Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
210
security advisoryuser protectionlinux securityChrome 131: Emergency Update for High-Risk Vulnerabilities in Linux
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security vulnerabilities. Chrome version 131 is now available in stable channels for Windows, Mac, Linux, and Android, and users should update promptly so their systems remain secure. . In this article, we explore these recent Chrome vulnerabilities, their impact, and how users can protect themselves. In addition, we offer mitigation advice to Linux admins looking to protect themselves from future Chrome bugs. Understanding These Vulnerabilities & Their Impact Chrome 131 includes several security fixes aimed at improving users' system security. Below is an overview of the vulnerabilities recently found and fixed in Chrome: CVE-2024-11110 : Inappropriate Implementation in Blink Severity: High Reported by: Vsevolod Kokorin (Slonser) of Solidlab Reported on: 2024-10-14 Description: This issue concerns an inappropriate implementation in Blink, Chrome's browser engine. The vulnerability could allow attackers to exploit the system, potentially leading to unauthorized access or manipulation of the user's data. CVE-2024-11111 : Inappropriate Implementation in Autofill Severity: Medium Reported by: Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India) Reported on: 2024-08-18 Description: This vulnerability involves Autofill functionalities, which could result in sensitive information being incorrectly supplied or leaked. CVE-2024-11112 : Use-After-Free in Media Severity: Medium Reported by: Nan Wang and Zhenghang Xiao of 360 Vulnerability Research Institute Reported on: 2024-07-23 Description: This use-after-free vulnerability affects Chrome's media handling, which could allow attackers to execute arbitrary code or cause a denial of service. CVE-2024-11113 : Use-After-Free in Accessibility Severity: Medium Reported by: Weipeng Jiang of VRI Reported on: 2024-08-16 Description: This issue involves the Accessibilitycomponent. Similar to the media vulnerability, it could enable arbitrary code execution or crash the application. CVE-2024-11114 : Inappropriate Implementation in Views Severity: Medium Reported by: Micky Reported on: 2024-10-02 Description: This vulnerability pertains to the Views feature, leading to potential unauthorized interactions or data manipulation. CVE-2024-11115 : Insufficient Policy Enforcement in Navigation Severity: Medium Reported by: mastersplinter Reported on: 2024-10-07 Description: Issues in navigation policy enforcement could result in unauthorized navigation actions that bypass intended security controls. CVE-2024-11116 : Inappropriate Implementation in Paint Severity: Medium Reported by: Thomas Orlita Reported on: 2023-11-14 Description: Vulnerabilities in the Paint feature can lead to improper rendering or manipulation of user content. CVE-2024-11117 : Inappropriate Implementation in FileSystem Severity: Low Reported by: Ameen Basha M K Reported on: 2023-01-06 Description: This issue affects the FileSystem API and could expose file-handling operations to unauthorized actions. CVE-2024-11395 : Type Confusion Issue in V8 Severity: High Reported by: Anonymous Reported on: 2024-11-05 Description: A Type Confusion issue in V8, Chrome’s JavaScript engine, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2024-12053: Type Confusion Issue in V8 Severity: High Reported by: Anonymous Reported on: 2024-12-03 Description: A Type Confusion Bug in V8 in Google Chrome before 131.0.6778.108 allowed a remote attacker to exploit object corruption via a crafted HTML page. Additional issues were identified and resolved through Google’s internal security work, leveraging tools like AddressSanitizer, MemorySanitizer, and other fuzzing initiatives . These preventive measures are essential in identifying and addressing vulnerabilities before exploitation. At-Risk Chrome Versions Google Chrome versions before 131.0.6778.108/.109 for Linux are vulnerable, so users on these platforms must update their browsers immediately to reduce potential threats. Consistently updating Chrome ensures you benefit from the latest security patches and feature enhancements. How Can I Update Google Chrome on Linux? Updating Google Chrome is crucial because it ensures you have the latest security patches, protecting you from potential threats like malware and phishing attacks while also providing access to new features and performance improvements, making your browsing experience safer and more efficient; essentially, keeping your Chrome browser up-to-date is vital for optimal security and functionality. Updating Google Chrome on your Linux system using a package manager is straightforward and necessary for us security-conscious admins! The LinuxSecurity team has put together a comprehensive guide on keeping your distro updated that explains the steps you can follow to update Chrome to the latest version for your distro. You can also verify that you're using the latest version of Chrome by following a few simple steps. After performing the update using a package manager, open Google Chrome and click on the three-dot menu in the upper-right corner. Then, navigate to Help > About Google Chrome . This will display the current version of Chrome installed on your system. Compare this with the latest version. If the versions match, your update was successful. Additionally, you can use commands like google-chrome --version on the command line to check the installed version directly. Ensure the version number reflected here matches the latest release. It is essential to stay informed and proactive about maintaining your system's security and functionality, and LinuxSecurity's Feature articles and newsletters are an excellent way to do so. Practical Mitigation Advice for Linux Administrators Linux admins can implement additional safeguards tofortify their systems against browser-related vulnerabilities. While staying current with Chrome updates is the primary solution, the measures below will further protect your systems: