Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 16 articles for you...
210
security advisoryuser protectionlinux securityChrome 131: Emergency Update for High-Risk Vulnerabilities in Linux
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security vulnerabilities. Chrome version 131 is now available in stable channels for Windows, Mac, Linux, and Android, and users should update promptly so their systems remain secure. . In this article, we explore these recent Chrome vulnerabilities, their impact, and how users can protect themselves. In addition, we offer mitigation advice to Linux admins looking to protect themselves from future Chrome bugs. Understanding These Vulnerabilities & Their Impact Chrome 131 includes several security fixes aimed at improving users' system security. Below is an overview of the vulnerabilities recently found and fixed in Chrome: CVE-2024-11110 : Inappropriate Implementation in Blink Severity: High Reported by: Vsevolod Kokorin (Slonser) of Solidlab Reported on: 2024-10-14 Description: This issue concerns an inappropriate implementation in Blink, Chrome's browser engine. The vulnerability could allow attackers to exploit the system, potentially leading to unauthorized access or manipulation of the user's data. CVE-2024-11111 : Inappropriate Implementation in Autofill Severity: Medium Reported by: Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India) Reported on: 2024-08-18 Description: This vulnerability involves Autofill functionalities, which could result in sensitive information being incorrectly supplied or leaked. CVE-2024-11112 : Use-After-Free in Media Severity: Medium Reported by: Nan Wang and Zhenghang Xiao of 360 Vulnerability Research Institute Reported on: 2024-07-23 Description: This use-after-free vulnerability affects Chrome's media handling, which could allow attackers to execute arbitrary code or cause a denial of service. CVE-2024-11113 : Use-After-Free in Accessibility Severity: Medium Reported by: Weipeng Jiang of VRI Reported on: 2024-08-16 Description: This issue involves the Accessibilitycomponent. Similar to the media vulnerability, it could enable arbitrary code execution or crash the application. CVE-2024-11114 : Inappropriate Implementation in Views Severity: Medium Reported by: Micky Reported on: 2024-10-02 Description: This vulnerability pertains to the Views feature, leading to potential unauthorized interactions or data manipulation. CVE-2024-11115 : Insufficient Policy Enforcement in Navigation Severity: Medium Reported by: mastersplinter Reported on: 2024-10-07 Description: Issues in navigation policy enforcement could result in unauthorized navigation actions that bypass intended security controls. CVE-2024-11116 : Inappropriate Implementation in Paint Severity: Medium Reported by: Thomas Orlita Reported on: 2023-11-14 Description: Vulnerabilities in the Paint feature can lead to improper rendering or manipulation of user content. CVE-2024-11117 : Inappropriate Implementation in FileSystem Severity: Low Reported by: Ameen Basha M K Reported on: 2023-01-06 Description: This issue affects the FileSystem API and could expose file-handling operations to unauthorized actions. CVE-2024-11395 : Type Confusion Issue in V8 Severity: High Reported by: Anonymous Reported on: 2024-11-05 Description: A Type Confusion issue in V8, Chrome’s JavaScript engine, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2024-12053: Type Confusion Issue in V8 Severity: High Reported by: Anonymous Reported on: 2024-12-03 Description: A Type Confusion Bug in V8 in Google Chrome before 131.0.6778.108 allowed a remote attacker to exploit object corruption via a crafted HTML page. Additional issues were identified and resolved through Google’s internal security work, leveraging tools like AddressSanitizer, MemorySanitizer, and other fuzzing initiatives . These preventive measures are essential in identifying and addressing vulnerabilities before exploitation. At-Risk Chrome Versions Google Chrome versions before 131.0.6778.108/.109 for Linux are vulnerable, so users on these platforms must update their browsers immediately to reduce potential threats. Consistently updating Chrome ensures you benefit from the latest security patches and feature enhancements. How Can I Update Google Chrome on Linux? Updating Google Chrome is crucial because it ensures you have the latest security patches, protecting you from potential threats like malware and phishing attacks while also providing access to new features and performance improvements, making your browsing experience safer and more efficient; essentially, keeping your Chrome browser up-to-date is vital for optimal security and functionality. Updating Google Chrome on your Linux system using a package manager is straightforward and necessary for us security-conscious admins! The LinuxSecurity team has put together a comprehensive guide on keeping your distro updated that explains the steps you can follow to