Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 4 articles for you...
77
network monitoringmalwaresecurity threatBifrost Malware Targets Linux Servers With Deceptive Techniques
A new variant of Bifrost, a remote access Trojan (RAT), has been observed attacking Linux servers. The new variant, dubbed Bifrose, employs a deceptive domain name to evade detection. . Security researchers have stated, "The latest version of Bifrost reaches out to a command and control (C2) domain with a deceptive name, download.vmfare[.]com, which appears similar to a legitimate VMware domain." This is significant because it shows that attackers are getting more sophisticated in using socially engineered techniques to trick users. The use of this domain made domain name system (DNS) monitoring and blocking more difficult. To avoid detection, the malware also uses misleading domain names such as C2 instead of IP addresses. Why Is this Malware So Dangerous? The fact that stripped binaries were used indicates that the attackers employed this tactic to hinder analysis. This makes reverse engineering more difficult and time-consuming for security professionals. Additionally, it is concerning that researchers discovered that a malicious IP address hosts an ARM version of Bifrost, suggesting that attackers are attempting to increase the area of attack. These developments pose profound implications for Linux admins, infosec professionals, sysadmins, and internet security enthusiasts. These security practitioners must stay informed and prepared to defend against these types of attacks. They must be increasingly vigilant with system updates, network monitoring , staying up-to-date with the latest security patches , and access controls. It is important to be proactive in securing networks and systems against cyber threats. Our Final Thoughts on Bifrose Malware The new Bifrost malware targeting Linux servers employs enhanced deceptive tactics to infect systems and steal confidential information. The malware can bypass traditional security measures using typosquatting techniques, making it harder for even experienced security teams to detect and mitigate. With the rise of newly developedmalware using this deception, we must remain vigilant with our defensive measures. It is crucial for Linux admins, infosec professionals, internet security enthusiasts, and system administrators worldwide to actively look for and eliminate such malware to safeguard sensitive information and maintain the integrity of computer systems. . The latest iteration of Bifrost employs cunning strategies to avoid being spotted, specifically aiming at Linux systems, heightening the potential for security vulnerabilities.. Bifrost Malware, Linux Server Security, Remote Access Trojan. . Dave Wreski
Mar 02, 2024
•
Server Security
83
threatmalwarerootkitKrasue RAT: Remote Access Trojan Targeting Linux in Telecoms
Let me fill you in on a stealthy threat to Linux systems that has flown under the radar for nearly three years! A remote access trojan dubbed "Krasue" has been silently infiltrating Linux systems like yours, primarily targeting telecommunications companies since 2021. . It operates through a sophisticated rootkit including seven variants, each drawing its foundation from different open-source projects. This tricky technique allows the malware to adapt to different Linux kernel versions, making this malware highly difficult to detect and remove. Security researchers have said that the primary objective of the Krasue RAT is to maintain access to the host system. Krasue’s deployment strategy is unknown; possible approaches include credential brute-force assaults, exploiting vulnerabilities, or disguising distribution through unreliable sources that pretend to be trustworthy packages or binaries. So what can you do to stay safe against threats like Krasue? Ensure you have applied the latest patches released by your distro(s) to fix known vulnerabilities that malicious actors could exploit, and subscribe to our newsletters to stay updated on the latest security news, trends, and advisories impacting you. It's a dangerous digital world these days - stay informed and proactive to remain ahead of cybercriminals! . An advanced malware named Krasue targets Linux, exploiting vulnerabilities for remote access. Stay alert and secure!. Krasue RAT, Linux Intrusion, Cybersecurity Threats, Stealthy Malware. . LinuxSecurity.com Team
Dec 21, 2023
•
Hacks/Cracks
83
malwarebandwidth theftcyber threatAVrecon Remote Access Trojan Stealthily Infects 70,000 SOHO Routers
A stealthy Linux malware called AVrecon has been infecting over 70,000 small office/home office (SOHO) routers, creating a botnet primarily aimed at stealing bandwidth and operating as a hidden residential proxy service. . This malicious activity enables various criminal actions, including digital advertising fraud and password spraying. Despite its large scale, AVrecon has managed to evade detection since May 2021, making it one of the most significant botnets targeting SOHO routers to date. AVrecon, identified as a remote access trojan (RAT), successfully compromised over 70,000 Linux-based SOHO routers. However, the malware managed to bypass security detection for more than two years. At that time, it managed to infect only 40,000 devices into the botnet. According to The Hacker News, the threat actors behind AVrecon likely focused on exploiting vulnerabilities in SOHO devices that users were less likely to patch against common vulnerabilities and exposures (CVEs). This approach allowed the botnet to operate stealthily without causing noticeable disruptions or bandwidth loss for infected device owners. . AVrecon malware has infiltrated over 70,000 SOHO routers, enabling electronic deception and hidden activities. Discover the impacts of this security breach.. Linux Malware,Botnet Analysis,SOHO Router Threats,AVrecon Malware,Cybersecurity Risks. . LinuxSecurity.com Team
Jul 17, 2023
•
Hacks/Cracks
83
