Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 13 articles for you...
210
security advisoryprivilege escalationdata breachCISA Alerts on Critical Linux Kernel Bugs CVE-2024-1086 & CVE-2023-3390
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its Known Exploited Vulnerabilities (KEV) catalog . This bug is being actively exploited in the wild, and federal organizations have been given a deadline of June 20th to patch it, suggesting that private organizations follow suit. . Another severe kernel flaw, CVE-2023-3390 , has emerged after this discovery, and its Proof-of-Concept (POC) code has been released. Both of these flaws could enable attackers to gain root access to impacted systems, resulting in complete system compromise, data theft, malware infections , and other damaging repercussions. Let's explore these vulnerabilities in-depth, evaluate their impact, and offer practical advice for securing your systems against them. Evaluating Recent Linux Kernel Flaws & Their Impact CVE-2024-1086 is a critical Linux security flaw that allows privilege escalation within the Linux kernel, enabling users with basic privileges to elevate privileges to root. This bug is classified as a use-after-free vulnerability, or memory corruption issue when a program continues to use a pointer after the memory it points to has been freed, in the netfilter: nf_tables component of the kernel. Netfilter is a framework in the kernel that facilitates networking-related operations, including packet filtering, network address translation (NAT), and packet mangling. This vulnerability could allow unauthorized users to gain elevated privileges on the impacted system, resulting in unauthorized data access, service disruption, and full system compromise. CISA (Cybers ecurity and Infrastructure Security Agency) has issued warnings urging users to immediately patch this critical and actively exploited Linux security flaw to mitigate the risk of exploitation. Kernel versions 5.14.21 to 6.6.14 are vulnerable, with Debian and Ubuntu systems being at disproportionate risk. CVE-2023-3390 is also a privilege escalation bug inthe kernel. This vulnerability originates from an integer overflow issue in the nft_validate_register_store function within the Netfilter subsystem of the kernel. An integer overflow flaw results from improper handling of integer values, leading to an overflow condition. Attackers with limited privileges could exploit this bug to gain root access on affected systems by writing arbitrary data to kernel memory, potentially leading to privilege escalation and unauthorized access, resulting in complete system compromise. The release of a Proof-of-Concept (PoC) exploit for this vulnerability has significantly increased its risk, as it provides both security researchers and malicious actors with the knowledge to exploit it. The impact of both of these bugs is significant, as they could lead to data breaches , system compromise, and service disruption, especially considering Linux's widespread use. How Can I Mitigate My Risk? The Linux kernel development community has issued patches to address these vulnerabilities. System administrators are strongly encouraged to apply these patches promptly to protect their systems from exploitation. Additionally, users are advised to follow best security practices like limiting privileged accounts, updating software regularly, and monitoring for unusual activity to bolster system security and reduce the risk of exploitation. For detailed advice on improving Linux kernel security, explore the LinuxSecurity Feature article, How To Secure the Linux Kernel. Our Final Thoughts on the Implications of These Flaws Organizations and individuals must immediately address the recently discovered Linux kernel vulnerabilities, CVE-2024-1086 and CVE-2023-3390, which can lead to privilege escalation and potentially full system compromise. The impact of these flaws is significant, with potential repercussions including data theft, service disruption, and complete system compromise. CISA's directive to federal organizations to patch CVE-2024-1086 by June 20th underscoresthe situation's urgency, emphasizing the need for swift action across all sectors. We commend the Linux community’s rapid response to these issues, which confirms its dedication to maintaining the security and integrity of our widespread and much-loved OS. . New vulnerabilities CVE-2024-1087 and CVE-2023-3391 could compromise your device's security. Timely updates are crucial! Ensure safety!. Linux Kernel Bugs, Privilege Escalation, System Security. . Dave Wreski
Jul 18, 2024
•
Security Vulnerabilities
210
security advisoryexploitdata breachThunderbird & Firefox: Data Breach Risks and Defensive Actions
Several significant vulnerabilities have been found in the Thunderbird email client and Firefox web browser. An attacker could exploit these issues to disrupt services, obtain sensitive data, bypass security restrictions, perform cross-site tracing, run rogue programs on your computer, or escalate privileges on impacted systems. . What Are These Vulnerabilities & How Do They Impact Me? The following security issues were discovered and fixed in Thunderbird and Firefox: If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, perform cross-site tracing, or execute arbitrary code. ( CVE-2023-6858 ) Thunderbird did not properly parse a PGP/MIME payload that contains digitally signed text. An attacker could exploit this issue to spoof an email message. ( CVE-2023-50762 ) Thunderbird did not properly compare the signature creation date with the message date and time when using a digitally signed S/MIME email message. An attacker could exploit this issue to spoof the date and time of an email message. ( CVE-2023-50761 ) Thunderbird did not properly manage memory when used on systems with the Mesa VM driver. An attacker could exploit this issue to execute arbitrary code. ( CVE-2023-6856 ) Thunderbird