Regular Updates Implement a policy of regular system updates, including browser updates and updates to your Linux distro(s). Also, admins should Use package managers like APT (Debian-based systems) or YUM (RedHat-based systems) to keep software up-to-date automatically. Restrictive Permissions Limit the permissions of browser processes using AppArmor or SELinux policies to limit what Chrome can access on the system and minimize potential impact from compromised browsers. Sandboxing for Isolation Use tools like Firejail to run Chrome in an isolated sandbox environment, which adds another layer of protection and limits an attacker's reach even if Chrome becomes compromised. Restrict Network Activity Apply network-level protections to filter and monitor traffic, restricting connections to known safe locations while looking for suspicious activity. Security Hardening Apply general hardening policies across all systems. Disable unnecessary services, limit user permissions and enforce strong password policies. Regular Security Audits and Penetration Testing Conduct regular security audits and penetration testing to detect vulnerabilities in system configuration and software before hackers can exploit them. Our Final Thoughts on Securing Against These Recent Chrome Bugs Linux administrators can significantly mitigate browser vulnerability risks and maintain robust system security by taking proactive steps and implementing these mitigation measures. By understanding the nature of these vulnerabilities, swiftly updating Chrome, and applying recommended mitigation strategies, users and administrators can better protect their systems from potential threats and enjoy a safer browsing experience. . Investigate the newest Chrome security flaws, their consequences, and the best methods tosafeguard your systems efficiently.. Chrome Update, System Security, Browser Vulnerabilities, User Protection. . Brittany Day
Dec 04, 2024
•
Security Vulnerabilities
83
integrity verificationsecurity mitigationsupply chain attacksStrategies for Fortifying Open Source Against Supply Chain Attacks
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them than ever. Checkmarx researchers recently identified that malicious actors are exploiting entry points into popular package ecosystems such as PyPI (Python's package index) and npm (Node.js package manager) to Trojanize command-line interface (CLI) commands from running. . To help you understand this emerging threat and the broader trend it is a part of, I'll examine these attacks' methodologies, at-risk demographics, far-reaching impacts, and lessons the community can learn from these threats. I'll also share practical strategies admins can implement to prevent open-source supply chain attacks. How These Attacks Work To help you understand how these attacks work and the mechanisms used by malicious hackers, let's examine how attackers exploit entry points, their attack methods, and the role of misleading import statements in this threat. Exploitation of Entry Points Entry points are an indispensable feature of packaging systems. They enable developers to expose specific functions via CLI commands without requiring users to know the packages' precise import paths or structures. Commonly used when writing command-line scripts or creating plugin systems, malicious actors may exploit entry points if misused. Once a package is installed, its entry points are recorded in its metadata file. Attackers can exploit this metadata to execute harmful code whenever a particular command or plugin is executed - effectively fooling users into running harmful CLI commands that appear legitimate to them. Attack Methods Hackers have developed numerous techniques to infiltrate open-source ecosystems and execute supply chain attacks. A popular Command-Jacking technique involves malicious packages distributed as replicas of standard third-party tools like AWS, Docker, NPM Pip Kubectl, etc. When unsuspecting developers install these packages andexecute the commands, these malicious versions could steal sensitive data or perform unauthorized actions (for instance, stealing AWS credentials could compromise entire cloud infrastructures). Another tactic involves impersonating popular system utilities like touch, curl, ls, and mkdir to divert command executions toward malicious scripts. This tactic is particularly effective in development environments where local package installations might take precedence. By placing these fake commands ahead of their legitimate counterparts in the PATH environment variable order, attackers can force command executions directly onto their harmful scripts instead. This tactic is especially insidious in these environments due to local package installs being prioritized. More sophisticated forms of command-jacking may use Command Wrapping, in which an authentic command is modified to perform its intended function while running malicious code in the background. This tactic reduces immediate detection because the faked function seems legitimate and appears as intended. Misleading Import Statements Another increasingly common method involves installing seemingly harmless packages with malicious dependencies, executed upon installation (through preinstall scripts) or when specific functions are called. Such dependencies remain undetected until their malicious use is activated by some external event or function call, infiltrating normal application behavior until they're needed for malicious purposes. Who Is at Risk? Both individual developers and large enterprises are vulnerable to supply chain attacks. Smaller development teams or independent developers might lack the resources or expertise necessary to examine all dependencies and their sources, making them prime targets. Meanwhile, enterprises often rely on automated systems in their CI/CD pipelines where malicious commands could disrupt operations across integrated systems, potentially exposing large volumes of data or disrupting operations. Consequences of This Threat Supply chain attacks in open-source ecosystems have serious ramifications. One