Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 11 articles for you...
79
secure developmentsecurity toolsvulnerability assessmentEnhance Linux Software Security with Google’s Code Scanners
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security measures in development lifecycle processes. C ode security scanners play a vital role here. These tools are intended to detect, mitigate, and prevent security vulnerabilities in code , improving integrity, reliability, and security for software systems. . In this article, I'll delve deeply into the function and importance of code security scanners developed by Google: AddressSanitizer (ASan), MemorySanitizer (MSan), UnknownBehaviorSanitizer (UBSan), Control Flow Integrity (CFI), LibFuzzer, and AFL (American Fuzzy Lop). Let's begin by gaining a deeper understanding of code security scanners and their importance in secure Linux software development. What Are Code Security Scanners? Code security scanners are tools used to scan source code to detect potential security flaws and flag them for further review by coders or testing services. Such analyses could involve either static analysis (without running it), dynamic analysis (while running), or some combination thereof. The goal is to identify flaws attackers might exploit, like buffer overflows , race conditions, and injection vulnerabilities. The Importance of Code Security Scanners in Secure Linux Software Development Code security scanners play an essential role in secure development. By integrating them early into their processes, developers can identify and address vulnerabilities before production-ready software reaches distribution, thus decreasing risks associated with security breaches. Proactive security solutions can be cost-efficient and effective. By addressing security issues during development rather than post-release fixes that often involve lengthy patches that compromise an organization's credibility and require extensive costs, organizations can minimize potential negative repercussions while protecting themselves from future liabilities. Many industries impose stringentregulatory standards on software security, and code security scanners can assist by documenting sound security practices and assuring regulatory compliance. Beyond increasing security, code security scanners improve overall software quality by identifying bugs or performance issues that would remain undetected. Code Security Scanners Developed by Google Google has developed several security tools that are invaluable for open-source security researchers attempting to quickly detect Type Confusion flaws during code development. Here is an introduction to each of Google's security tools and how they can be utilized: AddressSanitizer (ASan) AddressSanitizer is a memory error detector that identifies issues such as out-of-bounds accesses to heap, stack, and global variables and use-after-free bugs. ASan works by instrumenting code to detect memory errors at runtime, making it a powerful way of discovering buffer overflows or heap corruption issues. Utilization: ASan can quickly become part of any development workflow by being activated during compilation. Developers can run their programs with ASan enabled and watch it flag memory errors as they arise, providing complete diagnostic information that facilitates debugging efforts. MemorySan (MSan) MSan was developed to detect uninitialized memory reads. This tool detects instances where variables are being used without initializing correctly, potentially leading to unpredictable behavior and security vulnerabilities. MSan instruments code during compilation to monitor reads/writes on memory, so any use of uninitialized memory is promptly flagged as used memory by MSan. Utilization: Developers can utilize MSan by compiling their code with MSan instrumentation enabled. Running this instrumented program will allow MSan to identify instances of uninitialized memory usage, helping developers address them before becoming security issues. UnknownBehaviorSanitizer (UBSan) UnknownBehaviorSanitizer (UBSan) targets undefinedbehavior in code, such as integer overflows, misaligning pointers, and invalid casts, that might not cause immediate crashes but can lead to severe bugs and security vulnerabilities later down the road. Utilization: UBSan can be utilized by compiling code with UBSan instrumentation enabled, running it through execution, and monitoring for unanticipated behavior or incidents during run time. Developers can be provided with detailed reports to address these problems proactively. Control Flow Integrity (CFI) CFI is a security feature that ensures a program adheres to only legitimate paths defined by its control flow graph, thus protecting itself from attacks such as return-oriented programming (ROP) attacks that might divert its execution path from what was planned by design. Utilization: CFI can be implemented by compiling code with support for control flow integrity enabled. Once activated, CFI will check that program execution matches the expected control flow graph, blocking any attempts at malicious manipulation by running continuous verification checks that ensure execution conforms to expected flow charts. libFuzzer libFuzzer is a coverage-guided fuzzing tool used with sanitizers like ASan and UBSan to maximize security flaw detection. Fuzzing involves injecting random inputs into programs being tested to uncover hidden bugs by creating unexpected behavior that generates unexpected patterns that result in unforeseen bugs being exposed during testing. Due to these powerful combinations, libFuzzer excels in discovering Type Confusion vulnerabilities. Utilization: Developers utilize libFuzzer by writing "fuzz targets," which are particular entry points called by libFuzzer with various inputs. By pairing this approach with other testing sanitizers, developers can uncover hidden vulnerabilities through extensive fuzz testing, ensuring robust software security. American Fuzzy Lop [AFL] AFL (American Fuzzy Lop) is a security-oriented fuzzer that employs geneticalgorithms to automatically discover test cases that cause crashes or expose other potential issues with software applications. AFL tracks the execution path of a tested program while altering inputs to find new code paths, effectively uncovering any security flaws, such as Type Confusion vulnerabilities, that remain concealed under surface code paths. Utilization: Utilizing AFL in testing can be achieved by instrumenting code and running its fuzzer against its binary version, then running AFL's generator/mutate in an automated fashion to simulate inputs/mutations for testing purposes and identify vulnerabilities through comprehensive automated tests. Integration into the Linux Software Development Workflow Integrating code security scanners into the development workflow is critical to creating secure codebases. By embedding such tools within Continuous Integration/Continuous Deployment (CI/CD) pipelines , code is continuously tested for vulnerabilities throughout its lifespan and development lifecycle. Educating developers on security scanners' benefits and proper use is paramount for timely detection and resolution. Training sessions and resources may assist developers in integrating this tool smoothly into their daily workflow. At the same time, regular code audits should complement automated scanning tools as human oversight may identify problems missed by automated scanners. Our Final Thoughts on the Benefits of Code Security Scanners for Secure Linux Software Development AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL have become essential tools in developers' toolkits in an ever-evolving Linux security landscape. Developers must ensure that software remains robust, secure, and reliable by including security scanners in development projects. As with anything worth doing, an "ounce of prevention is worth a pound of cure." Security scanners allow developers to address security threats before users experience them directly. .In software development for Linux, integrating code security scanners is crucial. These tools automate vulnerability detection, enhancing security early in development.. security tools, code integrity, vulnerability detection, development processes, secure software. . Dave Wreski
Oct 14, 2024
•
Security Projects
83
malwarecybersecuritysecurity threatGomir Linux Backdoor Threat Analysis: Kimsuky APT Insights and Defense
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its GoBear backdoor called Gomir. The Gomir backdoor is structurally similar to GoBear, leading to concerns within the cybersecurity community. The overlapping code between malware variants raises questions regarding the extent of the threat and the potential implications for targeted organizations. Let's explore the significance of this discovery and its implications for the Linux community so you are better prepared to protect against Gomir and other Linux malware variants. . How Does Gomir Work & What Are Its Implications for Linux Admins? In technical terms, Gomir, the Linux backdoor, supports several commands, enabling its operators to carry out file operations, initiate a reverse proxy, pause command-and-control communications, execute shell commands, and terminate its own process. The existence of these capabilities demands robust security protocols within Linux systems , including monitoring and controlling command executions to prevent the misuse of these privileges by threat actors. Security researchers initially documented GoBear in connection with a campaign involving malware known as Troll Stealer, suggesting that these activities are part of a larger, coordinated effort by the Kimsuky APT group to infiltrate organizations in South Korea. Moreover, the distribution of the malware through trojanized security programs downloaded from a South Korean construction-related association's website is noteworthy. This points to the pressing need for organizations to meticulously assess the integrity of the software they download and use. Using rogue installers for Wizvera VeraPort to deliver Troll Stealer further emphasizes the need for improved supply chain security measures to prevent the spread of malicious software. This includes modernizing processes, reviewing and updating permissions throughout the supply chain, and verifying code beforedeploying it. The broader implication of this report is the emerging pattern of software installation packages and updates being exploited as favored infection vectors for espionage activities. Recognizing this trend is essential for security practitioners and underscores the urgency of ensuring the authenticity and security of software updates and installation packages. Our Final Thoughts on Gomir The emergence of Gomir and the tactics employed by the Kimsuky APT group in targeting South Korean organizations demonstrate the need for enhanced vigilance and proactive security measures. Linux admins should take note of these developments and evaluate their security postures to mitigate the risk such advanced persistent threat groups pose to their systems. . Gomir, a concerning malware variant, poses threats to Linux security. Understanding its tactics is vital for enhancing system defenses against such intrusions. Linux Backdoor,Kimsuky APT,Security Threats,Malware Defense,Linux Security. . Brittany Day
May 30, 2024
•
Hacks/Cracks
79
software integrityOpenSSFsupply chain securityOpenSSF Announces SLSA 1.0 To Enhance Software Supply Chain Security
