Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Ahead With Linux Security News

14.Lock Code WorldMap Esm H350
Network SecurityPrice Tag 1system security Linux network

The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
1 min read Network Security
2.Motherboard Esm H350
Server SecurityPrice Tag 1open-source Linux administration

Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
3 - 6 min read Server Security
20.Lock AbstractDigital Circular Esm H350
Vendors/ProductsPrice Tag 1security breach linux

A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
5 - 10 min read Vendors/Products
30.Lock Globe Motherboard Esm H350
Security Trends Price Tag 1access control multi-tenant

Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
4 - 8 min read Security Trends
5.ShakingHands Esm H350
Vendors/ProductsPrice Tag 1incident response cloud security

Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
4 - 7 min read Vendors/Products
Filter Icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -2 articles for you...
83
10.FingerPrint Locks Esm H240
Price Tag 1open sourcethreat assessmentnpm

Over 700 Malicious Packages Discovered in npm and PyPI Registries

Security researchers have discovered another sizeable haul of malicious packages on the npm and PyPI open source registries, which could cause issues if unwittingly downloaded by developers. . In January, Sonatype said it found 691 malicious npm packages and 49 malicious PyPI components containing crypto-miners, remote access Trojans (RATs) and more. The discoveries by the firm’s AI tooling brings its total haul to nearly 107,000 packages flagged as malicious, suspicious or proof-of-concept since 2019. It includes multiple packages that contain the same malicious package.go file – a Trojan designed to mine cryptocurrency from Linux systems. Sixteen of these were traced to the same actor, trendava, who has now been removed from the npm registry, according to Sonatype. Separate finds include PyPI malware “minimums,” which is designed to check for the presence of a virtual machine (VM) before executing. The idea is to disrupt attempts by security researchers, who often run suspected malware in VMs, to find out more about the threat. . Experts in cybersecurity have discovered an extensive collection of more than 800 harmful open source libraries available on the npm and PyPI platforms.. Malicious Packages,Npm,Pypi,Open Source Threats,Security Research. . LinuxSecurity.com Team

Calendar 2 Feb 22, 2023 User Avatar LinuxSecurity.com Team Hacks/Cracks
83
11.Locks IsometricPattern Esm H240
Price Tag 1malwarepython packagessoftware supply chain

AWS Keys and Malware Exposed in PyPI Packages Raise Security Alerts

The Python Package Index, or PyPI, continues to surprise and not in a good way. Ideally a source of Python libraries that developers can include in their projects to save time, PyPI has again been caught hosting packages with live Amazon Web Services (AWS) keys and data-stealing malware. . Malicious packages are, sadly, nothing new for PyPI or for packaging systems like npm, RubyGems, crates.io, and the like. Supply chain attacks – via compromising software libraries or typosquatting – have been an issue for years, though one that has gotten more attention recently with incidents like the compromise of SolarWinds. Despite enhanced vigilance, these incidents still occur with alarming frequency. Just before the New Year, the maintainers of machine learning framework PyTorch warned that PyTorch-nightly, if installed on Linux via pip, included a compromised dependency available through PyPI called torchtriton . . New studies reveal that PyPI contains harmful packages embedded with AWS credentials and malicious software, prompting significant security alerts.. Python Package Index, Software Supply Chain Attacks, Malware Risks. . LinuxSecurity.com Team

Calendar 2 Jan 16, 2023 User Avatar LinuxSecurity.com Team Hacks/Cracks
Banner 3 1028x280 1708121785 1771599793
83
11.Locks IsometricPattern Esm H240
Price Tag 1open sourcelinuxmalicious package

241 Malicious Npm And Pypi Packages Downloading Cryptominers Threat

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. . These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers. Researchers have caught at least 241 malicious npm and PyPI packages that drop cryptominers after infecting Linux machines. These packages are typosquats of popular open source libraries and commands like React , argparse , and AIOHTTP , but instead, download and install cryptomining Bash scripts from the threat actor's server. On Wednesday, software developer and researcher Hauke Lübbers shared coming across " at least 33 projects " on PyPI that all launched XMRig , an open source Monero cryptominer, after infecting a system. . Over 250 nefarious npm and PyPI packages identified that install cryptominers via typosquatting on Unix-like operating systems.. Malicious Packages, Cryptominer Threat, Open Source Vulnerabilities. . LinuxSecurity.com Team

Calendar 2 Aug 23, 2022 User Avatar LinuxSecurity.com Team Hacks/Cracks
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here