did not properly validate the textures produced by remote decoders. An attacker could exploit this issue to escape the sandbox. ( CVE-2023-6860 ) An attacker could escalate privileges through devtools, enabling them to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users. ( CVE-2024-0751 ) Bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 threaten memory safety ( CVE-2024-0755 ). Out-of-bounds memory read in networking channels. ( CVE-2024-1546 ) Alert dialog could have been spoofed on another site. ( CVE-2024-1547 ) Fullscreen Notification could have beenhidden by a select element. ( CVE-2024-1548 ) Custom cursor could obscure the permission dialog. ( CVE-2024-1549 ) The mouse cursor re-positioned unexpectedly could have led to unintended permission grants. ( CVE-2024-1550 ) Multipart HTTP Responses would accept the Set-Cookie header in response parts. ( CVE-2024-1551 ) Incorrect code generation on 32-bit ARM devices. ( CVE-2024-1552 ) Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. ( CVE-2024-1553 ) Firefox did not properly manage memory when accessing the built-in profiler. An attacker could potentially exploit this issue to cause a denial of service. ( CVE-2024-1556 ) The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. As a result, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. ( CVE-2024-1936 ) NSS was susceptible to a timing side-channel attack when performing RSA decryption, potentially allowing an attacker to recover the private data. ( CVE-2023-5388 ) An unchecked return value in the TLS handshake code could have caused a potentially exploitable crash. ( CVE-2024-0743 ) The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. As a result, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. ( CVE-2024-1936 ) Return registers were overwritten which could have allowed an attacker to execute arbitrary code. ( CVE-2024-2607 ) `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out-of-bounds write. ( CVE-2024-2608 ) Using a markup injection, an attacker could have stolen nonce values. This issuecould have been used to bypass strict content security policies. ( CVE-2024-2610 ) A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. ( CVE-2024-2611 ) If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. ( CVE-2024-2612 ) Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 have shown evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. ( CVE-2024-2614 ) To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. ( CVE-2024-2616 ) Exploitation of these bugs could result in the compromise of sensitive information or loss of system availability. The Firefox update released to fix these issues introduced several minor regressions, which have now been fixed in the latest version of Firefox. How Can I Secure My Linux Systems? Crucial updates for Thunderbird and Firefox have been released to fix these impactful vulnerabilities. Given these flaws’ severe threat to affected systems, if left unpatched, we strongly recommend all impacted users apply the updates released to protect against data theft and loss of system access. To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter , and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on X for real-time updates on advisories for your distro(s) . . Critical vulnerabilities in Chrome and Outlook jeopardize personal data and operational consistency. Safeguard your privacy now!. ThunderbirdSecurity, Firefox Threats, Open Source Exploit. . Brittany Day
May 02, 2024
•
Security Vulnerabilities
210
security advisoryremote code executionprivilege escalationCISA: Seven Old Linux Issues Critical: RCE and Escalation Risks
The Cybersecurity & Infrastructure Security Agency (CISA) added seven new Linux vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Friday based on evidence of active exploitation, some of which have been known for a decade: . CVE-2023-25717: Multiple Ruckus Wireless Products CSRF and RCE Vulnerability CVE-2021-3560: Red Hat Polkit Incorrect Authorization Vulnerability CVE-2014-0196: Linux Kernel Race Condition Vulnerability CVE-2010-3904: Linux Kernel Improper Input Validation Vulnerability CVE-2015-5317: Jenkins User Interface (UI) Information Disclosure Vulnerability CVE-2016-3427: Oracle Java SE and JRockit Unspecified Vulnerability CVE-2016-8735: Apache Tomcat Remote Code Execution Vulnerability (This flaw exists because a component was not updated to take account of Oracle’s fix for CVE-2016-3427.) The Impact These bugs could result in remote code execution (RCE), privilege escalation attacks, denial of service (DoS) attacks leading to memory corruption and system crashes and the compromise of sensitive information. They have recived National Vulnerability Database (NVD) ratings of "critical" or "high-severity" due to the high confidentiality, integrity and availability impact of these issues. All of these vulnerabilities are connected to Linux, and may have been leveraged in attacks on Linux systems. The Ruckus product vulnerability has been exploited by a DDoS botnet called AndoryuBot. There do not appear to be any public reports describing exploitation of the other vulnerabilities recently added to CISA’s catalog; however, technical details and proof-of-concept (PoC) exploits are available. How Can I Protect Against These Vulnerabilities? Many Linux distributions have released advisories for these vulnerabiliies to describe impact of these flaws and the availability of patches. LinuxSecurity tracks advisories for fifteen popular Linux disros, and the advisories released for thesevulnerabilities can be easily found by searching our site for the specific CVE you are interested in. To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user , then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s) . . CISA alerts on ongoing attacks exploiting seven dated Linux vulnerabilities. Details on consequences and mitigation steps available.. Linux Vulnerabilities, Cybersecurity Threats, Patches, Privilege Escalation, Remote Code Execution. . Brittany Day