cyber threatmalware alertlinux routerGobRAT Malware Alert: Internet-Exposed Linux Routers Under Attack
Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center (JPCERT/CC) said in a report published today. . The compromise of an internet-exposed router is followed by the deployment of a loader script that acts as a conduit for delivering GobRAT, which, when launched, masquerades as the Apache daemon process (apached) to evade detection. The loader is also equipped to disable firewalls, establish persistence using the cron job scheduler, and register an SSH public key in the .ssh/authorized_keys file for remote access. GobRAT, for its part, communicates with a remote server via the Transport Layer Security ( TLS ) protocol to receive as many as 22 different encrypted commands for execution. The link for this article located at The Hacker News is no longer available. . Infiltration of unsecured wireless devices results in the spread of Raccoon Stealer malware throughout the United States.. Remote Access Trojan, Linux Router Attack, GobRAT Malware, Cyber Threat Japan, Golang Trojan. . LinuxSecurity.com Team
Jun 02, 2023
•
Hacks/Cracks
83
malwarecyber espionagethreat actorChinese Hackers Target Global Organizations With PingPull Malware
Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.' . PingPull is a RAT (remote access trojan) first documented by Unit 42 last summer in espionage attacks conducted by the Chinese state-sponsored group Gallium, also known as Alloy Taurus. The attacks targeted government and financial organizations in Australia, Russia, Belgium, Malaysia, Vietnam, and the Philippines. Unit 42 continued to monitor these espionage campaigns and today reports that the Chinese threat actor uses new malware variants against targets in South Africa and Nepal. The Linux variant of PingPull is an ELF file that only 3 out of 62 anti-virus vendors currently flag as malicious. . ShadowStrider is a covert surveillance tool employed in cyber espionage, now focusing on multinational corporations with innovative malware forms.. Linux Malware, Cyber Espionage, Remote Access Trojan, Chinese Hackers, PingPull. . LinuxSecurity.com Team
Apr 26, 2023
•
Hacks/Cracks
83
stealth tacticsremote access trojanmalicious dual-useStealthy Malware: StrRAT & Ratty Trojan Evasive Tactics
Threat actors have been leveraging polyglot and malicious Java archive files to distribute the StrRAT and Ratty remote access trojans to evade detection by security solutions, The Hacker News reports. . Deep Instinct researchers discovered that the StrRAT payload has been deployed in a campaign leveraging both JAR and MSI file formats, indicating potential execution via Windows and Java Runtime Environments. Meanwhile, a separate campaign involved the deployment of StrRAT and Ratty using the CAB and JAR polyglots, with URL shortening services rebrand.ly and cutt.ly leveraged to spread the artifacts, according to the report. . Cyber analysts from Deep Instinct focus on StrRAT and Ratty's innovative distribution strategies utilizing polyglots to evade detection by security solutions.. StrRAT Techniques, Polyglot Threats, Remote Access Trojans, Malware Distribution. . LinuxSecurity.com Team
Jan 19, 2023
•
Hacks/Cracks
83
malwarecyber attacknginxNginRAT Attack on eCommerce: Remote Access Trojan via Nginx
eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. “NginRAT essentially hijacks a host Nginx application to stay undetected. To do that, NginRAT modifies core functionality of the Linux host system. When the legitimate Nginx web server uses such functionality (eg dlopen), NginRAT intercepts it to inject itself.” . The threat received the name NginRAT, a combination of the application it targets and the remote access capabilities it provides and is being used in server-side attacks to steal payment card data from online stores. NginRAT was found on eCommerce servers in North America and Europe that had been infected with CronRAT , a remote access trojan (RAT) that hides payloads in tasks scheduled to execute on an invalid day of the calendar. . NginRAT infiltrates online retail platforms by masquerading as a genuine nginx operation, presenting a significant cybersecurity challenge to digital marketplaces.. NginRAT, eCommerce Security, Malware Threats, Remote Access Trojans, Nginx Servers. . LinuxSecurity.com Team
Dec 03, 2021
•
Hacks/Cracks
210
cybersecuritymalware analysisLinux threatLazarus APT Engages Linux Systems Utilizing Dacls Trojan Vulnerability
Security experts from Netlab 360 have uncovered a new Remote Access Trojan (RAT) used on Linux and Windows operating systems – currently being used in the wild by exploiting a known code execution vulnerability. Dubbed Dacls, the malware was in use since at least May this year and is attributed to the North Korean advanced persistent threat group Lazarus, also known as Hidden Cobra, Guardians of Peace, or Zinc. Learn more: . Netlab 360 researchers have found a suspicious .ELF file in at the end of October, and initially thought that it is a part of a malicious unknown botnet. However, a further investigation proved connections to the Lazarus APT: Lazarus hacking group is believed to be funded by the North Korean government and is responsible for such high-profile attacks like Sony's Operation Blockbuster in 2014,as well as a global outbreak of WannaCry ransomwareinfections in 2017. Although the APT is known to be leveraging already established malware like Trickbot or Mimikatz, it is also capable of creating its own RATs, as in the case withDacls. The link for this article located at 2 Spyware is no longer available. . Uncover the methods Lazarus employs with the Dacls malware to take advantage of weaknesses present in both Linux and Windows environments, along with the potential consequences.. Dacls Trojan, Lazarus APT, Linux malware, Remote Access Trojan, cyber threat. . Brittany Day
Dec 25, 2019
•
Security Vulnerabilities
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More