Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 16 articles for you...
78
security advisorysoftware updateantivirusCisco: CVE-2023-20032 Critical: ClamAV Remote Code Execution Threat
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. . Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Google security engineer Simon Scannell has been credited with discovering and reporting the bug. "This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write," Cisco Talos said in an advisory. "An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device." The link for this article located at The Hacker News is no longer available. . Serious vulnerability in ClamAV opens the door for remote code execution threats; Cisco has released a security patch to protect affected systems.. ClamAV Remote Execution, Cisco Security Update, Antivirus Vulnerability, Open Source Security. . LinuxSecurity.com Team
Feb 20, 2023
•
Vendors/Products
210
security advisoryremote executioncritical flawLinux Kernel: Critical Flaw Impacting SMB Servers with KSMBD Enabled
Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. . A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. An unauthenticated, remote attacker can execute arbitrary code on vulnerable installations of the Linux Kernel. The flaw resides in the processing of SMB2_TREE_DISCONNECT commands. “This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.” reads the advisory published by ZDI. “The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel.” . A severe flaw in the Linux kernel (CVSS rating of 10) puts SMB servers that utilize ksmbd at risk of distant data corruption.. Linux Kernel Flaw, SMB Server Threat, Remote Code Execution, KSMBD Vulnerability. . Brittany Day
Jan 19, 2023
•
Security Vulnerabilities
210
security advisorycriticalremote executionLinux 5.15: Critical Remote Execution Risk Due to Kernel Bug
Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. . Yes, this sounds bad, and a score of 10 isn't reassuring at all. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread. Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15 . Disclosure was responsibly held until a patch was issued. Unlike that other popular SMB server for Linux, which runs in userspace, ksmbd operates in the kernel. That triggered alarm bells among some users discussing its merge last year. . Linux admins, critical holiday alert: a CVSS 10 kernel vulnerability has been found, allowing remote code execution. Patch your systems urgently to prevent exploitation. Kernel Bug, Linux Admins, Remote Execution, Critical Security Issue. . Brittany Day
Dec 28, 2022
•
Security Vulnerabilities
210
security advisoryremote executionunauthenticated accessIBM Data Risk Manager Advisory: Critical Flaws Enable Remote Root Exec
IBM has admitted to making 'a process error, improper response' to a bug report that identified four vulnerabilities in its enterprise security software, and the tech giant plans to issue an advisory. . IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure. At least some versions of the Linux-powered suite included four exploitable holes, identified and, at first, privately disclosed by security researcher Pedro Ribeiro at no charge. Three are considered to be critical, and one is high risk. The software flaws can be chained together to achieve unauthenticated remote code execution as root on a vulnerable installation, as described in an advisory Ribeiro published today on GitHub. . Critical vulnerabilities in IBM Data Risk Manager have surfaced, tied to remote execution flaws due to unexpected response anomalies. Discover these security risks and their impacts. IBM Data Risk Manager, security vulnerabilities, remote code execution, data risk management, enterprise security. . Brittany Day
Apr 22, 2020
•
Security Vulnerabilities
210
security advisorycriticalremote executionOpenSMTPD Critical Exploit: Remote Code Execution Threat to Linux Distros
Server-side exploitation is possible when the attacker connects to the OpenSMTPD server and sends an email that creates a bounce. When OpenSMTPD connects back to deliver the bounce, the attacker can take advantage of the client-side vulnerability. . Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system. OpenSMTPD is present on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS). The link for this article located at Bleeping Computer is no longer available. . Recent security flaw in OpenSMTPD introduces potential for remote code execution, creating significant risks for Linux operating platforms.. OpenSMTPD Vulnerability, Remote Code Execution, Email Server Threats. . Brittany Day
Feb 27, 2020
•
Security Vulnerabilities
210
security advisorycode executionbug fixPHP 7 Remote Execution Bug Fix: Critical Patch For Nginx Users
The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language. Get the details: . The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language, possibly allowing attackers to take over any site running the code remotely. PHP is a common programming language used to run dynamic websites. It operates everything from online forums to ecommerce systems. The bug, found in version 7 of PHP, only affects instances running the PHP FastCGI Process Manager (PHP-FPM) , which is an alternative implementation of a standard PHP module called FastCGI. It lets an interpreter outside the web server execute scripts. The process manager version includes some extra features to support high-volume websites. For the bug to work, the website must also be running the Nginx web server, which runs on around one in every three websites, according to W3techs . The link for this article located at Naked Security is no longer available. . The PHP development team has addressed a critical vulnerability revealing potential remote code execution risks, affecting websites that utilize Nginx in conjunction with PHP-FPM.. remote Code Execution, PHP-FPM, Nginx Exploit. . Brittany Day
Oct 29, 2019
•
Security Vulnerabilities
210
security advisoryremote executionexploitationJoomla: Security Advisory for Remote Code Execution in Older CMS Versions
Are you a Joomla user? Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites. Learn more in a great ZDNet article: . The vulnerability was discovered by Italian security researcher Alessandro Groppo of Hacktive Security, and impacts all Joomla versions from 3.0.0 to 3.4.6, released between late September 2012 to mid-December 2015. The vulnerability is trivial to exploit, and proof-of-concept exploit code has been published online. It's a PHP object injection that can lead to remote code execution (RCE) under certain scenarios. For example, it can be exploited via the Joomla CMS' login form and can allow attackers to execute code on the site's underlying server. The link for this article located at ZDNet is no longer available. . A serious remote code execution vulnerability in Joomla CMS versions 3.0.0 to 3.4.6 has been discovered, requiring immediate attention.. joomla, details, published, online, about, vulnerability, older. . Brittany Day
Oct 08, 2019
•
Security Vulnerabilities
77
security practicesremote executionsecurity toolsBad Practices in Windows Admin Credential Management and Security Tools
Just a quick reminder about some bad practices while handling Windows Administrator credentials. I'm constantly changing my hunting filters on VT. A few days ago, I started to search for files/scripts that use the Microsoft SysInternals tool psexec[1]. . For system administrators, this a great tool to execute programs on remote systems but it is also used by attackers to pivot internally. This morning, my filter returned an interesting file with a VT score of 11/66. The file is a compiled AutoIT script. This kind of malicious files is coming back via regular waves[2]. AutoIT executable can be easily decompiled. To achieve this, I'm using Exe2Aut.exe[3]. This tool has not been updated for a while but is still doing a good job.. To maintain security, enforce strong password policies, utilize Role-Based Access Control (RBAC), and implement Multi-Factor Authentication (MFA) for Windows Admins. Administrator Practices, Remote Execution Security, Bad Credential Management. . LinuxSecurity.com Team
Mar 20, 2018
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More