changed under the hood, what defenders are testing in response, and why so many organizations are still structurally unprepared for it. . The Infrastructure Problem Nobody Wants to Admit Here's an uncomfortable truth: most BEC defenses fail not because the AI is too clever, but because the mail infrastructure behind them is ancient. Legacy MTAs bolted together over a decade, half-configured SPF records, DKIM keys nobody rotated since 2019 — this is fertile ground for attackers who no longer need to guess your CFO's writing style, because a language model can extract it from three publicly available press releases in under a minute. Sysadmins carrying that kind of technical debt aren't fighting AI-generated phishing on equal footing; they're fighting it with one hand tied to a mail server that was never designed for this threat model. Modernizing that stack — replacing brittle, unmonitored legacy pipelines with something observable and policy-driven — has stopped being an IT hygiene task and become a security requirement. A proper software modernization solution addresses exactly this gap, turning fragmented legacy email and identity infrastructure into something that can actually enforce Zero Trust principles instead of just gesturing at them in a compliance document. That's not a hypothetical concern. According to industry incident data, BEC remains one of the costliest categories of cybercrime tracked by the FBI's IC3 division year over year, and the losses keep climbing even as awareness training budgets grow. Something isn't adding up — and the honest answer is that awareness training was built for a threat that has since evolved past it. What Attackers AreActually Testing Right Now Personalized Phishing at Machine Speed Large language models didn't just make phishing emails more grammatically correct. They collapsed the reconnaissance phase from days to minutes. Feed a model a target's LinkedIn history, a few earnings call transcripts, and a handful of public Slack or GitHub posts, and it will draft a message that references internal project codenames, mirrors the CEO's typical sentence rhythm, and lands in an inbox with zero red flags for a spam filter trained on 2021-era phishing patterns. A few technical shifts worth flagging: Style transfer at scale. Attackers fine-tune or prompt open-weight models on scraped email threads (often from prior breaches or public archives) to replicate an executive's tone precisely enough to fool colleagues who've worked with them for years. Multi-turn social engineering. Instead of one-shot emails, attackers now run conversational threads — the model adapts replies in real time, handling objections ("can you confirm this on a call?") with plausible, context-aware pushback. Automated OSINT pipelines. Reconnaissance that used to require a skilled human analyst is now a scripted pipeline chaining search APIs, scraping tools, and an LLM summarizer — cutting attacker prep time from days to under an hour. Voice Cloning and Deepfake Verification Calls This is the part that should genuinely worry anyone running finance operations. Voice cloning tools now need as little as three seconds of clean audio — pulled from a conference recording, a podcast appearance, an earnings call — to produce a convincing synthetic voice. Combine that with a deepfake video call (even a low-resolution one over a "bad connection," which conveniently masks artifacts), and you've defeated the exact verification step most finance teams were told to rely on: "just call them to confirm." Voice authentication as a control is quietly becoming obsolete. Not gone yet, but the trend line is unambiguous, and financeteams that still treat a phone call as a hard confirmation step are working from an outdated threat model. Business Logic Abuse Over Malware One detail that surprises people outside the field: a huge share of modern BEC doesn't involve malware at all. No payload, no exploit, nothing for an EDR agent to catch. It's pure social engineering wrapped around legitimate business processes — invoice changes, payroll redirects, vendor bank detail updates. Mapped against MITRE ATT&CK, this activity sits almost entirely in the Initial Access and Collection tactics, rarely touching Execution or Persistence in any way a traditional security stack is tuned to detect. That's precisely why signature-based and payload-based defenses keep missing it. What Defenders Are Building to Counter It The defensive side isn't standing still, and there's some genuinely interesting engineering happening — though most of it is still maturing from prototype into production reliability. Behavioral and Linguistic Baselining Instead of scanning for malicious links or attachments, newer platforms build a behavioral fingerprint per sender: typical sending hours, sentence length distribution, vocabulary patterns, even punctuation habits. When a message claiming to be from a known executive deviates from that baseline — arriving at 3 a.m., using unusually formal phrasing, requesting an action that's never occurred in that thread's history — it gets flagged for review, regardless of whether it contains any traditionally "malicious" content. AI-Driven Anomaly Detection Across Mail Flows Security teams are increasingly running anomaly detection models