Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 65 articles for you...
79
security advisorysecurity issuesLinux kernelLinux Kernel: Preparing for RNDIS Removal and Safer Alternatives
In the ongoing quest to enhance security and streamline functionality, the Linux kernel community increasingly focuses on potentially deprecated protocols that pose more harm than benefit. One such protocol is RNDIS (Remote Network Driver Interface Specification) , which has become the center of discussion among developers and security experts. Initially intended for handling virtual Ethernet over USB, RNDIS has consistently been plagued by vulnerabilities and fundamental security issues, making it a concern for modern Linux-based systems. . In this article, I'll explore the implications of the potential removal of RNDIS from the Linux kernel and safer alternatives to RNDIS, providing valuable insights on how it would impact the security and performance of our systems. Understanding RNDIS and Its Security Flaws Microsoft originally developed RNDIS to facilitate networking over USB. While it served its purpose for a time, especially when connecting Windows and Linux systems in earlier years, its security framework was never robust. The protocol suffers from vulnerabilities that cannot easily be mitigated, mainly due to its design not aligning with contemporary security standards. These vulnerabilities become particularly problematic when RNDIS is used in environments where untrusted devices might connect. The potential for exploitation is a genuine concern, and removing such an insecure protocol from the Linux kernel helps mitigate unnecessary risks. Understanding these flaws underscores the need to move away from RNDIS. Recent Developments and the Push for Removal The conversation around disabling and eventually phasing out RNDIS from the Linux kernel isn't new. However, recent patch updates have brought this issue to the forefront. Greg Kroah-Hartman, a key figure in the Linux kernel development community, has updated the "rndis-removal" branch within the USB.git repository, signaling a renewed urgency in addressing this obsolete protocol. While this branch hasn't yet been mergedinto the mainline USB "next" branch — which would make it part of the upcoming Linux kernel cycle — the fact that it's being actively considered means that change could be on the horizon. Security admins should anticipate that by early 2025, RNDIS drivers might be fully disabled if current efforts proceed as planned. This means proactive steps to identify and transition away from any dependencies on this protocol are not just recommended but essential. Examining RNDIS's Impact on Windows and Android Systems Traditionally, RNDIS has been necessary for Microsoft Windows systems, particularly those as old as Windows XP. However, modern Windows versions rely less on RNDIS due to alternative protocols and updated features that provide similar functionality without the associated security headaches. For Linux systems interacting with Windows, this shift minimizes the impact its removal might have. On the other hand, Android has not utilized RNDIS for several years. The Android ecosystem moved away from using this protocol as part of its goal to enhance security and reliability across devices. This acceptance of newer, more secure alternatives indicates that most systems can cope without RNDIS, even across different operating systems' connectivity needs. Ethernet-over-USB: A Safer Alternative to RNDIS Ethernet-over-USB is a safer alternative to Remote Network Driver Interface Specification (RNDIS) that mitigates the security risks arising from RNDIS' complex and less scrutinized code base. By contrast, Ethernet-over-USB (primarily when implemented using the CDC-ECM class) typically features a more straightforward implementation, thus minimizing its attack surface and making security audits more straightforward. Ethernet-over-USB works by encapsulating Ethernet frames within USB packets, enabling USB devices to interact like they were on an Ethernet network. This method takes advantage of its well-understood protocols for added reliability and security. To make the switch, admins canenable the USB CDC Ethernet driver (CDC-ECM) in their kernel configuration (CONFIG_USB_NET_CDCETHER). This can be done by navigating to the kernel configuration menu (usually through make menuconfig or a similar command) and enabling the appropriate settings. Once configured and compiled, you can load the driver and enjoy a more secure networking setup over USB. Staying Informed As the Linux community advances toward potentially removing RNDIS, staying informed becomes crucial. Administrators should monitor official Linux kernel communication channels and resources like LinuxSecurity.com to remain updated on this initiative's progress. This involves tracking changes within the kernel's repositories and engaging with the broader Linux community to gain insights and share experiences with others facing similar challenges. Beyond RNDIS: Embracing Secure Protocols The shift away from RNDIS represents a broader trend in the technology sector: the ongoing effort to adopt protocols that offer enhanced security features and align with modern industry standards. Security-minded organizations are increasingly looking to implement solutions that address vulnerabilities and protect sensitive data against emerging threats. This emphasis on security should drive admins to consider performing regular audits of their networks and protocols, seeking out potential weaknesses associated with RNDIS and across the organization's IT infrastructure. By being proactive and forward-thinking, security admins can ensure their systems are well-equipped to handle future challenges. Our Final Thoughts on Preparing for the End of RNDIS in Linux The potential removal of RNDIS from the Linux kernel marks a significant shift towards a more secure computing environment. While the conversations around this topic continue to evolve, Linux security administrators must start preparing for a future where RNDIS is obsolete. By understanding the reasons behind this move, assessing current dependencies, and exploring viablealternatives like Ethernet-over-USB , admins can ensure that their networks remain intact and secure. As with any operational transition, diligence, planning, and staying well-informed will be key to navigating this change successfully. Through collective efforts to adopt and implement secure protocols, the Linux community can continue to uphold the values of openness and collaboration without compromising security. . In this article, I'll explore the implications of the potential removal of RNDIS from the Linux kern. ongoing, quest, enhance, security, streamline, functionality, linux, kernel, community. . Brittany Day
