Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 24 articles for you...
210
DoS issuesecurity threatsecurity measureAddressing RCE and DoS Threats: Strategies for Linux Security
Linux is a powerful operating system that forms the backbone of numerous servers, workstations, kiosks, and embedded devices worldwide. It accounts for approximately 3.08% of all operating systems in use globally. Given its critical role in infrastructure and technology, ensuring the security of Linux environments is paramount. However, the reality is challenging; over the past five years, more than 1,050 cybersecurity vulnerabilities have been identified in the Linux kernel. . In this article, we’ll focus on the types of Linux vulnerabilities you should be familiar with, such as KSMBD file server module vulnerability , their implications, and effective mitigation strategies. Understanding Linux Vulnerabilities In cybersecurity, a vulnerability refers to a weakness in an asset, process, or software that a threat actor can exploit. Vulnerabilities increase the risk of adverse outcomes, including data breaches, system downtime, and loss of sensitive information. Understanding these vulnerabilities is crucial for organizations aiming to secure their Linux environments against growing cyber threats. Common Types of Linux Vulnerabilities As one of the world's most widely used operating systems, Linux underpins many critical systems, from web servers and data centers to embedded devices and cloud infrastructure. Its versatility and open-source nature make it popular among businesses and developers. However, with its growing prominence comes an increasing risk of cyber threats targeting Linux environments. The security of Linux systems is paramount to protect sensitive data and maintain operational integrity, ensure compliance with regulatory requirements, and safeguard organizational reputation. Here are some of the types of security vulnerabilities you should know: Denial of Service (DoS) Vulnerabilities Denial of Service (DoS) vulnerabilities are attacks that aim to render services unavailable to legitimate users. This is typically accomplished by overwhelming targetsystems with excessive traffic or exploiting weaknesses that cause crashes. For example, a DoS attack may prevent customers from accessing a banking application, resulting in significant disruption and potential financial loss. DoS attacks can be categorized based on their execution method. Common forms include: Ping of Death: Sending malformed packets to crash a target system. Buffer Overflow: Exploiting a program's memory allocation errors to execute arbitrary code. SYN Flood: Initiating multiple TCP connection requests without completing them, consuming server resources. Remote Code Execution (RCE) Vulnerabilities Remote Code Execution (RCE) vulnerabilities are among the most severe security issues. They allow attackers to run malicious code on a target system from a distance. Such vulnerabilities can lead to full-scale breaches, enabling attackers to take complete control of web servers and other critical infrastructure. The consequences of RCE can be devastating, including unauthorized access to sensitive data and the potential for widespread disruption. Historical Context of Linux Vulnerabilities According to the Linux Foundation’s Linux Kernel History Report published in 2020 , the Linux kernel has found applications in various sectors, including medical devices, autonomous vehicles, and aerospace technologies. The report highlights the annual increase in contributions to the Linux kernel, with over ten commits per hour on average. This robust development ecosystem is essential for continuous improvement, but it also means that vulnerabilities can emerge as new features are integrated. Analyzing Prominent Vulnerabilities Recent telemetry analysis reveals several vulnerabilities that have been significantly exploited. Among them, the following Common Vulnerabilities and Exposures (CVEs) stand out: CVE-2021-44228 : Known as the Apache Log4j vulnerability, this critical flaw has a severity score of 10 in the Common Vulnerability Scoring System(CVSS). CVE-2017-12611 and CVE-2018-11776 : Vulnerabilities associated with Apache Struts that have been widely exploited. CVE-2018-15473 : An OpenSSH vulnerability that impacts all Linux and Unix platforms. Strategies for Mitigating Linux Vulnerabilities Organizations must adopt proactive and comprehensive strategies to combat the ever-evolving landscape of Linux vulnerabilities. Effective mitigation starts with understanding the potential threats you face and implementing robust security measures, such as those we will discuss below. Vulnerability Prevention and Reduction Implementing effective vulnerability prevention strategies is crucial. This includes minimizing the attack surface by only installing necessary software and services. A minimal installation approach ensures that only essential processes are running, reducing potential entry points for attackers. Enable kernel hardening options such as stack canaries, ASLR (Address Space Layout Randomization) , and