Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Ahead With Linux Security News

14.Lock Code WorldMap Esm H350
Network SecurityPrice Tag 1system security Linux network

The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
1 min read Network Security
2.Motherboard Esm H350
Server SecurityPrice Tag 1open-source Linux administration

Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
3 - 6 min read Server Security
20.Lock AbstractDigital Circular Esm H350
Vendors/ProductsPrice Tag 1security breach linux

A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
5 - 10 min read Vendors/Products
30.Lock Globe Motherboard Esm H350
Security Trends Price Tag 1access control multi-tenant

Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
4 - 8 min read Security Trends
5.ShakingHands Esm H350
Vendors/ProductsPrice Tag 1incident response cloud security

Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
4 - 7 min read Vendors/Products
Filter Icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -2 articles for you...
67
General Esm H240
Price Tag 1open source softwareupgrade recommendationopenssl

OpenSSL 1.0.0 Major Release: Enhanced Security And New Features

With more than twelve years of development, the first v1.0.0 release of OpenSSL is now available. The OpenSSL project team is pleased to announce the release of version 1.0.0 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates many new features as well as major fixes compared to 0.9.8n. . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 OpenSSL version 1.0.0 released ============================= OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org:443/ The OpenSSL project team is pleased to announce the release of version 1.0.0 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates many new features as well as major fixes compared to 0.9.8n. For a complete list of changes, please see . The most significant changes are: o RFC3280 path validation: sufficient to process PKITS tests. o Integrated support for PVK files and keyblobs. o Change default private key format to PKCS#8. o CMS support: able to process all examples in RFC4134 o Streaming ASN1 encode support for PKCS#7 and CMS. o Multiple signer and signer add support for PKCS#7 and CMS. o ASN1 printing support. o Whirlpool hash algorithm added. o RFC3161 time stamp support. o New generalised public key API supporting ENGINE based algorithms. o New generalised public key API utilities. o New ENGINE supporting GOST algorithms. o SSL/TLS GOST ciphersuite support. o PKCS#7 and CMS GOST support. o RFC4279 PSK ciphersuite support. o Supported points format extension for ECC ciphersuites. o ecdsa-with-SHA224/256/384/512 signature types. o dsa-with-SHA224 and dsa-with-SHA256 signature types. o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. We consider OpenSSL 1.0.0 to be the best version of OpenSSLavailable and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under * * The distribution file name is: o openssl-1.0.0.tar.gz Size: 4010166 MD5 checksum: 89eaa86e25b2845f920ec00ae4c864ed SHA1 checksum: 3f800ea9fa3da1c0f576d689be7dca3d55a4cb62 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0.tar.gz openssl sha1 openssl-1.0.0.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz Jänicke Bodo Möller -----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBS7C22aLSm3vylcdZAQI6TggAxWKuZFWcdtoBIfJpvHbdVlVJUe2O4tO7 +wHqMRANGZLx+io2KXxe1s3/qaKTOtlhP44jTDSRFxn418RLlZ4VS/I/mlKbEd7s tFgT34z8u8Et6oj5OwN8XbzwvkEGv+Ytf15Oub9DLa6doQ0xehaIKn+BHuDUeZup IVQkkAplKOMV77rfCZQWcApWVOPs6d0tP7F4uWHUNElzVFF6U2G38qKymJEIotUk a9kH7uS1EXFz0j4Fm7oVbE8tvrDQJa71Odtvt3N++Qppd+e5OgnU9klh7fnZ78Ae APfz3vPBLhItyGnpeBNwppFcKiPtG9M6Bthw+AsGVnsDiieHdHmGTg==Wfex -----END PGP SIGNATURE-----______________________________________________________________________ OpenSSL Project https://www.openssl.org:443/ Announcement Mailing List This email address is being protected from spambots. You need JavaScript enabled to view it. Automated List Manager This email address is being protected from spambots. You need JavaScript enabled to view it. . OpenSSL 1.0.0 introduces significant enhancements and critical patching. It is advisable to upgrade for improved protection and capabilities.. OpenSSL Toolkit, SSL/TLS Implementation, Open Source Security, Encryption Solutions. . LinuxSecurity.com Team

Calendar 2 Mar 29, 2010 User Avatar LinuxSecurity.com Team Cryptography
82
General Esm H240
Price Tag 1security advisoryvulnerabilityVoIP

Asterisk: Upgrade Recommended After FBI Attack Warning for VoIP Users

The FBI is advising users of the open source VoIP package Asterisk to upgrade to the latest version, but has so far provided very little evidence on what vulnerability it has detected. The FBI's warning as published at the Internet Crime Complaint Center (IC3) is vague at best. The warning states: "The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability." Do you use Asterisk for your VoIP? If so you might want to upgrade to the latest version because the FBI stated that they have found an vulnerability in the earlier versions of the software.. The link for this article located at Arstechnica is no longer available. . The link for this article located at Arstechnica is no longer available.. advising, users, source, package, asterisk, upgrade, latest, version. . Bill Locke

Calendar 2 Dec 10, 2008 User Avatar Bill Locke Government
Banner 2 1028x280 1708121730 1 1771599631
77
General Esm H240
Price Tag 1security advisoryupgrade recommendationBIND

Important ISC BIND Advisory: Immediate Upgrade to Version 9.2.1 Required

ISC is aware of several bugs which can result in serious vulnerabilities in BIND as distributed by ISC. Upgrading to BIND version 9.2.1 is strongly recommended. However, patches for BIND 8.3.3, 8.2.6 and 4.9.10 are now publicly available from ISC and new BIND 4 & 8 releases will be published in the next day or two . . . .. ISC is aware of several bugs which can result in serious vulnerabilities in BIND as distributed by ISC. Upgrading to BIND version 9.2.1 is strongly recommended. However, patches for BIND 8.3.3, 8.2.6 and 4.9.10 are now publicly available from ISC and new BIND 4 & 8 releases will be published in the next day or two . To: This email address is being protected from spambots. You need JavaScript enabled to view it. From: Peter Losher Subject: [UPDATE] Notice of serious vulnerabilities in ISC BIND 4 & 8 Date: Wed, 13 Nov 2002 17:10:53 -0800 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [NOTE: Apologies if your recieved this more than once ] ISC is aware of several bugs which can result in serious vulnerabilities in BIND as distributed by ISC. More information about these vulnerabilities can be found here: Upgrading to BIND version 9.2.1 is strongly recommended. However, patches for BIND 8.3.3, 8.2.6 and 4.9.10 are now publicly available from ISC and new BIND 4 & 8 releases will be published in the next day or two . You can find the patches here: - -- This email address is being protected from spambots. You need JavaScript enabled to view it. - Internet Software Consortium - OpenPGP E8048D08 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE90vgePtVx9OgEjQgRAtTsAKCfKHBcHhZrMThaAoY3TFQwmM2eNQCcC9hG UG4kQ+jiGe+t1etd7r4383E= =NQbZ -----END PGP SIGNATURE----- . LINK platforms affected by critical problems; enhancements to v8.3.0 and fixes offered for previous iterations.. BIND Upgrade, Patch Issuance, ISC Advisory. . LinuxSecurity.com Team

Calendar 2 Nov 13, 2002 User Avatar LinuxSecurity.com Team Server Security
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here