across aggregate mail flow data rather than individual messages: sudden changes in reply-to domains, unusual DKIM signature patterns, mismatches between the claimed sending infrastructure and actual delivery path. This is where solid fundamentals still matter enormously — a well-configured DMARC policy with strict alignment, properly rotated DKIM keys, andenforced SPF still catch a meaningful share of spoofing attempts before any AI layer even needs to look at content. For teams building this out on Linux mail infrastructure, the practical groundwork is covered well in Zero Trust for Email: Implementing Advanced Protections on Linux — worth revisiting even if your DMARC rollout already feels "done," because alignment mode and reporting configuration drift over time in ways nobody notices until an audit. Adaptive Filtering That Learns Per Organization Generic, vendor-wide filtering models struggle with BEC precisely because these attacks are so context-specific — there's no universal signature for "email pretending to be your specific CFO." Adaptive filtering approaches train lightweight models on an organization's own historical mail corpus, learning what "normal" actually looks like internally rather than applying a one-size-fits-all threat model. Early deployments show promise here, though false-positive tuning remains the genuine bottleneck; block too aggressively and you're fielding help desk tickets from the actual CFO. A quick summary of where the technical controls stack up: SPF/DKIM/DMARC enforcement — foundational, still catches a real share of spoofing, but useless against compromised legitimate accounts Behavioral baselining — effective against style mimicry, resource-intensive to maintain accurately Voice/video verification protocols — need a second, out-of-band channel (a pre-shared code phrase, a callback to a known number, not one provided in the suspicious message itself) Payload-agnostic anomaly detection — necessary given how much BEC skips malware entirely, but requires mature baseline data to avoid alert fatigue Attachments Still Matter — Just Not the Way They Used To It would be a mistake to assume BEC 2.0 has made malicious attachments irrelevant. Attackers still pair social-engineering pretext with weaponized documents in a meaningful minority of campaigns — usually as asecondary payload once initial trust is established through a convincing AI-generated thread. The detection techniques covered in Enhancing Linux Email Security: Identify Malicious Attachments Effectively remain directly relevant here; sandboxed detonation and macro analysis haven't gone anywhere; they've just become one layer among several rather than the primary defense. Where Server-Level Hardening Fits In None of the AI-era detection tooling matters much if the underlying mail transfer agent itself is exploitable. The disclosure and patch cycle around Exim 4.98 is a good reminder that MTA-level vulnerabilities remain very much alive as an attack surface, and BEC campaigns increasingly chain infrastructure compromise with social engineering — gaining a foothold through an unpatched mail server, then using that legitimate infrastructure to send convincing internal-looking messages that sail past reputation-based filtering entirely. NIST's guidance on email security practices (SP 800-177 and related publications) has aged surprisingly well as a baseline framework, even against threats its authors couldn't have fully anticipated — encrypted transport, authenticated sending domains, and least-privilege access to mail infrastructure are still exactly the right starting points. What's changed isn't the framework; it's the sophistication of what's probing for gaps in it. So What Should Actually Change on the Ground? Not a full teardown of existing security stacks — that's neither realistic nor necessary. But a few shifts in priority are overdue: Treat voice and video confirmation as compromised by default; require a genuinely out-of-band verification step for any financial or credential-related request. Audit DMARC alignment and DKIM key rotation schedules now, not after the next quarterly review — this is cheap to fix, and attackers are actively scanning for the gaps. Shift detection budget toward behavioral and flow-based anomaly detection, since a growing share ofBEC never triggers payload-based defenses at all. Stop treating legacy mail and identity infrastructure as untouchable. Every unpatched, unmonitored legacy component is one more surface a language model can map faster than your team can document it. Is this an arms race? Sure, in the sense that every era of email security has been. But the pace has changed — attacker tooling that took a skilled operator days to build manually is now a weekend project with off-the-shelf models. Defenders who treat that shift as just another line item in next year's budget request are going to keep losing ground. The ones who close the infrastructure gaps now, while also investing in behavior-aware detection, are the ones who'll actually keep pace. . Generative AI is revolutionizing Business Email Compromise, enhancing phishing tactics and challenging your existing defenses.. Business Email Compromise, AI Security, Phishing Attacks, Identity Infrastructure, Cyber Defense Strategies. . Anthony Pell