Jan 03, 2025
•
Security Projects
210
critical updatesystem integritysecurity issuesExim 4.98 Critical Update Addresses SMTP Issues and Enhances Security
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of the Internet email infrastructure. . Its widespread adoption requires constant scrutiny and rapid responses to security flaws. Exim 4.98 was recently released, addressing a critical SMTP vulnerability and implementing necessary DKIM handling and SMTP security updates. This release reflects a solid effort to improve server integrity and reliability. To help maintain server performance and network integrity, I'll explain the recently found and fixed vulnerabilities in Exim, their impact, and how to determine if your version is vulnerable. I'll also walk you through the updates and fixes introduced in 4.98 and how to upgrade to secure your email server and Linux system. What Vulnerabilities Have Been Identified in Exim? Exim's older versions contained over 30 security vulnerabilities, which could have profound implications. Moreover, attackers could exploit SMTP smuggling to inject malicious commands into email content. This could have resulted in unauthorized access to the system or disruption of service. These vulnerabilities highlight the need for constant updates and monitoring systems that run on this MTA. Linux admins should be most concerned about how these vulnerabilities could impact their system and overall security. A breach can compromise sensitive data and damage the integrity of the services hosted by affected systems. What Versions Are Vulnerable & What Is the Impact of These Vulnerabilities? Exim versions before 4.98 were affected by the vulnerabilities that have been addressed. Linux administrators must check their current Exim version to identify any vulnerabilities. You can check this using the command exim-bV . Exim is vulnerable and outdated if the displayed version is lower than 4.98. The impact on systems that use compromised versions of Exim includes potential SMTP smuggling, attackers manipulatingemails to bypass security measures, and issues related to correctly handling DKIM-signed emails. These vulnerabilities can lead to systems being used as spammers or botnets , affecting server performance and network integrity. What Are the Main Fixes & Updates Introduced in 4.98? Exim 4.98 addresses the previously mentioned problems and makes significant improvements . The following is a list of critical fixes: SMTP Smuggling Prevention: Exim 4.98 will refuse certain inputs unless a server operates more securely. This change is intended to cut off possible exploit paths. Enhanced DKIM Handling: Recipient servers falsely flag fewer emails as risky by adding support for listing results within the dkim_status condition in ACL. Robust Error Handling: Instead of simply logging errors, Exim now responds with temporary rejections and wiping spool files if specific failures occur - a proactive management approach. TLS Resumption Fixes: These adjustments ensure secure emails are sent quickly and reliably, avoiding previous issues with load balancers. How Can I Upgrade to Exim 4.98? Upgrading to Exim's latest version is simple but essential for administrators. Exim is available in most Linux distributions through the standard package management system. To upgrade Exim, follow these steps: Backup Configuration Files: Before upgrading, always backup the current configuration files. Update Package Lists: Run sudo apt update or the appropriate command to refresh the list of packages. Upgrade Exim: Use sudo apt upgrade exim4 if you are using a RedHat-based distribution. Restart: Use sudo service Exim4 restart to restart the Exim Service after upgrading. This will ensure that all configurations and updates are in effect. Verify Upgrade: Recheck the version to confirm the upgrade. Linux admins must prioritize this update to protect their systems from attacks and performance issues. Regular monitoring of such updates and rapidresponse can help protect email infrastructures against potential threats and ensure a stable and secure service environment. Our Final Thoughts on the Significance of This Release Cyber threats are evolving, and so should our defenses. Exim 4.98 gives administrators the tools and improvements they need to combat critical vulnerabilities effectively. Prioritizing security improvements in critical infrastructures such as email servers is essential. This update is an excellent step in maintaining the robustness of today's digital communications networks. . Postfix 3.7 improves essential mail server protections, boosting safety and efficiency for users.. Exim Email Server, SMTP Vulnerability Fix, Email Security Improvements, Linux Email Systems. . Anthony Pell
Jul 24, 2024
•
Security Vulnerabilities
79
security advisorysecurity issuesdriver supportLinux Kernel: RNDIS Driver Support To Be Disabled Due To Security Concerns