Supply chain security represents a complex challenge for organizations across industries, but it might be getting just a bit easier today with the release of the SLSA (pronounced salsa) 1.0 specification. . The supply chain levels for software artifacts (SLSA) project got its start as a Google-led effort in 2021 and is now managed as a multi-stakeholder initiative under the direction of the Linux Foundation ‘s OpenSSF (software security foundation). SLSA is a framework that aims to help define and ensure the integrity of software artifacts throughout the software supply chain. For any given application or service, there are multiple components, or artifacts, that are used to help build and deliver an offering. The SLSA framework provides several levels of conformance that outline escalating levels of security rigor. The goal of the SLSA framework is to provide assurance that software has not been tampered with and can be traced back to its source with a high degree of security. “Technology like this, which is about tracing the provenance of artifacts and the degree of rigor that’s been put into the the build processes around it, really cannot be done just at the tail end of a supply chain or by one party in a supply chain,” Brian Behlendorf, general manager of the OpenSSF, told SDxCentral. “It really is only meaningful if it’s done by everybody participating in that supply chain and so it needed to become an open specification.” . The CISA 2.0 framework bolsters cybersecurity measures, safeguarding data accuracy throughout various sectors.. Supply Chain Security, Software Integrity, OpenSSF, SLSA 1.0. . LinuxSecurity.com Team
Apr 20, 2023
•
Security Projects
82
risk managementcybersecuritysecurity insightsAddressing Software Supply Chains: Open Source Security Insights
In the wake of several major cybersecurity incidents - the most recent being the Colonial Pipeline ransomware attack, the government wants to shore up its software supply chain. There’s no silver bullet, but Open Source shows significant promise in meeting this challenge. . Recent intrusions into federal agencies and critical infrastructure are causing the government to more closely examine how software is made, in addition to who’s making it and where. Even before President Joe Biden and his transition team entered the White House amid the unfurling SolarWinds crisis, the executive branch was working to collectively reduce weaknesses in the government’s software supply chain. A new executive order gets deeper into core software development techniques than anything from previous administrations. . Recent incidents involving federal agencies underscore vulnerabilities within government software supply chains, prompting an examination of open-source threats.. Software Supply Chain, Open Source Security, Cybersecurity Threats, Software Integrity. . Brittany Day
May 19, 2021
•
Government
79
security advisoryremediationvulnerability managementMaximize Open-Source Security in Linux Using WhiteSource Solutions
When it comes to modern applications, did you know that up to 80% of code is made up of open-source components? There are several reasons why open-source software is utilized, including its cost-effective nature, reliability, and the freedom to access, modify, and distribute source codes. Yet, the nature of open-source components means security efforts can be overlooked. After all, developers usually take components which are readily available and implement them within their own projects. This saves considerable time where they gain useful features without having to write their own code. It also means exploits can exist – and these can be easily missed when working on applications. There are plenty of examples where an organization has been devastated by lackadaisical open-source security. The most infamous was back in September 2017. Equifax, the international credit reporting agency, suffered a hack on an unprecedented scale. The open-source component known as Apache Struts2 featured an exploit, and this was all it took for attackers to make off with the personal data of at least 143 million people . As a result, it is essential your organization doesn’t just detect vulnerabilities in open-source code, but also rectifies any issues before they cause damage. This is where WhiteSource can take center stage for your Linux projects. Open-source security: the challenges Open-source security relies on a community-based approach. SAST and other technology for application security testing are beneficial for proprietary code, but it’s a different story with Open Source. The community is very much a resource for identifying and fixing vulnerabilities found within code. However, even though the open-source community is capable of devising fixes for vulnerabilities, there’s one point to remember: Open Source isn’t controlled by one authority. It is a decentralized operation. This means information about vulnerabilities/fixes is spread across various resources, which ultimately resultsin it being impossible for organizations to match these to their own applications. What is WhiteSource? So how can a corporation keep its open-source inventory secure? To avoid a potential ticking time bomb due to vulnerable components, one of the best solutions on the market is WhiteSource. In essence, WhiteSource allows you to automatically check every open-source component found within your applications. By doing this, you can stay secure from vulnerabilities while also enforcing all license policies during the development lifecycle of your software. Along with staying secure from hackers, it also results in faster, smoother, and more affordable development. The following points will go through the steps the WhiteSource platform takes to keep software safe, and why 1.3 million developers use it for their projects. Detecting vulnerabilities As mentioned already, even with community feedback, it’s difficult to know which of your open-source components feature any vulnerabilities. WhiteSource can rectify that issue – and go beyond any manual application checks. The platform detects any vulnerability in an application, including those found in your transitive dependencies, and does this across 200+ programming languages. Along with this comprehensive database, WhiteSource cuts out those resource-eating false positives. Plus, the platform’s patented Effective Usage Analysis tool ensures your development team can prioritize the vulnerabilities