threat of interest includes data exfiltration and unauthorized access. By employing techniques such as command-jacking or fraudulent import statements, attackers can gain unauthorized access to sensitive data and credentials that can be exploited within their system or sold on the black market. Compromise of development and production environments poses another severe risk. Malicious commands may alter source code, introduce backdoors, disrupt build and deployment processes, or otherwise compromise Continuous Integration/Continuous Deployment (CI/CD) environments. This results in compromised applications being deployed to end-users, affecting them directly and tarnishing an organization's reputation. Organizations must consider technical and operational risks regarding supply chain attacks, significant financial losses, and legal repercussions. Economic losses may arise from downtime costs, ransomware demands, or penalties for noncompliance with data protection regulations. At the same time, legal issues could emerge if customer data was breached without adequate security measures, resulting in lawsuits and fines being levied against organizations. Lessons for Strengthening Open Source Security To maintain high security levels within open-source projects, community vigilance and contribution must always come first in package development and distribution processes. Code reviews, contribution guidelines, and automated security scanning tools are critical. Security tools that analyze package metadata and behavior are invaluable for spotting supply chain attacks, which could indicate vulnerabilities within an organization's supply chain. Dependency scanning tools should be integrated into CI/CD pipelines to look for vulnerabilities that could compromise them. Practical Mitigation Measures for Admins Linux admins and open-source developers can take several practical measures tominimize supply chain attacks on open-source projects. These include strict access controls that follow the principle of least privilege (PoLP) to ensure that only authorized personnel can change critical configurations or gain entry to sensitive systems. Regular auditing and monitoring activities also play an essential role in defending against these threats. By reviewing installed packages or system calls frequently and tracking any abnormal behaviors that might indicate an ongoing attack, administrators can identify anything unusual that may indicate an ongoing attack. Employing endpoint detection and response (EDR) solutions may increase their efficacy further. Another essential step is verifying package integrity before installation. Admins should utilize hashing methods to confirm that packages have not been altered, with tools like GPG (GNU Privacy Guard) providing invaluable assistance. Furthermore, development teams should receive training on supply chain attacks to identify any red flags, such as changes in dependencies or unfamiliar source packages. Implementing a zero-trust security model can significantly improve an organization's security posture. This model involves continuously verifying every component in the system for integrity and security breaches, thus limiting their impact. By taking such practical steps, administrators can better safeguard their systems and lower the probability of successful supply chain attacks. Our Final Thoughts on Addressing This Growing Threat Supply chain attacks that target entry points into Python, npm, and other open-source ecosystems are a concerning trend in cybersecurity. Such attacks demonstrate how malicious actors use sophisticated methods to penetrate systems, hence the necessity for collective efforts within the open-source community to strengthen security measures and minimize attacks. Understanding how these attacks work, who might be vulnerable, and developing security protocols to minimize risk will all help mitigate threats andprevent further incidents from arising. By learning from these attacks and adopting a proactive security posture, developers and organizations can better defend themselves and preserve their users' trust. . The rise in supply chain vulnerabilities in open-source software raises alarm as threat actors exploit these gaps, highlighting the urgent need for proactive security measures. Supply Chain Attack, Open-Source Security, Command Jacking, Package Management, Cyber Threats. . Brittany Day
Oct 15, 2024
•
Hacks/Cracks
209
Linux kernelspeculative executionsecurity mitigationUnderstanding AMD Zen 4 Security Mitigations For Enhanced Performance
While some Linux enthusiasts eagerly recommend users boot their systems with the " mitigations=off " kernel parameter for run-time disabling of various relevant CPU security mitigations for Spectre, Meltdown, L1TF, TAA, Retbleed, and friends, with the new AMD Ryzen 7000 "Zen 4" processors while still needing some software mitigations, it's surprisingly faster for the most part leaving the relevant mitigations enabled. . With AMD Zen 4 processors and the currently public security disclosures, Linux 6.0 on the Ryzen 7000 series CPUs has Speculative Store Bypass disabled via prctl for the SSBD / Spectre V4 mitigation and Spectre V1 mitigations of usercopy/SWAPGS barriers and __user pointer sanitization. Then for Spectre V2 there are Retpolines, conditional Indirect Branch Predictor Barriers (IBPB), IBRS firmware, always-on Single Threaded Indirect Branch Predictors (STIBP), and return stack buffer (RSB) filling. Those are the only software security mitigations involved with Zen 4 at this time with the new CPUs not being vulnerable to the assortment of other known vulnerabilities affecting different CPUs. The link for this article located at Phoronix is no longer available. . Maintaining CPU security mitigations on AMD Zen 4 architecture provides significant performance advantages while protecting against vulnerabilities related to speculative execution.. AMD Zen 4 Performance, Linux Security Mitigations, CPU Speculation Protections. . Brittany Day
Oct 05, 2022
•
Security Trends
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More