Calendar%202 Jul 17, 2026 User Avatar Anthony Pell Security Trends
212

QR Code Phishing Linux Quishing Risks and Mitigation Strategies

QR codes were originally designed for industrial logistics. They were optimized for efficiency, not security. In recent years, they have become embedded across enterprise workflows, authentication flows, ticketing systems, packaging, and internal documentation systems. That expansion has created a new attack surface. . QR code phishing, often referred to as “quishing,” is not a new phishing variant in a technical sense. It is a delivery-layer adaptation. Instead of embedding a malicious hyperlink in an email body, the attacker encodes the URL into a QR code. In Linux-centric environments, especially in hybrid desktop and server infrastructure, the risk profile is more subtle than it appears. How QR Code Phishing Bypasses Traditional Email Security Controls Traditional phishing defenses rely heavily on URL inspection, domain reputation feeds, attachment scanning, and mail gateway filtering. This is where QR code phishing diverges from conventional campaigns. QR codes bypass that inspection layer because: The payload is embedded in image form. URL analysis requires decoding prior to scanning. Many mail filters treat QR images as static media assets. The final destination may include layered redirects and short-lived infrastructure. When a Linux user receives a PDF or email containing a QR code, no immediate domain reputation check is triggered unless the scanner application performs one. The user becomes the decoder. From a security architecture perspective, that inversion is significant. QR Code Phishing Attack Flow in Linux Environments Let’s break down a realistic scenario: A targeted user receives a notification email appearing to originate from an internal admin tool. The email includes a QR code labeled “Verify SSH Key Registration.” The recipient scans the QR using a mobile device or a desktop QR reader. The QR code resolves to a phishing page mimicking the organization’s SSO provider. The user enters credentials. Theattacker captures session tokens or initiates OAuth abuse . Nothing in this flow requires exploiting the Linux host. No buffer overflow. No local privilege escalation. It is purely an identity-layer compromise. In modern infrastructure, identity is the control plane. Linux and Open-Source Systems: Where the Risk Surfaces Linux environments frequently rely on: SSH key-based authentication Web-based identity providers OAuth integrations Self-hosted open-source dashboards Internal DevOps tooling Many of these systems are accessed from hybrid environments: Linux desktops, remote SSH sessions, container dashboards, and cloud consoles. If a QR code links to a fake Git service login or a fake internal dashboard, the breach may not be immediately visible. In some cases, attackers use reverse proxy frameworks to relay authentication in real time, capturing tokens while maintaining the appearance of a successful login. This is not Linux exploitation. It is a session interception. Why QR Code Phishing Targets Technical and DevOps Users There is an assumption that experienced Linux users are less prone to phishing. In many respects, this is true when the threat is obvious. However, QR codes change the interaction model. There is no hover preview. CLI-based workflows encourage trust in verified systems. Many security-minded users rely on password managers, but QR phishing may target OAuth approval screens rather than credential entry. Mobile scanning creates context switching between devices. That device boundary weakens situational awareness. The attacker does not need to bypass SELinux. They just need to bypass skepticism. Common QR Code Phishing (Quishing) Attacks in DevOps and Cloud Environments 1. Fake SSH Key Verification Pages QR codes claiming to help register new keys for remote Git platforms. 2. Kubernetes Dashboard Impersonation Phishing pages imitating internal cluster dashboards. 3. OAuth Consent Hijacking QR codes linking to malicious third-party integrations requesting expanded privileges. 