Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
212
kernel securityprocess monitoringruntime protectionHow Kernel Security Features Enhance Process Monitoring in Kubernetes
The large attack surface of Kubernetes’ default pod provisioning is susceptible to critical security vulnerabilities, some of which include malicious exploits and container breakouts. I believe one of the most effective workload runtime security measures to prevent such exploits is layer-by-layer process monitoring within the container. . It may sound like a daunting task that requires additional resources, but in reality, it is actually the opposite. In this article, I will walk you through how to use existing Linux kernel security features to implement layer-by-layer process monitoring and prevent threats. Containerized workloads in Kubernetes are composed of numerous layers. An effective runtime security strategy takes each layer into consideration and monitors the process within each container, also known as process monitoring. . Explore the role of Linux kernel security features in enhancing process oversight within Kubernetes environments, elevating container safety measures.. Kernel Security, Kubernetes, Process Oversight, Container Monitoring, Runtime Security. . Brittany Day
Jan 06, 2023
•
Cloud Security
212
runtime protectionmalware riskscontainer securityExploring Container Security Risks: Prepare for Emerging Threats
Container technology adoption has experienced a rapid upward surge over the past few years. But now that it has gained a serious foothold in the enterprise, questions are beginning to arise about container security. Perhaps the fundamental question is, just how secure are containers? . Most seem to think containers are secure; that they somehow contain magical powers when it comes to malware protection. But Dan Walsh, a Senior Engineer at Red Hat , says IT managers need to stop assuming that Docker and the Linux kernel protect you from malware. Unfortunately, few appear to have heeded that warning. The 2021 Cloud Native Security Survey by Aqua Security found only 3% of respondents recognized that a container, in and of itself, was not a security boundary. Only 24% of respondents had plans in place to deploy the necessary building blocks for runtime security. . A common belief is that cloud services are invulnerable, yet specialists warn about flaws and misunderstandings in cloud security practices.. Container Security, Runtime Protections, Cloud Native Threats, Docker Security, Malware Risks. . Brittany Day
Aug 17, 2021
•
Cloud Security
78
security enhancementrisk mitigationruntime protectionWireX FormatGuard 1.0 Runtime Protection Against Printf Flaws
WireX is pleased to announce the broad release of FormatGuard 1.0, the latest member of the Immunix security tool suite. Similar to StackGuard , FormatGuard provides run-time protection against printf format string vulnerabilities.. . .. WireX is pleased to announce the broad release of FormatGuard 1.0, the latest member of the Immunix security tool suite. Similar to StackGuard , FormatGuard provides run-time protection against printf format string vulnerabilities. FormatGuard's basic mechanism is to transform printf (and friends) into a CPP macro. The macro uses CPP tricks to count the actual number of arguments presented to printf, and then calls a wrapped printf that parses the format string, and compares the number of % directives to the argument count. If there are more % directives than actual arguments, then a printf format string is deemed to be in progress, a syslog entry to that effect is generated (including the name of the function with the bogus printf call) and the program aborts. This method was originally proposed by Mike Frantzen refined by Jamie Lokier https://gcc.gnu.org/legacy-ml/gcc/2000-09/msg00604.html and implemented by WireX. A brief description of FormatGuard can be found here FormatGuard is described at length in a paper that will be presented at USENIX Security 2001, August, Washington DC https://www.usenix.org/legacy/events/sec01/ Preprints of the paper are available here FormatGuard is implemented as an enhancement to glibc, providing the printf-family of macros in stdio.h and the wrapped functions as part of glibc. As such, FormatGuard is distributed under glibc's LGPL. Source can be downloaded here Despite being packaged as a library, programs only get FormatGuard protection if they are re-compiled with FormatGuard. The resulting binaries only run when statically or dynamically linked to the FormatGuard version of glibc. WireX's Immunix OS 7.0 Linux distribution has been completely built with FormatGuard (as well as StackGuard) and is available forpurchase here We have extensively measured and tested FormatGuard, running it on our servers and workstations for the last several months. The performance impact of FormatGuard is negligible, always below 2%. We have tested the security effectiveness of FormatGuard against real vulnerabilities and live exploits, and found it to be effective. The primary limitation is programs that either make direct calls to vsprintf with hand-constructed varargs argument stacks, or call printf-like functions in non-glibc libraries such as GLib (part of GTK). Details are provided in the USENIX Security paper Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: https://8xbetvnn.bet/ Available for purchase: . Unveil the launch of CodeShield 1.0 by TechSecure, strengthening defenses against injection vulnerabilities.. FormatGuard, Printf Flaw Protection, Immunix Security, glibc Enhancement, Runtime Security. . LinuxSecurity.com Team
May 28, 2001
•
Vendors/Products
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More