update Chrome to the latest version for your distro. You can also verify that you're using the latest version of Chrome by following a few simple steps. After performing the update using a package manager, open Google Chrome and click on the three-dot menu in the upper-right corner. Then, navigate to Help > About Google Chrome . This will display the current version of Chrome installed on your system. Compare this with the latest version. If the versions match, your update was successful. Additionally, you can use commands like google-chrome --version on the command line to check the installed version directly. Ensure the version number reflected here matches the latest release. It is essential to stay informed and proactive about maintaining your system's security and functionality, and LinuxSecurity's Feature articles and newsletters are an excellent way to do so. Practical Mitigation Advice for Linux Administrators Linux admins can implement additional safeguards tofortify their systems against browser-related vulnerabilities. While staying current with Chrome updates is the primary solution, the measures below will further protect your systems: Regular Updates Implement a policy of regular system updates, including browser updates and updates to your Linux distro(s). Also, admins should Use package managers like APT (Debian-based systems) or YUM (RedHat-based systems) to keep software up-to-date automatically. Restrictive Permissions Limit the permissions of browser processes using AppArmor or SELinux policies to limit what Chrome can access on the system and minimize potential impact from compromised browsers. Sandboxing for Isolation Use tools like Firejail to run Chrome in an isolated sandbox environment, which adds another layer of protection and limits an attacker's reach even if Chrome becomes compromised. Restrict Network Activity Apply network-level protections to filter and monitor traffic, restricting connections to known safe locations while looking for suspicious activity. Security Hardening Apply general hardening policies across all systems. Disable unnecessary services, limit user permissions and enforce strong password policies. Regular Security Audits and Penetration Testing Conduct regular security audits and penetration testing to detect vulnerabilities in system configuration and software before hackers can exploit them. Our Final Thoughts on Securing Against These Recent Chrome Bugs Linux administrators can significantly mitigate browser vulnerability risks and maintain robust system security by taking proactive steps and implementing these mitigation measures. By understanding the nature of these vulnerabilities, swiftly updating Chrome, and applying recommended mitigation strategies, users and administrators can better protect their systems from potential threats and enjoy a safer browsing experience. . Investigate the newest Chrome security flaws, their consequences, and the best methods tosafeguard your systems efficiently.. Chrome Update, System Security, Browser Vulnerabilities, User Protection. . Brittany Day
Dec 04, 2024
•
Security Vulnerabilities
81
software releasesecurity featureFirefoxFirefox 76: Enhanced Password Protection And Zoom Compatibility
Do you use Firefox as your web browser? Have you heard that the latest version of Firefox will now alert you of security breaches and protect your saved passwords? . The stable version of Firefox 76 for desktop is now available for download, and its new features include upgrades meant to keep your passwords safer than before. To start with, the browser’s Lockwise password manager now displays critical alerts in a red box if any of the websites you saved has been breached. In addition, it will now prompt you to change your password if one of your accounts is involved in a breach and you’ve reused that same password for other websites. . The official release of Firefox 76 for desktop has arrived, bringing enhancements in password protection and upgraded Zoom functionality.. Firefox Update, Password Security, Browser Features, Privacy Features. . LinuxSecurity.com Team
May 05, 2020
•
Privacy
212
open source softwarecloud computinguser protectionGalahad: Open Source Tool For AWS User Protection By UTSA
Have you heard that the University of Texas at San Antonio has launched an open source user computer environment for Amazon Cloud called Galahad? . Galahad, which is named after the legendary Arthurian knight who secured the Holy Grail, is intended to protect users of desktop applications running on Amazon Web Services. UTSA is also working to expand its capabilities to support OpenStack software. The software was originally created by Star Lab Corp. for the Intelligence Advanced Research Projects Activity, or IARPA, which is a division of the Office of National Intelligence. With the use of role-based isolation and real-time sensors, Galahad integrates machine learning to develop unique user profiles that spot malicious activity or other anomalies like malware. . Galahad, a community-driven security tool developed by UTSA, protects clients on Azure using behavior monitoring.. Open Source Security, AWS Protection, Galahad Software, Machine Learning Security. . Brittany Day