4. Configuration Portal Spoofing QR codes in “infrastructure maintenance notices” redirect to malicious admin lookalikes. None of these attacks compromises the Linux kernel. They compromise operator access. Defensive Controls in Open-Source Environments Effective mitigation requires layered defense, not user education alone. Mail Pipeline Controls Mail servers such as Postfix, combined with SpamAssassin or Rspamd, can be configured with additional image analysis plugins. While not foolproof, integrating QR decoding heuristics into mail scanning pipelines reduces uninspected payloads. URL Proxy Validation Enterprise browsers on Linux can be configured with proxy-based URL validation layers. Squid proxy combined with threat intelligence feeds can restrict access to newly registered domains often used in QR campaigns. OAuth Scope Restrictions Avoid allowing broad OAuth consent flows inside internal tools. Restrict application-based token permissions wherever possible. Hardware-Backed Authentication FIDO2 security keys significantly reduce credential phishing risk. Even if a user is tricked, the phishing domain will fail cryptographic binding. DNS Monitoring Monitor DNS queries for unexpected outbound domains triggered immediately after document viewing events. This can detect QR-based redirection activity. Image-Based Threats Are Growing QR phishing represents a wider challenge: image-encoded threats. Security tooling in open-source ecosystems has historically focused on text payloads, signatures, and network anomalies. Image-encoded attack vectors require different inspection paradigms. Integrating image hashing and decoding analysis into mail gateways is increasingly relevant. The security community should treat QR codes as executable intent embedded visually. QR Code Governance and Secure Deployment Practices It is important to distinguish malicious QRinfrastructure from legitimate operational use. Organizations deploying QR codes internally should avoid uncontrolled static links. Static codes printed in documentation can become permanent attack targets if hijacked or replaced. Using managed systems for dynamic control reduces exposure. Managed QR systems that support dynamic redirection and centralized control provide stronger governance than static, unmanaged codes embedded in documentation. The principle is governance, not branding. Threat Modeling and Secure Design Considerations for QR Code Workflows From a DevSecOps perspective, threat modeling should explicitly include QR-based entry points. When designing systems that expose QR codes: Validate the integrity of published images. Ensure TLS enforcement is strict and certificate pinning is considered in mobile workflows. Avoid embedding administrative endpoints behind easily replicated login flows. Implement anomaly detection on sudden increases in authentication errors. QR codes should be categorized as remote link interfaces within STRIDE modeling. They are effectively remote input vectors. QR Code Phishing Impact on Containers, CI/CD Pipelines, and Cloud Access In containerized Linux environments: Phished credentials can lead to compromised CI pipelines. OAuth token theft can provide API-level access to cloud providers. Kubernetes RBAC privileges can be abused even without host compromise. Therefore, mitigating quishing indirectly protects workload isolation integrity. User Behavior Risks in QR Code Phishing Attacks Technical defenses matter, but behavioral controls also play a role. Encourage: Domain verification habits before OAuth approval. Separation of personal and administrative identities. Dedicated devices for privileged operations where possible. Disallow scanning administrative-related QR codes from unmanaged devices. Linux security has long emphasized least privilege and compartmentalization. The samephilosophy applies here. Why QR Code Phishing Reflects a Shift in Modern Attack Techniques Quishing is not about QR codes specifically. It reflects a broader shift: adversaries adapt faster than filtering models. Security tooling built around hyperlink inspection must now inspect image payloads and cross-device behavior. Linux and open-source infrastructures are not uniquely vulnerable. But they are widely deployed in identity-critical roles. That alone makes them strategic targets. Key Takeaways for Preventing QR Code Phishing in Linux Environments QR code phishing succeeds not because Linux systems are weak, but because identity systems are abstracted away from user scrutiny. Mitigation requires improvements in: Email scanning pipelines OAuth governance FIDO adoption Proxy monitoring Threat modeling awareness QR codes are simple. Identity compromise is not. In modern Linux environments, protecting the control plane means recognizing that even a small black-and-white square can act as an access vector. . QR code phishing poses risks in Linux environments. Learn effective strategies to mitigate these threats and protect systems.. QR Code Phishing, Linux Risk, Identity Threats, Security Measures, Mitigation Strategies. . MaK Ulac

