Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
83
malwarebackdoorlinux securityF-Secure Multi-Platform Exploit Targets Linux, Windows, Mac OS X
A Java applet determines whether the victim's machine is running Windows, Mac or Linux, then downloads the appropriate malware for the platform. Researchers at F-Secure have uncovered a new Web-based attack that installs backdoors on Windows, Linux and Mac OS X computers.. "The attack was detected on a compromised website in Colombia, F-Secure senior analyst Karmina Aquino, said in a blog post on Monday," writes Computerworld's Lucian Constantin. "When users visit the site, they are prompted to run a Java applet that hasn't been signed by a trusted certificate authority. If allowed to run, the applet checks which operating system is running on the user's computer -- Windows, Mac OS X or Linux -- and drops a malicious binary file for the corresponding platform. The files are detected by F-Secure as 'Backdoor:OSX/GetShell.A,' 'Backdoor:Linux/GetShell.A' and 'Backdoor:W32/GetShell.A.'" The link for this article located at eSecurity Planet is no longer available. . Kaspersky uncovers a cross-platform vulnerability inserting malware aimed at Windows, Linux, and macOS systems.. Web Exploit Detection, Multi-Platform Malware, Malware Backdoor. . LinuxSecurity.com Team
Jul 11, 2012
•
Hacks/Cracks
83
security advisoryMySQLmalwareMySQL Security Breach: Malware Spread Through Hacked Open Source Site
The website for the open-source MySQL database was hacked and used to serve malware to visitors Monday. Security vendor Armorize noticed the problem at around 5 a.m. Pacific Time Monday. Hackers had installed JavaScript code that threw a variety of known browser attacks at visitors to the site, so those with out-of-date browsers or unpatched versions of Adobe Flash, Reader or Java on their Windows PCs could have been quietly infected with malicious software.. By just after 11 a.m., the issue had been cleaned up, said Wayne Huang, Armorize's CEO. He thinks the malicious code was on the site for less than a day. The link for this article located at PC World is no longer available. . PHP framework compromised to spread virulent code, targeting users with unpatched applications. Rapid intervention by cybersecurity experts.. MySQL Security, Malware Attack, Web Exploit, Open Source Database. . LinuxSecurity.com Team
Sep 27, 2011
•
Hacks/Cracks
79
security advisoryprivacy threatweb exploitInternet Explorer Zero-Day Flaw: Cookiejacking Risk For Password Sites
A security researcher in Italy has discovered a flaw in Internet Explorer that he says could enable hackers to steal cookies from a PC and then log onto password-protected Web sites.. Referring to the exploit as "cookiejacking," Rosario Valotta claims that a zero-day vulnerability found in every version of Microsoft's IE under any version of Windows allows an attacker to hijack any cookie for any Web site. Demonstrating his findings at security conferences this month in Switzerland and Amsterdam, Valotta acknowledges that to exploit the hole, the hacker must employ a bit of social engineering because the victim must drag and drop an object across the PC for the cookie to be stolen. The link for this article located at CNET is no longer available. . An undiscovered flaw in Internet Explorer permits malicious actors to exploit session tokens, compromising secure websites.. Cookiejacking Risk, Internet Explorer Flaw, Web Security. . LinuxSecurity.com Team
May 26, 2011
•
Security Projects
83
security issuemalicious redirectxss attackXSS Attacks Target YouTube: Users Face Pop-Ups And Redirects
Hackers apparently used cross-site scripting attacks to prank YouTube users over the weekend, injecting pop-ups and redirecting viewers to pornographic websites. Google says it's identified and fixed the vulnerability. "Preventing XSS attacks requires a lot of code review and, generally, outside consultants to help," explained ESET's Randy Abrams.. Hackers hit YouTube over the weekend, injecting pop-ups, disabling comments and redirecting viewers to porn sites when they tried to access videos. Google clamped down on the problem swiftly and is attempting to figure out who was behind the attack. The link for this article located at Tech News World is no longer available. . Cybercriminals exploited vulnerabilities on YouTube through XSS attacks, unleashing pop-up disturbances and rerouting users to unsuitable webpages.. YouTube Security, XSS Attacks, Web Exploits, Online Safety, Hacker Activity. . LinuxSecurity.com Team
Jul 07, 2010