Jul 26, 2019
•
Cloud Security
81
software releaseuser protectionprivacy featureAndroid Q: Major Privacy Advancements For User Data Security
Google's upcoming Android version, currently referred to only as Android Q, will arrive later this summer with a trove of privacy enhancements. . Details about these new additions have been revealed earlier this week after Google published blog posts and new Android support pages for Android Q following the release of a first beta version earlier this week. The link for this article located at ZDNet is no longer available. . Apple's iOS 14 will implement key security upgrades for users, providing enhanced data safety.. Android Q Privacy Features, Google Updates, Software Privacy Enhancements. . LinuxSecurity.com Team
Mar 16, 2019
•
Privacy
83
security advisoryunauthorized accessincident responseReddit Security Incident: Accounts Locked Due To Unauthorized Access
A large number of Reddit users have been locked out of their accounts as a precaution while the site’s admins investigate potential unauthorized access.. Staffer “Sporkicide” would not disclose exactly how many users were affected by the move, but claimed in a post yesterday that “a large group of accounts were locked down due to a security concern.” The link for this article located at InfoSecurity is no longer available. . Twitter has suspended numerous accounts following concerns of possible illicit entry during a security audit.. Reddit Account Lockout, Unauthorized Access Response, User Security Measures. . LinuxSecurity.com Team
Jan 10, 2019
•
Hacks/Cracks
79
security enhancementmobile securityuser protectionAndroid KitKat: 4.4 Security Features Overview and Enhancements
The latest version of Google's Android operating system (version 4.4) -- known as "KitKat" and released last week -- includes a slew of changes: a streamlined footprint so it can run on devices with scant RAM, better animations and graphics acceleration, plus snappier device-wide search and a new phone dialer app. But what's new on the information security front?. According to Google's developer overview, KitKat packs in "dozens of security enhancements to protect users" -- meaning bug fixes -- plus an experimental boot verification feature and better sandbox. Those features, plus the patches, have already been shared with handset manufacturers, carriers and the Android Open Source Project (AOSP). The link for this article located at Information Week is no longer available. . Numerous advancements in Android Lollipop focus on safeguarding users from potential risks efficiently.. Android KitKat Security, Mobile Security Enhancements, User Protection Features. . LinuxSecurity.com Team
Nov 07, 2013
•
Security Projects
81
data privacydigital rightsgovernment surveillanceNSA Data Collecting Sparks Debate on Internet Oversight
The National Security Agency's massive data gathering from the world's largest Internet companies could bolster arguments that the United States should have less control over the Internet, an expert says.. The NSA has obtained direct access to the systems of Google, Facebook, Apple and at least six other U.S. Internet companies, collecting search history, the content of emails, file transfers, live chats and more, The Guardian and Washington Post reported Thursday, based on a top secret document. The data gathered is to try to spot terrorist activity in communications between people in and outside the U.S. The link for this article located at CSO Online is no longer available. . The extent of the NSA's involvement in major technology firms raises alarms regarding online governance and individual privacy rights. How can individuals safeguard themselves?. Data Protection, Surveillance Issues, Internet Privacy, User Rights. . LinuxSecurity.com Team
Jun 10, 2013
•
Privacy
83
cybersecurityuser protectionaccount securityUnderstanding User Responsibilities in Account Security
You never really know what your most controversial pieces are going to be before you write them. I figured an exploration of what it feels like to have your account hacked in a game would be a relatable topic for many who have suffered something similar. . I thought asking about the security practices of the company in question would be fair game when discussing the launch of a hugely popular, best selling title. According to most, I was wrong. I can The link for this article located at Forbes is no longer available. . Investigating the ramifications of breaches in gaming accounts and analyzing corporate security measures regarding user information.. account safety, online gaming, security practices. . LinuxSecurity.com Team
May 31, 2012
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More