Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 59 articles for you...
83

Over 700 Malicious Packages Discovered in npm and PyPI Registries

Security researchers have discovered another sizeable haul of malicious packages on the npm and PyPI open source registries, which could cause issues if unwittingly downloaded by developers. . In January, Sonatype said it found 691 malicious npm packages and 49 malicious PyPI components containing crypto-miners, remote access Trojans (RATs) and more. The discoveries by the firm’s AI tooling brings its total haul to nearly 107,000 packages flagged as malicious, suspicious or proof-of-concept since 2019. It includes multiple packages that contain the same malicious package.go file – a Trojan designed to mine cryptocurrency from Linux systems. Sixteen of these were traced to the same actor, trendava, who has now been removed from the npm registry, according to Sonatype. Separate finds include PyPI malware “minimums,” which is designed to check for the presence of a virtual machine (VM) before executing. The idea is to disrupt attempts by security researchers, who often run suspected malware in VMs, to find out more about the threat. . Experts in cybersecurity have discovered an extensive collection of more than 800 harmful open source libraries available on the npm and PyPI platforms.. Malicious Packages,Npm,Pypi,Open Source Threats,Security Research. . LinuxSecurity.com Team

Calendar%202 Feb 22, 2023 User Avatar LinuxSecurity.com Team Hacks/Cracks
210

Local Privilege Escalation Threats: 15-Year-Old Linux Bugs and Risks

Researchers have discovered three vulnerabilities capable of granting attackers root privileges on Linux systems if they are able to gain access through other methods. These bugs, which affect the iSCSI kernel subsystem, have existed for more than 15 years. . Similarly, The Zero Day Initiative (ZDI) researchers uncovered another decade and a half old Linux vulnerability affecting ISC BIND servers configured to use GSS-TSIG features. The discovery of old but active bugs underscores the need for open-source maintainers to monitor external modules to ensure they observe the best security practices, according to the ZDI. . Legacy Linux flaws enable local rights escalation and information exposure; vital for developers to remedy vulnerabilities.. Linux Privilege Escalation, Open Source Vulnerability, Kernel Bug, Information Leak Risk. . Brittany Day

Calendar%202 Mar 23, 2021 User Avatar Brittany Day Security Vulnerabilities
83

Tianfu Cup 2023: Major Browsers Hacked By Chinese Hackers

Chinese security researchers were able to successfully discover zero-day vulnerabilities in Chrome, Edge, Safari, Office 365, qemu-kvm + Ubuntu and more at a recently held hacking competition in the city of Chengdu in China. Learn more in an interesting TechWorm article: . The hacking contest held over last weekend – November 16 and 17 – saw China’s top hackers take part in the Tianfu Cup 2019 International Cyber Security Competition – the country’s top hacking competition – to test some of the world’s most popular applications. For those unaware, prior to 2018, Chinese experts had successfully dominated Pwn2Own, the world’s largest hacking contest, by winning the competition years in a row. The link for this article located at TechWorm is no longer available. . During the Tianfu Cup 2023 Hacking Contest, Chinese experts discovered critically unpatched vulnerabilities in widely-used web browsers.. Zero-Day Exploits, Hacking Contest, Browser Vulnerabilities, Chinese Hackers. . LinuxSecurity.com Team

Calendar%202 Nov 20, 2019 User Avatar LinuxSecurity.com Team Hacks/Cracks
210

Voting Machines Persist With Decade-Old Threats: Security Update

The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security. Learn more in an interesting Wired article: . In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers released findings from this year's event—including urgent vulnerabilities from a decade ago that still plague voting machines currently in use. Voting Village participants have confirmed the persistence of these flaws in previous years as well, along with a raft of new ones. But that makes their continued presence this year all the more alarming, underscoring how slow progress on replacing or repairing vulnerable machines remains. Participants vetted dozens of voting machines at Defcon this year, including a prototype model built on secure, verified hardware through a Defense Advanced Research Projects Agency program. Today's report highlights detailed vulnerability findings related to six models of voting machines, most of which are currently in use. That includes the ES&S AutoMARK, used in 28 states in 2018, and Premier/Diebold AccuVote-OS, used in 26 states that same year. The link for this article located at Wired is no longer available. . Ballot systems continue to retain issues from years past, prompting significant worries over electoral integrity and citizen confidence.. Voting Machine Security, Defcon Findings, Voting Flaws. . Brittany Day

