Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 22 articles for you...
81
web browserinternet securityidentity protectionWhat Is Tor Browser & How Does It Impact Linux Security Teams?
Tor Browser is a privacy-focused web browser that routes traffic through the Tor network to obscure a user’s identity and destination—and that design has direct implications for Linux security teams. It’s built to limit tracking, resist surveillance, and reduce visibility into browsing activity. On a Linux endpoint, that means user activity can intentionally bypass many of the controls and assumptions your security stack relies on. . If you’ve ever noticed Tor Browser on a Linux system and thought, “Should I be worried?”, you’re not overreacting—but you’re also not looking at an automatic incident. Tor Browser is a legitimate tool used by researchers, journalists, and developers. At the same time, it can become a blind spot in Linux security, especially when it appears outside of an approved use case or without clear ownership. For Linux security admins, the real issue isn’t whether Tor Browser should exist—it’s understanding what Tor Browser is, how it behaves on Linux systems, and how its traffic model changes what you can and can’t see. Once you understand that impact, you’re in a better position to decide whether Tor Browser is acceptable noise, a policy exception, or a signal worth investigating. What Is Tor Browser? Tor Browser is a modified version of Firefox ESR that routes all browser traffic through the Tor network by default. The browser is hardened with privacy-focused settings, bundled with Tor client components, and designed to reduce fingerprinting at the application layer. It is not a VPN , not malware, and not synonymous with “the dark web.” Tor Browser does not magically grant access to illegal content, nor does its presence alone indicate malicious activity. It is a user-space application running on top of standard Linux libraries. From a security operations perspective, Tor Browser introduces classification and visibility problems. Network destinations are obscured, traffic blends with other Tor users, and traditional perimeter controlslose context. That makes it relevant even when policy forbids its use. How Does Tor Browser Work on Linux Systems? Before you can decide whether Tor Browser is a risk, you need a clear picture of what actually changes on a Linux system when it runs. Let’s focus on observable behavior at the network, process, and file levels. Network Behavior on Linux Tor uses onion routing to move traffic through multiple volunteer-operated nodes. Each layer knows only the hop before and after it, not the full path. A typical connection involves: An entry node that sees the client IP but not the destination One or more relay nodes that pass encrypted traffic along An exit node that sees the destination but not the originating client From a Linux host’s perspective, outbound connections go to Tor entry nodes. From a network monitoring perspective, you see encrypted traffic to known Tor infrastructure, but you cannot see the final destination or content without endpoint visibility. Process and File-Level Behavior Tor Browser runs entirely in user space and does not require root privileges. This matters because it lowers the barrier to installation and use. On Linux systems, it is commonly found: Extracted into a user’s home directory Run as a portable application without system-wide installation Launched from user-writable paths that bypass package managers Processes typically appear as Firefox-derived binaries with associated Tor processes, all running under the user’s UID. Why This Matters for Linux Security Monitoring At the network perimeter, visibility is limited by design. You can often identify Tor usage, but not intent. That shifts the burden inward. Endpoint telemetry, process context, file access patterns, and user behavior become more important than packet inspection alone. Linux security monitoring that assumes the network is the primary control plane tends to miss this shift. Why Tor Browser Exists and Why That Impacts You Tor Browserexists to reduce exposure in environments where observation carries real consequences. Journalists rely on it to protect sources, researchers use it to study censorship and surveillance, and developers test how applications behave when networks are constrained or hostile. Linux is often the platform of choice in these cases because it allows tighter control over execution, networking, and local state, not because the work itself is inherently suspicious. At the same time, those same properties can conceal activity you would normally expect to see. Tor has been documented as a channel for data exfiltration, policy evasion, and command-and-control traffic when direct outbound access is restricted. For a Linux security admin, the distinction between legitimate and risky use is rarely visible at the point of detection. Decisions have to be grounded in context: where the browser appears, what role the system plays, and what other behavior surrounds its use. Tor Browser and Linux Security Risk Models Tor Browser fits cleanly into some Linux environments, provided its use is intentional and bounded. Approved research or investigative roles may require it as part of their work, particularly when systems are segmented, and data access is deliberately limited. In controlled lab or testing environments, Tor Browser is often just another tool, with risk reduced through isolation rather than inspection. In these cases, its presence is contextual and typically mitigated by design choices made upstream. The posture changes when Tor Browser appears without explanation. Unexpected installs on user workstations, any presence on production servers, or usage that coincides with credential access, data staging, or unusual process trees should trigger closer scrutiny. Tor itself is rarely the deciding factor. It