control flow integrity to further fortify the kernel against both known and unknown security threats. Conduct regular system audits and employ intrusion detection systems (IDS) to promptly identify and respond to suspicious activities. Code Auditing and Development Practices Incorporating rigorous code auditing practices for software development organizations can significantly reduce the likelihood of introducing vulnerabilities. Code auditing tools, such as linting utilities, can help identify potential issues early in development. Developers should be encouraged to use established security libraries and frameworks that minimize common coding pitfalls. Firewalls and Traffic Filtering Network security can be improved through effective traffic filtering mechanisms. Configuring local firewalls to only allow necessary services can drastically reduce threat exposure. While firewalls provide an initial layer of defense, they should be complemented with web application firewalls (WAFs) to filter and monitorHTTP traffic to web applications, further protecting against application-layer attacks. Regular Patch Management Maintaining an up-to-date Linux environment is critical for mitigating vulnerabilities. Regular patch management ensures that known security flaws are addressed promptly. Organizations should establish a routine for monitoring updates and deploying patches, particularly for critical components like the Linux kernel and frequently used applications. Comprehensive Security Audits Conducting comprehensive security audits regularly helps organizations identify potential vulnerabilities within their systems. These audits can include network scanning, penetration testing, and configuration reviews. Engaging with external cybersecurity experts can provide valuable insights into existing vulnerabilities and help develop tailored remediation strategies. Employee Training and Awareness Human error remains one of the leading causes of security breaches. Educating employees about the importance of cybersecurity, recognizing phishing attempts, and adhering to best practices can significantly mitigate risks associated with social engineering attacks. Implementation Of Mitigation Strategies As organizations increasingly rely on Linux systems for their critical operations, the importance of robust security measures cannot be overstated. With the growing number of cyber threats explicitly targeting Linux environments, implementing effective mitigation strategies is essential. The rationale behind minimal installations is straightforward: the fewer applications and services running on a system, the fewer vulnerabilities can be exploited. For instance, a server configured to run only the necessary web services without additional software minimizes exposure to threats inherent in unneeded applications. This approach enhances security and improves system performance as resources are allocated more efficiently. Our Final Thoughts on Combating Linux Vulnerabilities Thedigital ecosystem is constantly shifting, driven by technological advancements, user behavior changes, and the increasing complexity of IT environments. Cyber threats have become more sophisticated, with attackers employing various tactics that exploit operating systems, applications, and network infrastructure vulnerabilities. As a foundational technology for many organizations, Linux is not immune to these threats. As cybercriminals develop new techniques to breach defenses, the importance of staying informed about these evolving threats cannot be overstated. Continuous education and adaptation remain vital in safeguarding Linux systems against emerging vulnerabilities. . Linux, widely used in server settings, has vulnerabilities that must be addressed. Key categories include kernel bugs, package management flaws, configuration issues, and more. Linux vulnerabilities, mitigation techniques, RCE threats, DoS attacks, security practices. . Brittany Day
Oct 07, 2024
•
Security Vulnerabilities
77
malwaresecurity measurebotnetNoaBot: SSH Brute-Force Attack on Linux Servers - Cryptomining Risk
Over the last year, a new botnet slowly grew by brute-forcing SSH passwords and installing cryptomining malware onto Linux servers. The main client of the botnet is based on an old Mirai virus whose source code was available for many years. However, researchers have seen that the same group has also used the more recent P2PInfect malware, which exploits Redis instances. . According to security researchers, the botnet began in January 2023. However, it has grown significantly since then, reaching its peak last month. More than 800 unique IPs from around the globe that showed signs of NoaBot infection were recorded, with 10% of those being based in China. The researchers said that the malware uses a simple SSH credential dictionary attack to move laterally. Restricting internet SSH access greatly reduces the risk of infection. The use of strong passwords (not the default or randomly generated ones) also helps to secure your network since malware is able to guess passwords from a list. Modified Mirai