Calendar%202 Feb 24, 2026 User Avatar MaK Ulac Cloud Security
83

CRON#TRAP: Emulated Linux Threats and Detection Strategies

Security threats continue to emerge from every corner of the cyber universe, with malicious actors constantly innovating new techniques to breach systems and remain undetected. One such creative attack is an emerging campaign dubbed "CRON#TRAP," which uses emulated Linux environments to execute malicious commands stealthily. . In this article, I'll explore CRON#TRAP's intricacies, including its design, significance, and potential targets, and offer practical advice for detection and prevention. Understanding CRON#TRAP Understanding CRON#TRAP requires diving deep into its complex attack vector, where cybercriminals use custom-built QEMU (Quick Emulator) Linux boxes on compromised endpoints to mount attacks. This emulated Linux environment, often distributed via phishing emails , has a backdoor that enables attackers to remain hidden on victim machines for extended periods. An initial step in an attack usually begins with phishing emails containing links to download an unorthodoxly large ZIP file titled "OneAmerica Survey.zip," often over 285MB - an early warning signal for alert users. Once they extract the archive, users find a shortcut file ("OneAmerica Survey.lnk") and a data directory that houses the QEMU installation directory; however, its contents remain hidden unless users enable the "view hidden files" option in their file explorer. Lure Image (source: securonix) The shortcut file connects to the system's PowerShell process and executes a command that re-extracts ZIP file contents into the user's profile directory and starts the start.bat batch file. This batch file primarily performs two actions: it displays a fake "server error" message to conceal malicious activity. It also executes QEMU (disguised as fontdiag.exe) emulator for running Linux environments on computers running Microsoft Windows OSes. QEMU runs invisibly in the background using its "-nographic" parameter to ensure an emulated Linux instance operates without a graphical user interface, making its detectiondifficult. Within this "PivotBox," attackers can execute additional commands or stage further malware without directly engaging with the host system - bypassing traditional antivirus solutions. Linux instances contain special commands, like get-host-shell and get-host-user , that allow them to interact with their host machine by accessing stored user context information. These allow attackers to execute host system shells from within an emulated environment, thereby improving their chances of remaining undetected while conducting malicious activities. Examining the Significance of This Novel Technique Utilizing QEMU to install an emulated Linux environment on a victim's machine is an innovative malware deployment strategy. As this virtualization tool is widely used and not usually flagged by security systems, attackers can circumvent traditional antivirus detection mechanisms. By operating within an isolated Linux environment, attackers can execute commands and stage further attacks without leaving a significant footprint on the host system. This level of stealth and persistence can remain undetected for extended periods, enabling attackers to conduct extensive reconnaissance, data exfiltration, or other malicious activities without detection. Who Is at Risk? While the victims of CRON#TRAP remain unknown, telemetry data indicates that most sources originate in either North America or Europe, with North America potentially being targeted as the main area for attack. Organizations across various sectors, such as government, finance, healthcare, and critical infrastructure, could fall prey to such sophisticated attacks. Individuals within these organizations who handle sensitive information, such as executives, IT administrators, and employees with elevated privileges, are particularly at risk. Phishing as an initial attack vector only compounds this risk further as it targets human vulnerabilities through social engineering techniques. Strategies for Early Detection and Prevention CRON#TRAP detection and prevention require a multidimensional approach to safeguarding systems. In particular, to detect CRON#TRAP, it's vital to watch out for unusual files and processes - such as large and oddly named ZIP files appearing unexpectedly or shortcut files appearing in unusual places - which could signal potential CRON#TRAP attacks. System processes should be carefully evaluated for QEMU processes running, especially those using strange names like fontdiag.exe. Network traffic analysis is equally important. This includes scanning for known malicious command and control (C2) servers and using network monitoring tools to detect anomalous outbound connections that could indicate backdoor access points. PowerShell activities require careful examination through audit log analysis for any unusual command executions, especially those related to file extraction and batch file execution. Implementing Endpoint Detection and Response (EDR) solutions can detect suspicious activities on endpoints, including hidden processes being run as processes running in parallel. To prevent CRON#TRAP attacks, comprehensive email security measures must be in place. This may involve installing advanced filters to detect and block phishing attempts and training employees about these tactics to recognize suspicious emails. File integrity monitoring tools can be extremely useful in detecting changes to important files and directories, including any hidden ones that may appear suddenly. Implementing Multi-Factor Authentication (MFA) protects against unauthorized access even if credentials have been compromised. Regular updates are necessary to protect all software, including operating systems and virtualization tools like QEMU, from known vulnerabilities. Network segmentation can limit lateral movement within systems by applying the principle of least privilege to restrict user access only to essential functions. Regular security audits and vulnerability assessments should also be performed to detect anyweaknesses in the security framework, providing an active defense against CRON#TRAP attacks. Our Final Thoughts on This Novel Linux Security Threat The CRON#TRAP campaign draws attention to the ever-evolving nature of cyber threats, highlighting their need for robust security measures that adapt to them. By exploiting emulated Linux environments through QEMU, attackers can avoid traditional detection mechanisms while maintaining a stealthy presence on compromised systems. Organizations should remain vigilant and implement robust detection and prevention strategies against advanced threats to stay protected against such risks. . Delve into the CRON#TRAP cyber threat operation, utilizing simulated Linux platforms for surreptitious infiltrations, and discover effective countermeasures to defend against such incursions.. CRON#TRAP malware,QEMU detection,cyber threats prevention,emulated Linux environments,phishing attacks. . Brittany Day