Calendar%202 Sep 27, 2019 User Avatar Brittany Day Security Vulnerabilities
83

Examining Various Password Cracking Methods Employed by Cybercriminals

Putting up a good and long password is advised by cybersecurity, however, cybersecurity doesn’t teach us how to identify the hacker hacking into your computer. It doesn’t matter how strong you are creating passwords, there is always be an option for hackers to crack your passwords.. The hackers nowadays have been creating well-developed algorithms, which can speed up the processes to discover your password codes. So if you are one of them who thought that putting up a tough password is a secure way to stay away from hacker then this article is just for you. Today we will discuss some password cracking techniques used by hackers to hack into our account. The link for this article located at TechViral is no longer available. . The hackers nowadays have been creating well-developed algorithms, which can speed up the processes . cybersecurity, putting, password, advised, however, doesn’t. . LinuxSecurity.com Team

Calendar%202 Jan 17, 2019 User Avatar LinuxSecurity.com Team Hacks/Cracks
83

Survey: One Third Of Firms Might Pay Ransom Instead Of Enhancing Security

A third of organisations would consider paying a ransom to hackers instead of investing more in security a survey has claimed.. For some organisations it seems, splashing out on cyber security products or training is viewed as investing in something which might actually never be needed, so some are choosing to invest elsewhere.Decision makers at organisations around the world were asked if they would consider paying a ransom by a hacker rather than invest in security because it's cheaper. The link for this article located at ZDNet is no longer available. . Many companies prioritize cost savings over safeguarding, considering ransom payouts more economical than committing resources to security measures.. Cybersecurity Investments, Threat Management, Ransom Payment Strategies. . LinuxSecurity.com Team

Calendar%202 Jun 04, 2018 User Avatar LinuxSecurity.com Team Hacks/Cracks
78

FireEye Malware Protection System Flaw Dispute Raises Disclosure Concerns

A spat between two security companies shows just how sensitive reporting software vulnerabilities can be, particularly when it involves a popular product. The kerfuffle between FireEye and ERNW, a consultancy in Germany, started after an ERNW researcher found five software flaws in FireEye's Malware Protection System (MPS) earlier this year. . One of the flaws, found by researcher Felix Wilhelm, could be exploited to gain access to the host system, according to an advisory published by ERNW. As is customary in the industry, ERNW contacted FireEye in early April with details of the problems. . Concerns emerge regarding the disclosure of weaknesses in the Malware Defense System between CrowdStrike and CERT over issues in threat assessment.. Malware Protection System, FireEye, Ethical Disclosure, Software Flaws, Cybersecurity. . LinuxSecurity.com Team

Calendar%202 Sep 14, 2015 User Avatar LinuxSecurity.com Team Vendors/Products
67

Gemalto: 2010-2011 Attack Confirmation and Possible NSA Role

Gemalto, the Dutch maker of billions of mobile phone SIM cards, confirmed this morning that it was the target of attacks in 2010 and 2011. Gemalto came to this conclusion after just a weeklong investigation following a news report that the NSA and GCHQ had hacked into the firm The link for this article located at Wired is no longer available. . Gemalto confirms 2010-2011 attacks were real; NSA's involvement suggested but remains unverified after investigation.. Gemalto Hacking, Mobile Security Breach, Data Security Threat. . LinuxSecurity.com Team

Calendar%202 Feb 27, 2015 User Avatar LinuxSecurity.com Team Cryptography
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200