Scanner Targets SSH Mirai is a self-propagating DDoS Botnet that first appeared in 2016. It was designed to infect embedded network devices using Telnet dictionary attacks and vulnerability exploits. The botnet was known for being the source of some of the biggest DDoS attacks on the internet. In recent years, the Mirai codebase, which includes a scanning module to propagate, an attack module, and persistence code used to hide botnet processes, has inspired many other Linux self-propagating botnets. Some focused on DDoS , while others were cryptomining. NoaBot was developed by NoaBot creators, who took Mirai's source code and made some significant changes. They replaced the Telnet scan with an SSH scan. It makes sense because embedded devices that still use Telnet for command-line debugging and administration are not good targets for cryptomining. This is due to the limited computing power of these devices. Linux servers, on the other hand, are good targets and more likely to beSSH-enabled. SSH dictionary attacks, where an attacker tests predefined usernames and passwords, are not new. They are easy to defend against if you follow best security practices, such as using SSH key-based authentication and disabling password authentication. The servers that were compromised by NoaBot would be considered low-hanging fruits from a security standpoint. It wouldn't surprise us if the servers had already been infected with malware. NoaBot SSH scan has a clear signature because the botnet client will send the message "hi" when an address accepts an SSH. This isn't a valid SSH Command, and there isn't a practical reason to send this. Therefore, it can be used as a firewall signature. NoaBot has also been modified by changing its compiler from GCC (to uClib) to significantly alter the binary code, allowing it to be detected differently than Mirai. It also added command-line arguments to enable various functionalities. The bot, for example, can include an attacker-controlled SSH key to ensure persistence, even if password authentication is disabled. It also acts as a backup by downloading and adding additional binaries, and it adds an entry in crontab to ensure that it starts up after reboot. This persistence mechanism's command-line flag is "noa," which inspired the name of the Botnet. Researchers found signatures for "noa" in antivirus engines, which indicates that it is a common prefix. Cryptominer Modification and P2PInfect Connection The cryptomining component of the NoaBot is XMRig. This is an open-source, widely used cryptocurrency miner that is popular among attackers. Akamai researchers claim that the NoaBot creators modified the XMRig program code to conceal and encrypt the configuration. This included the IP address of the mining pool, where the attackers collect their cryptocurrency. "We believe the threat actors have chosen to run their private pool rather than a public pool. This eliminates the need to specify the wallet (their pool and theirrules! Researchers said. The researchers said, "In our samples, we noticed that the miner's sites were no longer resolvable with Google's DNS. We can't prove our theory or collect more data because the domains are unresolved." There haven't been any recent incidents that drop the miner. It could be that the threat actor decided to leave for "greener pastures." Researchers are confident that the same authors also use a customized version. This self-replicating virus appeared in July, and it is written in Rust. The NoaBot code also included some P2PInfect samples that contained inside jokes and text. P2PInfect uses a Lua flaw to compromise Redis instances, which is an in-memory system. variants may also contain an SSH scan. This group of attackers is not sure why they switched from Mirai, which was a more customized creation, to P2PInfect. Or if they're using both at the same time. Researchers said that custom code was more difficult to reverse-engineer than repurposed codes because it has been modified. Second, since the threat actors are tech-savvy, they may try to develop malware out of boredom or curiosity. P2PInfect is a tool that targets Redis servers. It could be different tools being used for different purposes. How Can I Secure My Servers Against This Threat? To protect against this threat and enhance the security of your servers, SSH access should be restricted to trusted IP addresses, and key-based authentication is recommended as part of SSH hardening. Have additional questions about securing your Linux servers? Please reach out to us on X @lnxsec - we're here to help! Stay safe out there, fellow Linux users! . Digital threat WatchDog focuses on Linux servers through SSH brute-force intrusions, signaling analysts about the potential for illicit cryptomining activities.. NoaBot Threat, SSH Attack Prevention, Cryptomining Botnet, Linux Security Practices, Mirai Malware. . LinuxSecurity.com Team
Jan 10, 2024
•
Server Security
79
system monitoringsecurity measureopen source toolGoogle Introduces USB Keystroke Protection Tool for Linux Users