May 26, 2023
•
Security Vulnerabilities
74
threat analysisdata breachsecurity trendsUnderstanding Data Breaches and System Compromise Risks
Lately, stories of stolen data, compromised systems, and vulnerabilities that send us scrambling to patch, headline the news. It seems that we have been taking two steps forward and one step back when it comes to fighting the battle to protect our systems and networks.. Exactly how bad is it and what does the future hold? I am a big fan of metrics, so I did some digging on the data that exists and what it can tell us. I started with looking at CVEs and what that trend looks like over time. I used the CVE data from a site I like called cvedetails.com. All data here comes from the National Vulnerability Database (NVD).. The rise in data breaches, now averaging over $4 million in costs, demands enhanced cybersecurity. With sophisticated threats and remote work challenges, firms must adapt their defenses.. Data Breach Trends,System Security Analysis,Vulnerability Metrics. . Brittany Day
May 05, 2018
•
Network Security
83
security riskmalware analysissystem compromisePotential Dangers of Utilizing the 'Strings' Tool in Malware Examination
One of the first things a malware analyst does when encountering a suspicious executable file is to extract the text strings found inside it, because they can provide immediate clues about its purpose. This operation has long been considered safe, but it can actually lead to a system compromise, a security researcher found.. String extraction is typically done using a Linux command-line tool called strings that. Utilizing the 'strings' utility for data handling could potentially open vulnerabilities, alerting security experts to possible threats from malicious software.. Malware Analysis, Strings Tool, Security Research, Executable Files, System Risk. . LinuxSecurity.com Team
Oct 28, 2014
•
Hacks/Cracks
67
security advisorycritical issueOpenSSLOpenSSL: 0.9.8o & 1.0.0a Critical: Code Injection And Memory Flaws
The OpenSSL developers have released versions 0.9.8o and 1.0.0a, fixing two security problems. A flaw in the ASN.1 parser can be exploited to write to invalid memory addresses using specially crafted "Cryptographic Message Syntax" (CMS) structures. . The flaw potentially allows arbitrary code to be injected in order to compromise a system. CMS is not enabled by default in the 0.9.8 branch of OpenSSL, but it is enabled in the 1.0.0 branch. An uninitialised buffer in the EVP_PKEY_verify_recover() function in version 1.0.0 can be exploited to make an invalid RSA key appear to be valid. Since very few applications have used this recently-introduced function, the scope of this problem is limited. The OpenSSL developers say that pkeyutl is currently one of the only OpenSSL tools to access this function. [All of article] The link for this article located at H Security is no longer available. . The flaw potentially allows arbitrary code to be injected in order to compromise a system. CMS is no. openssl, developers, released, versions, fixing, security, problems. . LinuxSecurity.com Team
Jun 04, 2010
•
Cryptography
78
security advisorysystem compromiseJava RuntimeVMware: Multiple Vulnerabilities in vCenter 4.0 And Server Products
VMware has advised of a number of vulnerabilities in several of its products, including ESX, Server, VirtualCenter and vCenter. According to the company, a number of the issues relate to problems in the Java Runtime Environment (JRE) and several of the 47 vulnerabilities can be used by an attacker to compromise a system.. VMware vCenter 4.0, VMware Server 2.0, VMware ESX 4.0, 3.5 and 3.0.3, VirtualCenter 2.5 and 2.0.2 and VMware VMA 4.0 are all affected. An update for VirtualCenter 2.5 has been released. Security updates for the other products are still pending completion. The link for this article located at H Security is no longer available. . VMware has revealed several security flaws across different applications linked to Java-related problems and potential system breaches.. VMware Products, Java Runtime Environment, Security Updates. . LinuxSecurity.com Team
Feb 01, 2010
•
Vendors/Products
77
security advisorykernelnetwork serviceopenSUSE 11 on 1&1 Servers: Kernel Update Risks and Compromise Potential
According to a German IT service provider, users running 1&1 servers with openSUSE 11 as their distribution should check the version number of their Linux kernel. In order to guarantee full support for the hardware it uses, for openSUSE, 1&1 installs its own homemade kernel. Unfortunately this kernel disables the YAST auto-update function, with the result that, despite regular updates, the kernel (2.6.27.21) remains several months old . Users relying on auto-updates could be in for an unpleasant surprise. At present it is not confirmed that this is also problem with 1&1 servers running English language versions of openSUSE, although it seems likely that it is. IT services provider Markus Manze stumbled on the problem when compiling an overview of Linux distributions and the null pointer dereference bugs they contain. According to Manke's German language report on the problem, in view of the availability of exploits, an unpatched kernel turns security vulnerabilities in other applications, such as web servers, PHP applications and other network services, into potentially system-compromising vulnerabilities. Furthermore, the mmap_min_addr system variable, which is able to frustrate NPD exploits, is set to 0 in openSUSE 11.0. The link for this article located at H Security is no longer available. . OpenSUSE users hosting on 1&1 platforms could encounter vulnerabilities due to old kernels and inactive updates. Act promptly!. openSUSE, Kernel Update, Security Risks, 1&1 Server. . LinuxSecurity.com Team
Nov 27, 2009
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More