Calendar%202 Nov 06, 2024 User Avatar Brittany Day Hacks/Cracks
83

Israel: Phishing Alerts for F5 Updates - Data Wipers Target Linux Users

Alright, folks, let me fill you in. Fake security updates have been causing real-world havoc ! The Israel National Cyber Directorate (INCD) alerts about phishing emails pretending to be F5 BIG-IP security updates, and guess what? These emails unleash Windows and Linux data wipers. Troubling, right? . Israeli organizations have been under fire recently, with an uptick in data theft and data-wiping attacks since October. Fueling this storm, the INCD discovered a malicious data wiper, "BiBi Wiper," which puts your Linux and Windows devices in its crosshairs. But it doesn’t stop there! The phishing emails link to a so-called F5 BIG-IP update, which, when launched, unleashes data wipers. Crafty, eh? The Linux and Windows versions will communicate with a Telegram channel to provide information about the compromised device, including status updates. So, what are the implications of these attacks? The threat isn't merely local, so we must ask how such tactics might evolve and impact global cybersecurity. While vendors are naturally the first line to maintain custom updates, where does that leave the end-users, particularly in open-source and Linux communities? Long-term, how can awareness and robust security strategies mitigate these risks? At LinuxSecurity, we've long been preaching that awareness and a defense-in-depth approach to securing your Linux systems are critical in mitigating risk. Remember, mates, only trust updates from original vendors or your Linux distro(s) and only download files from email if they come from a trusted and confirmed source. Stay safe out there, you savvy tech folks! . Cyber threats escalate for Israeli enterprises as harmful phishing campaigns aim at both Linux and Windows platforms.. Data Wiper Threats, Phishing Attacks, Linux Security Updates, Cybersecurity Awareness, Threat Intelligence. . LinuxSecurity.com Team

