Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 23 articles for you...
83
cyber threatsapplication securitymalwareSnowblind Malware: Understanding Seccomp Threats in Financial Apps
Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware targets Android apps used for banking apps in Southeast Asia using an unconventional exploit method involving seccomp, a Linux kernel feature. Snowblind first surfaced through Promon partner i-Sprint's discovery and represents a significant shift in attack vectors in that region. . Let's examine this novel threat, how it works, and practical measures you can implement to mitigate risk. Understanding seccomp and Its Misuse To appreciate Snowblind fully, it is necessary first to understand seccomp . Short for "secure computing mode," this Linux kernel security facility restricts what system calls applications can execute - significantly reducing its attack surface by placing applications within a secure sandbox where only approved system calls may be executed. Introduced in 2005 and expanded further in 2012 with seccomp-bpf to enable more complex filtering rules through Berkeley Packet Filters (BPF) , seccomp has proven its worth as an application-level security feature since Android version 8 (Oreo). Seccomp now prevents apps from making particular off-limit system calls, thus protecting against potential exploits. Snowblind is the first recorded seccomp instance deployed as an attack vector. Instead of serving as an effective protection measure, seccomp is being leveraged as a weapon by clever malware that subverts established anti-tampering mechanisms like repackage detection, integrity checks, and obfuscation by exploiting seccomp's robust control over system calls. Snowblind's Operational Mechanics Snowblind works by infiltrating applications with malicious payloads and then repackaging them for distribution to users and security measures alike. Unlike other malware that directly modifies app code or works within virtualized environments, Snowblind uses seccomp to bypass defenses unnoticed. It alters host application filters to allowmalicious system calls while maintaining normal operations in terms of users and security measures. The risk in taking this approach lies in its subtlety and effectiveness: malware does not need to perform complex hacks on an app's functionality. Instead, it modifies runtime environment rules, making detection particularly challenging. Snowblind's primary targets are banking applications in Southeast Asia and their users. While its effect may seem limited in scope, using seccomp as an attack tool could inspire similar tactics globally and pose an existential threat to Android users worldwide. How Can I Combat Seccomp-based Threats? Understanding and countering this new threat requires several strategic and technical measures: Regular App Audits and Updates: It is vital to ensure that applications are regularly scanned for anomalies and updated to incorporate security patches. Enhance Application Behavior Monitoring: Implement tools that track and log runtime application behaviors, with particular attention paid to system call manipulation. Robust seccomp Profile Management: When setting up seccomp profiles, ensure they are as restrictive as possible regarding system calls allowed and that once set, they are inviolate. Educate Developers and Users: Raise awareness about this newly discovered exploit by teaching developers to employ safe coding practices while encouraging users to install apps from trusted sources. Our Final Thoughts on the Significance of Snowblind Malware Snowblind has transformed the cyber threat landscape by exploiting an integral security feature to launch system-level attacks. As attackers become more sophisticated in exploiting system components for breaches, cybersecurity must keep pace by being proactive and informed about implementing security measures. Adopting advanced technologies and strategies that anticipate and counteract emerging threats is vital against such innovative attacks. . The rise of Snowblind malware unveilssignificant security issues within the digital world, exploiting vulnerabilities via stealthy tactics to remain undetected. Snowblind Malware, Android Security, Seccomp Exploitation. . Anthony Pell
Jun 27, 2024
•
Hacks/Cracks
210
security advisoryremote exploitDebianHAProxy: Critical Risk Advisory - Remote Data Leak Threat
It was discovered that the HAProxy load balancing reverse proxy incorrectly handled URI components containing the hash character ( CVE-2023-45539 ). This vulnerability is very straightforward for a remote attacker to exploit and severely threatens impacted users’ sensitive information, making it among the worst bugs we’ve seen in a while! . How Do These Vulnerabilities Affect Linux Systems & What Can You Do to Stay Safe? With over 44% of the proxy server market share, this flaw has a widespread impact on Linux users’ security. A remote attacker could easily exploit this bug to steal impacted users’ sensitive data. An important HAProxy update has been released to mitigate this severe bug. Given this vulnerability's damaging repercussions on impacted systems, if left unpatched, we urge all affected users to apply the updates issued by Debian , Debian LTS , SUSE , and Ubuntu immediately to protect against data leakage. To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on X for real-time updates on advisories for your distro(s) . . Remain informed about the HAProxy vulnerability and protect confidential information by implementing essential updates for improved security.. HAProxy Exploit, Linux Security Updates, Remote Data Theft. . Brittany Day
Dec 31, 2023
•
Security Vulnerabilities
82
security advisoryopen-sourcerisk mitigationGovernment Advisory for Healthcare on Open-Source Threats