matters because it removes visibility at the same moment other behaviors suggest increased risk. From a threat modeling perspective, Tor Browser most often intersects with scenarios you are already planningfor. That includes insider threats where monitoring is intentionally bypassed, data leakage paths that evade standard egress controls, and compliance violations in regulated environments with logging requirements. Linux security frameworks that account for these realities tend to treat Tor as a conditional risk. Not harmless, not inherently malicious, but meaningful only when placed inside a broader behavioral model. Can You Detect or Control Tor Browser on Linux? Detecting or controlling Tor Browser on Linux is less about total visibility and more about knowing where observation still works. On the endpoint, you can see process execution, parent-child relationships, file system artifacts, and where the browser is installed or launched from. Local configuration changes and persistence attempts are also observable. This is the layer where host-based monitoring and EDR tools provide real value, especially in environments where user-space applications are otherwise lightly governed. What you cannot see is just as important to acknowledge. Tor is designed to obscure final destinations, session content, and in-browser activity, and it generally succeeds at that goal. Network traffic will indicate Tor usage, but not intent or outcome. Assuming deeper insight than this creates blind spots of a different kind, where confidence replaces accuracy. Practical Linux security controls tend to work best when they accept these limits and focus on behavior rather than perfect inspection. Effective programs usually combine: Application allow or deny policies where they make sense operationally Endpoint detection and response tuned for user-space tools Clear user education and unambiguous policy language around acceptable use Controls are most effective when users understand why they exist and how they are enforced, not when they are treated as invisible guardrails. Policy Decisions: Block, Allow, or Monitor? Policy decisions around Tor Browser work best when they are driven by intent andenvironment, not instinct. Blocking can reduce casual or accidental use, but it rarely holds up as a long-term control. Users who are determined will find alternatives, and adversaries already operate under the assumption that simple blocks are in place. In many cases, blocking removes a visible artifact without reducing underlying risk. Allowing Tor Browser with guardrails often aligns more closely with operational reality. Role-based access, system segmentation, and clear expectations around logging and acceptable use acknowledge that some loss of visibility is intentional. This approach trades complete observation for policy clarity, which can be the more defensible choice in environments where Tor has a legitimate purpose. Monitoring without overreach tends to produce the most durable outcomes. By focusing on behavior rather than specific tools, Linux security teams can prioritize signals that actually indicate risk. Anomalous access patterns, data movement, and process activity usually matter far more than the mere presence of Tor Browser. Our Final Thoughts: Key Takeaways and Considerations for Linux Security Admins Tor Browser is a tool, not a verdict. On Linux, it is easy to install, easy to run, and deliberately hard to observe at the network level. That does not make it inherently dangerous, but it does make assumptions risky. Your Linux security posture improves when you understand what Tor Browser is, plan for its presence, and evaluate it in context instead of reacting to it. Over time, you start to see the difference between noise and signal. That is usually where the real security work lives. . The Tails OS safeguards your system, providing excellent security and user privacy when accessing the internet.. Tor Browser, anonymity tools, online privacy, security features, ISP tracking. . LinuxSecurity.com Team
Jan 18, 2026
•
Privacy
67
security updatesoftware releaseweb browserFirefox 114.0 Security Update Enhances DNS Usability For Users
Firefox 114.0 and Firefox 102.12.0 ESR are the June 2023 releases of Mozilla's Firefox web browser. Official release date is June 6, 2023. . The new version of Firefox is a security update, but it also introduces new nice-to-have features that improve search and the usability of the browser. Firefox 114.0 and the ESR release are available for all supported platforms. The updates will be released later on June 6th, if you are reading this on the day. All development channel versions of Firefox are updated at around the same time. Firefox Beta and Dev are moved to version 115, and Firefox Nightly is moved to version 116. Firefox for Android follows the stable version, it is updated to version 114 as well. . The latest release of Chrome focuses on enhancing user privacy, while also bringing along exciting enhancements to elevate the browsing experience.. Firefox Updates, Web Browser Improvement, Mozilla Security Features. . LinuxSecurity.com Team
Jun 13, 2023
•
Cryptography
81
data protectionopen sourceweb browserIntroducing Mullvad Browser: Enhance Your Privacy Online with Tor Project
The Tor Project and Mullvad VPN , two organizations that are all about user privacy, released a new privacy-focused web browser, called Mullvad Browser , on Monday. The browser is free to download and works on Windows, MacOS and Linux. There's also a Firefox extension in beta you can download. . "The mass surveillance of today is absurd," Jan Jonsson, Mullvad VPN's CEO, said in a news release. "The Mullvad Browser is all about providing more privacy alternatives to reach as many people as possible and make life harder for those who collect data from you." The Mullvad Browser was developed by the Tor Project's engineers, and it minimizes data tracking. It does that by making all users appear as one, similar to how the Tor Browser works. That means the more people who use the browser, the more protection users have. "Developing this browser with Mullvad is about providing people with more privacy options for everyday browsing and to challenge the current business model of exploiting people's behavioral data," said Isabela Fernandes, the Tor Project's executive director. . Mullvad collaborates with the Tor Project to introduce the Mullvad Browser, boosting user privacy and securing freedom from digital surveillance.. Mullvad Browser, Privacy Protection, Tor Project, Data Tracking, Secure Browsing. . LinuxSecurity.com Team