that truly need resolving. Vulnerability remediation When a vulnerability has been detected, it’s essential that it is corrected as soon as possible. When the community issue trackers list a vulnerability, hackers are quick to react in an effort to exploit the security flaw. Due to remediation requiring the cooperation of your developers and security teams, a swift fix for vulnerabilities is not always possible – especially if they’re working on code they didn’t write themselves. With WhiteSource; however, you canaccurately pinpoint any vulnerable functionality found within your code. It also maps out how your application is using the vulnerability. With these insights, you can significantly reduce your remediation efforts. WhiteSource adds further convenience by suggesting fixes for any vulnerability. Whether this is a configuration change to the system blocking a certain function or a link to the latest patches, the platform lists all known remedies. WhiteSource also automates the process for every new issue discovered. Continuous monitoring When you factor in the sheer size of the open source community in terms of data and combine this with its decentralized nature, it is practically impossible to manage every facet of open-source security manually. This is why an automated solution like WhiteSource is so vital for the process. When it comes to monitoring, it is vital to combine shift right and shift left testing. The “shift right” methodology is particularly imperative as open-source project vulnerabilities are usually found years after the release of the vulnerable version. The good news: WhiteSource keeps automatic track of the latest deployed version of a component. As for “ shift left ”, this approach allows developers to spot vulnerable components prior to them even being downloaded from the Internet. WhiteSource’s browser extension, Web Advisor, ensures developers can pick the most suitable component right from the start. WhiteSource also enables you to automatically enforce quality/security/license compliance policies throughout the software development life cycle. By automating this aspect, you can save considerable time and resources compared to manually reviewing new components. . . Open-source software may harbor security flaws; learn how WhiteSource safeguards your Linux applications proficiently.. Open Source Security, Vulnerability Management, WhiteSource, Software Integrity, Application Monitoring. . LinuxSecurity.com Team
Jan 25, 2021
•
Security Projects
79
input validationsecure codingsoftware integrityEssential 10 Secure Coding Practices Every Developer Should Follow
With the increasing number of breaches in security with respect to credit card, mobile etc it is becoming imperative that we do all that we can to safeguard our property. So is the case with software developers. . As cited on cio.com, here are 10 things they can do to keep their codes secure -1. Testing inputs rigorously - Attackers require a path into your machines, and the easiest path is via the doors your code opens. In the event that your software derives input from the Internet, you are likely to have something come past you. You must ensure to test the size and structure of the incoming data and never rely on the person on the other end of the Internet. The link for this article located at EFY Times is no longer available. . As cited on cio.com, here are 10 things they can do to keep their codes secure -1. Testing inputs ri. increasing, number, breaches, security, respect, credit, mobile. . LinuxSecurity.com Team
Nov 15, 2013
•
Security Projects
81
certificate managementdigital signaturesecurity risksImpact of Certificate Revocation on Software Integrity and Risks
Revoking a digital certificate does not automatically invalidate, for instance, software signatures that have been made with this certificate. What matters is the revocation date, which determines the point in time after which a signature will no longer be validated. . According to a report from anti-virus specialist Norman, the signatures of several recently discovered trojans were validated by Windows as a result, and no warning was issued before installing the malware. The trojans were signed with a key that had been stolen from a Japanese company. The corresponding certificate was reported as compromised on 29 July 2011 and revoked by its issuing Certificate Authority (CA), VeriSign, which is now part of Symantec. However, that date was also entered as the revocation date. The link for this article located at H Security is no longer available. . According to a report from anti-virus specialist Norman, the signatures of several recently discover. revoking, digital, certificate, automatically, invalidate, instance, software, signatures. . LinuxSecurity.com Team
Nov 18, 2011
•
Privacy
79
openbsdbackdooropen source securityInvestigating Claims of OpenBSD Backdoors: Insights on Security Matters
Every developer knows the importance of issuing security patches. Unexpected bugs that lead to software vulnerabilities are virtually unavoidable; the key is to acknowledge them when they're discovered and issue fixes before they can be widely exploited. But what do you do when you believe vulnerabilities may have been introduced into your code base intentionally?. That's the issue facing the maintainers of OpenBSD, in light of allegations made in December by a former government contractor named Gregory Perry, who claims knowledge of an FBI plan to insert backdoors into the open source operating system. If they exist, the backdoors would provide the FBI a means to monitor encrypted communications sent from OpenBSD systems. The link for this article located at InfoWorld is no longer available. . Explore the consequences of supposed hidden vulnerabilities within OpenBSD and the critical need for openness in software protection.. OpenBSD Backdoors, Security Allegations, Software Integrity. . LinuxSecurity.com Team
Jan 06, 2011
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More