•
Hacks/Cracks
83
user riskclickjackingweb exploitUser Endorsement Risk From Clickjacking Attack on Facebook
A vulnerability on Facebook forced hundreds of thousands of users to endorse a series of webpages over the holiday weekend, making the social networking site the latest venue for an attack known as clickjacking.. The exploit works by presenting people with friend profiles that recommend The link for this article located at The Register UK is no longer available. . A phishing scam targeted Instagram users, resulting in unauthorized promotions over the festive season.. Clickjacking Threat, Facebook Exploit, User Endorsement Risk. . LinuxSecurity.com Team
Jun 01, 2010
•
Hacks/Cracks
81
data privacyweb exploitbrowser vulnerabilityRefined JavaScript Techniques for History Theft Exploits
Two developers have refined techniques for rummaging through browser histories to the extent that web sites can now find out what articles a user has recently read on news sites, their exact postcode and which search terms that have entered into search engines. The developers, Artur Janc and Lukasz Olejnik, have now refined their JavaScript code to carry out history stealing six times faster than previous methods.. History stealing makes use of the way browsers record whether users have previously clicked on a link (a simple online test is available). Previously clicked links are displayed in a different colour to links to pages which have not yet been visited. The different colours are produced by a change in the style sheet (CSS) for the HTML file, which the browser stores as an attribute in its history. JavaScript can be used to test a list of potential web sites and the style sheet's colour scheme and work out which web sites have been visited. The longer the list, the greater the chance of scoring a hit. The refined JavaScript code allows a web site to test 30,000 links per second. There are also methods for accessing browser history which do not make use of JavaScript. These involve taking advantage of the ability to use style sheets to load different background images depending on whether or not a web site has previously been visited. An attacker can query a user's history without using JavaScript by using crafted HTML pages and observing which images the web pages load. Janc and Olejnik have also included this method, which they claim works even where JavaScript is disabled and plug-ins like NoScript are installed, in their test. The link for this article located at H Security is no longer available. . Uncover sophisticated methods of data acquisition that leverage web browsing records and individual privacy weaknesses.. Browser History, Data Privacy, Web Vulnerabilities. . LinuxSecurity.com Team
May 24, 2010
•
Privacy
74
internet attackdesign flawsecurity riskUnderstanding Clickjacking Threats and Vulnerabilities in Web Development
Read on for info on this new security vulnerability, and learn exactly how it works. Lots of people seem to have an opinion on this article at CNET. Do you see this vulnerability as being a big problem for you? "Most exploits (like worms and attacks that take advantage of holes in software) can be patched, but clickjacking is a design flaw in the way the Web is supposed to work," Grossman said. "The bad guy is superimposing an invisible button over something the user wants to click on...It can be any button on any Web page on any Web site." The technique was used in a series of prank attacks launched on Twitter in February. In that case, users clicked on links next to tweets that said "Don't Click" and then clicked on a button that said "Don't Click" on a separate Web page. That second click distributed the original tweet to all of the Twitter user's followers, thus propagating itself rather quickly. . At the time, Grossman called it a "harmless experiment," but the potential for harm by an attacker who isn't just having fun is huge. In a demo at CNET offices on Thursday, Grossman showed how someone could launch a clickjacking attack using Flash to spy on someone by getting them to turn on their computer Web cam without knowing it. (Grossman also appeared on CNET Live to talk about clickjacking.) The link for this article located at CNET is no longer available. . Recognize the dangers of clickjacking, including how it functions and its implications for online users that undermine standard security protocols.. Clickjacking Risks, Web Exploit Techniques, Design Flaws, Internet Attack Vectors. . Anthony Pell
May 25, 2009
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More