Apr 12, 2023
•
Privacy
81
security updatesecurity enhancementweb browserLibreWolf 105.0.1-1: Enhancements in Privacy and Security Features
LibreWolf is an independent “fork” of Firefox, with the primary goals of privacy security and user freedom. It is the community run successor to LibreFox. . LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM. . Brave Browser boosts security by thwarting ads and trackers, safeguarding user anonymity and enhancing overall safety features.. LibreWolf Web Browser, Privacy Protection, Firefox Fork, Security Enhancements. . LinuxSecurity.com Team
Sep 30, 2022
•
Privacy
67
web securitydata privacybrowser securityGoogle Chrome for Linux Adds DNS-Over-HTTPS Support: Key Details
Google Chrome for Linux is getting DNS-over-HTTPS, but there's a catch! Learn the details in this article. . Google Chrome developers have announced plans to roll out DNS-over-HTTPS (DoH) support to Chrome web browser for Linux. DoH has been supported on Google Chrome for other platforms, including Windows, Mac, ChromeOS, and Android, since at least 2020. While the exact version of Chrome for Linux that would come out with DoH support is yet to be announced, the Chromium project expects either M91 or M92 to contain the feature. . Mozilla Firefox on Windows is poised to implement enhanced privacy features, bolstering user data protection while raising important questions.. DNS-over-HTTPS, Chrome Linux, web security, browser feature, data privacy. . LinuxSecurity.com Team
Mar 31, 2021
•
Cryptography
78
web browserLinux developmentopen-source softwareDiscover Linux Mint's Own Chromium Build: Innovating the Web Browser
Linux Mint developers - with some new hardware - have tackled the challenge of compiling and releasing Mint's own version of the open-source Chromium web browser. . Linux Mint is a very popular Linux desktop distribution. I use the latest version, Mint 20, on my production desktops . That's partly because, while it's based on Debian Linux and Ubuntu , it takes its own path. The best example of that is Mint's excellent homebrew desktop interface, Cinnamon . Now, Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, have built their own take on Google's open-source Chromium web browser . Some of you may be saying, "Wait, haven't they offered Chromium for years? Well, yes, and no. For years, Mint used Ubuntu's Chromium build. But then Canonical , Ubuntu's parent company, moved from releasing Chromium as an APT-compatible DEB package to a Snap. . Ubuntu has launched its edition of the Firefox browser, transforming navigation with groundbreaking enhancements.. Linux Mint, Chromium Web Browser, Open Source Development, Desktop Environment. . LinuxSecurity.com Team
Nov 04, 2020
•
Vendors/Products
78
security issueMozillaweb browserMozilla Firefox 77: FTP Support Dropped Due To Security Risks
Have you heard that Firefox is planning to drop support for the vulnerable file transfer protocol in version 77 of the web browser? . Heads up, Firefox users who rely on FTP: the browser is eliminating support for this venerable protocol. First written in 1971, the file transfer protocol predates TCP/IP, the protocol stack that underpins the modern internet. In its original form, the protocol is insecure. For example, it transmits login credentials in plain text. In 1999, the IETF published a draft RFC listing its various shortcomings. These included everything from problems in the way it responded to invalid login attempts through to an inability to segment file permissions when using anonymous FTP (which doesn’t require user credentials at all). Now, Mozilla is planning to turn off FTP by default in version 77 of Firefox, which will ship this June . Users will be able to turn it on again temporarily so that they can carry on using FTP from within the browser. Firefox Extended Support Release (ESR) will continue to have FTP turned on by default in ESR version 78 . The link for this article located at Naked Security is no longer available. . Attention, Firefox enthusiasts who depend on FTP: the browser is removing backing for this long-standing protocol.. Firefox Support, FTP Protocol, Security Updates, Mozilla Browser, Deprecated Features. . LinuxSecurity.com Team
Mar 23, 2020
•
Vendors/Products
78
security advisoryweb browserFirefoxFirefox Security Innovation: New Sandboxing For Linux And Mac Users
Along with rolling out thelatest security updateto the Firefox browser, Mozilla has now introduced a new approach to secure the Firefox web browser on Linux and Mac operating systems. . Firefox uses various external libraries to render the audio, videos, and images that can be exploited by the attackers to introduce malicious code. Hence, Firefox includes a new lightweight sandboxing architecture, RLBox, that uses a WebAssembly sandbox to tackle the vulnerabilities posed by the third-party libraries. The link for this article located at Fossbytes is no longer available. . Mozilla introduces upgraded security measures in Firefox for Windows and Ubuntu, strengthening protection against external risks.. Firefox Security, Linux Browser Protection, WebAssembly Sandbox, Third-Party Library Security. . LinuxSecurity.com Team
Feb 28, 2020
•
Vendors/Products
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More