Calendar%202 Dec 21, 2023 User Avatar LinuxSecurity.com Team Hacks/Cracks
209

Insights on Protecting Business Emails from Cyber Threats

In this interview with Help Net Security, Dave Wreski, CEO at Guardian Digital , the open source email security company, talks about modern email threats and offers protection advice for organizations. Wreski explains how the open-source development model can be applied to the development of email security technology to engineer highly effective phishing and zero-day protection. . When it comes to business communication, email is still king. Cybercriminals are aware of this fact, and they’re constantly perfecting their attacks to successfully evade the built-in security defenses of Microsoft 365 and Google Workspace. . Discover strategies to protect your corporate emails against online dangers by understanding phishing mitigation and utilizing open source tools.. Email Security, Phishing Protection, Open Source Solutions, Cyber Threats, Business Communication. . Brittany Day

Calendar%202 Aug 27, 2021 User Avatar Brittany Day Security Trends
67

FBI Alerts Users: HTTPS Isn't A Trust Guarantee Against Phishing

Would you trust a website simply because the connection to it is secured using HTTPS backed by the green padlock symbol? . Not if you’re informed enough to understand what HTTPS signifies (an encrypted, secure connection with a server) and doesn’t signify (that the server is therefore legitimate). This week the FBI issued a warning that too many web users view the padlock symbol and the ‘S’ on the end of HTTP as a tacit guarantee that a site is trustworthy. The link for this article located at NakedSecurity is no longer available. . Not if you’re informed enough to understand what HTTPS signifies (an encrypted, secure connection . would, trust, website, simply, because, connection, secured, using, https, backed. . LinuxSecurity.com Team

Calendar%202 Jun 12, 2019 User Avatar LinuxSecurity.com Team Cryptography
83

Increasing Cybersecurity Needs More Hackers for Effective Defense

Cybersecurity incidents are gaining an increasingly high profile. In the past, these incidents may have been perceived primarily as a somewhat distant issue for organizations such as banks to deal with. But recent attacks such as the 2017 Wannacry incident, in which a cyber attack disabled the IT systems of many organizations including the NHS, demonstrates the real-life consequences that cyber attacks can have. . These attacks are becoming increasingly sophisticated, using psychological manipulation as well as technology. Examples of this include phishing emails, some of which can be extremely convincing and credible. Such phishing emails have led to cybersecurity breaches at even the largest of technology companies, including Facebook and Google. The link for this article located at TheNextWeb is no longer available. . The frequency of cybersecurity breaches is escalating, revealing tangible impacts from assaults fueled by manipulation techniques and deceptive email schemes.. Cybersecurity Attacks, Incident Response Strategies, Cyber Threat Actors. . LinuxSecurity.com Team

Calendar%202 Apr 25, 2019 User Avatar LinuxSecurity.com Team Hacks/Cracks
82

Garfield County Ransomware Attack: Revealing Major Cybersecurity Flaws

Garfield County, Utah, was recently affected by ransomware. Local government is an increasingly attractive target for criminals because of its high dependence on information technology, and generally poor security. Elected officials are under constant pressure to spend available funds on something visible and appealing to the electorate rather than unseen technology. . Little is known about the Garfield attack. In brief, it appears that an employee clicked a phishing link that gave the criminals access. Having gained access, the ransomware apparently encrypted enough systems to require County officials to switch to paper administration; although it is reported that the courts, elections and sheriff's office were not affected. The link for this article located at SecurityWeek is no longer available. . A recent incident in Larimer County exposed serious flaws in the cybersecurity measures of local government systems following a ransomware breach.. Ransomware Attack, Cybersecurity Threats, Phishing Risks, Local Government Security. . Brittany Day

Calendar%202 Apr 17, 2019 User Avatar Brittany Day Government
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200