A day after researchers declared Linux having more vulnerabilities than Windows, Google now makes a free tool to be used by Linux systems to avoid potential USB keystroke attacks. The software would be running background to monitor any suspicious activities from a plugged USB, and notify a user about potential attacks. This was published by Google in its GitHub for Linux PCs. . USB keystroke attacks could be bad, if not worse. Though it’s hard for an attacker to achieve this feat, once a thumb drive is directly plugged into PC, that would give the attacker full admin privileges for exploitation. This was succeeded by the US against Iran’s nuclear plans in the past. Thus, such attacks top have the potential to exploit very badly. Now, Google made software that’s more like the first level of defense, which helps users to sense any potential attacks. As the software, called USB Keystroke Protection aims for alerting the user rather than completely vanishing it. It’s more like a precaution rather than a cure. Yet, it’s useful for at least knowing the incoming threat. . A fresh utility from Google assists Linux users in identifying USB-based keylogging threats while bolstering the overall security of their systems.. USB Keystroke Attack, Linux Protection Tool, Open Source Security. . LinuxSecurity.com Team
Mar 12, 2020
•
Security Projects
67
security measureonline businesscryptographic securityMira Modi's Unique Approach to Selling Secure Passwords Online
We now live in a world where a New York City sixth grader is making money selling strong passwords. Earlier this month, Mira Modi, 11, began a small business at dicewarepasswords.com, where she generates six-word Diceware passphrases by hand. . Diceware is a well-known decades-old system for coming up with passwords. It involves rolling actual six-sided dice as a way to generate truly random numbers that are matched to a long list of English words. Those words are then combined into a non-sensical string ("ample banal bias delta gist latex") that exhibits true randomness and is therefore difficult to crack. The trick, though, is that these passphrases prove relatively easy for humans to memorize. . Using a method known as Diceware, you can roll dice to generate distinctive and secure passphrases that are simple to remember yet challenging for others to decipher.. Strong Passwords, Password Generation, Cryptographic Security, Diceware System. . LinuxSecurity.com Team
Mar 14, 2017
•
Cryptography
83
cyber attacksecurity featuresecurity measureGoogle's Security Measures Could Potentially Benefit Cyber Attackers
Before companies like Microsoft and Apple release new software, the code is reviewed and tested to ensure it works as planned and to find any bugs. Hackers and cybercrooks do the same. The last thing you want if you. More importantly, you don The link for this article located at Wired is no longer available. . Examines the paradox wherein protective security measures, designed to safeguard individuals, might unintentionally provide an advantage to cybercriminals in executing their assaults.. Google Security,Cyber Attack,Software Bugs,Security Measures. . LinuxSecurity.com Team
Sep 02, 2014
•
Hacks/Cracks
83
system hardeningcyber defensesecurity measureEffective Strategies To Strengthen Defenses Against Cyber Hackers
It. Don The link for this article located at MarketWatch is no longer available. . DonThe link for this article located at MarketWatch is no longer available.. donthe, article, located, marketwatch, longer. . LinuxSecurity.com Team
May 06, 2014
•
Hacks/Cracks
67
open sourcedata encryptionuser privacyTwitter Enhances User Data Security With Forward Secrecy Implementation
Following in the footsteps of other tech companies, Twitter is beefing up its security to make it harder for outsiders -- including the government -- to uncover data, the company announced Friday.. Twitter has added forward secrecy, a security measure that uses temporary, individual keys to encrypt each Web session, instead of relying on a single master key. The link for this article located at CNET is no longer available. . Social media platforms boost privacy by implementing end-to-end encryption to safeguard user information from state surveillance.. Data Encryption, User Privacy, Internet Security, Forward Secrecy. . LinuxSecurity.com Team
Nov 27, 2013
•
Cryptography
79
dns attackinternet securitysecurity measureEnhance Internet Security With DNSSec To Combat DNS Attacks
DNS without DNSSec (DNS Security Extensions) is not secure. It's that simple.. As an example, a recent interview with a successful black-hat hacker included the following quote: "They patch SQL but choose a DNS that is vulnerable to DNS cache poisoning. You can break in and be gone within an hour." DNSSec prevents not just DNS cache poisoning, but a host of other DNS hacking attacks. The link for this article located at InfoWorld is no longer available. . Boost your online security by implementing DNSSec to thwart DNS tampering threats and cache corruption.. DNSSec Protection, DNS Attacks, Internet Security. . LinuxSecurity.com Team
Jun 11, 2013
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More