The government's warning to the health sector to watch for open-source threats has long been on the radar of the IT industry. Open-source software, which is free to use, can be a great tool for organizations that need to scale quickly or don't have the budget for proprietary software. However, using it has inherent risks, and no one knows that better than the government. . The government says that open-source security vulnerabilities can allow hackers access to systems and networks and cause damage that could cost millions of dollars in damages and lost data or productivity. They also say that hackers could use these vulnerabilities as entry points into other parts of an organization's network or infrastructure. The government is trying to help by offering guidance on how to mitigate these risks and what steps should be taken if you suspect an open-source vulnerability may have compromised your system. Healthcare organizations should be aware of these issues when choosing software solutions and ensure they have proper security measures before implementing them into their systems. If this advice is followed, choosing open-source software solutions over proprietary alternatives can have significant security benefits. Check out the article linked below for more details on the government's warning and advice for mitigating risk. . Authorities encourage the medical field to tackle dangers associated with publicly available software to avert expensive information leaks.. Open Source Threats, Healthcare Security, IT Vulnerabilities. . Brittany Day
Dec 09, 2023
•
Government
76
open sourcesoftware developmentrisk mitigationOpenSSF Scorecards: Improving Open Source Security Best Practices
There is no shortage of challenges when it comes to securing open source software and no shortage of ideas for how to mitigate risks. . It is the stated mission of the OpenSSF (Open Source Security Foundation ) to help improve the state of open source security, and that is precisely what it is doing. The OpenSSF is part of the Linux Foundation and has multiple ongoing efforts across different aspects of the software development lifecycle. On September 7, 2022 the organization announced the latest iteration of its Scorecards effort, an initiative designed to help open source projects and their users identify the state of security within a project. The updated scorecards come a week after the OpenSSF issued new guidance and best practices on how to secure npm , which is a widely used, and often abused, open source package management system for JavaScript. . The Open Software Security Foundation focuses on bolstering the safety of open source by revising evaluation metrics and guidelines for development initiatives.. Open Source Security, Security Practices, OpenSSF Scorecards. . Brittany Day
Sep 14, 2022
•
Organizations/Events
76
risk mitigationsoftware securityvulnerability managementOpenSSF Grows Security Efforts Welcoming New Contributors Like Canonical
The Linux Foundation's Open Source Security Foundation (OpenSSF) looks to jointly mitigate risks inherent to the open-source style of development, and the foundation just announced that a total of 16 new contributors have joined OpenSSF including Canonical, Facebook, Samsung, Huawei Technologies, and more. . Security has always been of utmost importance to the entire open source ecosystem. Eric S. Raymond, one of the luminaries of the open source movement, in his famous essay, Cathedral and the Bazaar, wrote “given enough eyeballs, all bugs are shallow.” While still true, the complexity of software, and the increasing number of collaborators, puts an increasing onus on the eyeballs hunting for vulnerabilities. In addition to well-defined security policies at a project level, virtually all of the top organisations that contribute to open source software have security initiatives of their own. . Protection is crucial within the open-source community, with emerging programs bolstering efforts to address weaknesses.. Open Source Security, Software Risk Management, Vulnerability Mitigation. . Brittany Day
Oct 30, 2020
•
Organizations/Events
82
cybersecurityrisk mitigationsecurity frameworkDHS Announces New National Cybersecurity Strategy For Risk Mitigation
The Department of Homeland Security (DHS) unveiled on Tuesday, 14 May, a new national strategy to be implemented to address evolving cybersecurity risks. The DHS strategy outlines strategic and operational goals and priorities to successfully execute the full range of the DHS secretary’s cybersecurity responsibilities.. “The strategy is built on the concepts of mitigating systemic risk and strengthening collective defense,” Homeland Security Secretary Kirstjen Nielsen said Tuesday as reported by The Hill. “Both will inform our approach to defending U.S. networks and supporting governments at all levels and the private sector in increasing the security and resilience of critical infrastructure.” The link for this article located at InfoSecurity is no longer available. . “The strategy is built on the concepts of mitigating systemic risk and strengthening collective de. department, homeland, security, (dhs), unveiled, tuesday, national, strategy. . Brittany Day
May 17, 2018
•
Government
76
data analysisenterprise securityrisk mitigationUnderstanding Human Shortages In Security Alerts And Their Effects
Security's heavy reliance and emphasis on technology--due to both its heritage and the reality of a shortage of manpower--is part of the reason attackers are getting the upper hand, experts said here this week. . A lack of security humans to connect the dots from the abundance of security alerts and data generated by various security tools in the enterprise can easily lead to a needle-in-the-haystack "fail." Target's dismissal of real alerts amid the piles of false positives it had to cull through has become a cautionary tale of just how challenging it is to parse security data today.. Tackling the shortage of security personnel to handle excessive notifications and enhance information assessment within organizations.. Security Alerts Management, Data Analysis, Enterprise Security. . Dave Wreski
May 07, 2015
•
Organizations/Events
67
security advisoryOpenSSLcritical patchRHEL: Critical OpenSSL Patches Needed Now to Mitigate Serious Risks
At first glance, you might not think that the latest set of OpenSSL security patches are that important. Sure, there's a dozen of them and two are serious, but are they really that bad? Yes, actually they're not just bad, they're awful.. True, some operating systems, such as Red Hat Linux Enterprise (RHEL), aren't greatly impacted by these latest problems. But if you're using any operating system that uses OpenSSL 1.0.2 or OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8, it's another story. The link for this article located at ZDNet Blogs is no longer available. . Multiple platforms are providing essential updates for OpenSSL; take immediate action to safeguard your infrastructure and reduce vulnerabilities.. OpenSSL Patches, RHEL Security, Critical Updates, Risk Mitigation. . LinuxSecurity.com Team
Mar 19, 2015
•
Cryptography
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More