With the next Linux kernel cycle we could see upstream disable their driver support for Microsoft's Remote Network Driver Interface Specification (RNDIS) protocol due to security concerns. . RNDIS is the proprietary protocol used atop USB for virtual Ethernet functionality. The support for RNDIS outside of Microsoft Windows has been mixed. RNDIS isn't widely used today in cross-platform environments and due to security concerns the upstream Linux kernel is looking to move the RNDIS kernel drivers behind the "BROKEN" Kconfig option so they effectively become disabled in future kernel builds. Ultimately once marked as "BROKEN" for a while, the drivers will likely be eventually removed from the upstream source tree. The link for this article located at Phoronix is no longer available. . Linux is considering the possibility of deactivating RNDIS drivers because of security vulnerabilities, leading to diminished support for this proprietary communication protocol.. Linux Kernel, RNDIS Protocol, Driver Support. . LinuxSecurity.com Team
Jan 13, 2023
•
Security Projects
79
Linux securitysecurity issuessoftware supply chainWolfi Linux Undistro: Innovating Software Supply Chain Security
Wolfi is a Linux undistro that focuses on resolving security issues with the software supply chain. Explore more here. . The software supply chain includes everything that goes into developing, building, storing, and running it and its dependencies. As per the State of the Software Supply Chain 2021 report , between 2020 and 2021 alone, attacks on the software supply chain increased by a shocking 650% . . Delve into Wolfi, a Linux variant uncoupling itself from traditional distributions while tackling pivotal security challenges within the software supply chain.. Wolfi Linux,Supply Chain Security,Undistro Solutions. . LinuxSecurity.com Team
Sep 30, 2022
•
Security Projects
83
malwaresecurity issuesbotnetKinsing Malware Targets Oracle WebLogic And Docker APIs For Crypto Mining
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. . Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as Security-Enhanced Linux ( SELinux ), and others. The operators behind the Kinsing malware have a history of scanning for vulnerable servers to co-opt them into a botnet, including that of Redis , SaltStack , Log4Shell, Spring4Shell, and the Atlassian Confluence flaw (CVE-2022-26134). The link for this article located at The Hacker News is no longer available. . Fortinet uncovers BlackMatter ransomware targeting VMware and Microsoft SQL Server for data encryption.. WebLogic Exploit, Cyber Threats, Cryptocurrency Mining, Kinsing Malware, Docker API Security. . LinuxSecurity.com Team
Sep 19, 2022
•
Hacks/Cracks
79
security issuescybersecurity initiativesoftware maintenanceGoogle's Open Source Crew Supports Critical Projects and Security
The Google Open Source Maintenance Crew will support under-resourced critical open-source products to fix security issues. . Google has created a new "Open Source Maintenance Crew" who will help upstream maintainers of critical open-source projects to handle bugs and patching processes. The new team is part of Google's contribution to the White House's push to improve cybersecurity in open source and protect software supply chains following the White House's January summit with major tech vendors , including Microsoft, Google, IBM and Amazon Web Services. . Google's Open Source Development Team seeks to improve assistance for vital projects while strengthening cybersecurity protocols.. Open Source Maintenance, Google Initiative, Cybersecurity Support, Critical Security Issues, Software Supply Chain. . LinuxSecurity.com Team
May 26, 2022
•
Security Projects
210
security risksecurity issueshardware threatMajor Hardware Threats: Understanding Meltdown And Spectre Risks
Meltdown and Spectre have raised awareness of the danger of hardware and firmware vulnerabilities. Here's a roundup of the ones that present the most significant threats. . In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors. Meltdown and Spectre were certainly not the first vulnerabilities to result from a hardware design decision, but their widespread impact sparked the interest of the security research community into such flaws. Since then, many researchers, both from academia and the private sector, have been studying the low-level operation of CPUs and other hardware components and have been uncovering more and more issues. . Meltdown and Spectre are major vulnerabilities affecting modern processors, exploiting speculative execution to compromise sensitive data and heighten security risks. Hardware Vulnerabilities, Meltdown Risks, Spectre Threats, Firmware Security. . Brittany Day
Jan 07, 2021
•
Security Vulnerabilities
79
security advisorysecurity issuessysadminSnyk: Security Issues In Docker Official Images Announced
Snyk is now checking Docker Official Images for security holes - helping protect sysadmins who grab container images for production without checking them for vulnerabilities first. . I love containers. You love containers. We all love containers. But our love for them blinds to us to the fact that we often don't really know what's running within them. In 2019, Snyk , an open-source security company, found that the "top 10 most popular Docker images each contain at least 30 vulnerabilities." Ouch. Snyk wasn't talking about security problems with container technology itself. Those problems, like 2019's runc security hole , the Docker and Kubernetes container runtime, do exist, and they're serious. But far more common are insecure applications within containers. Now, Snyk and Docker are partnering up to find and eliminate security problems in the Docker Official Images . . Aqua Security scans container images from Docker Hub for vulnerabilities, empowering IT professionals to enhance their container protection strategies.. Docker Image Security, Snyk Scan, Container Vulnerabilities, Sysadmin Tools, Docker Official Images. . LinuxSecurity.com Team
Oct 23, 2020
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More