Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 67 articles for you...
83

Enemybot Botnet Exploits Web Servers and Android Devices Effectively

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). . "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services such as VMware Workspace ONE, Adobe ColdFusion, WordPress, PHP Scriptcase and more are being targeted as well as IoT and Android devices." First disclosed by Securonix in March and later by Fortinet, Enemybot has been linked to a threat actor tracked as Keksec (aka Kek Security, Necro, and FreakOut), with early attacks targeting routers from Seowon Intech, D-Link, and iRZ. The link for this article located at The Hacker News is no longer available. . Malware network targeting web platforms, iOS gadgets, and content management systems through newly uncovered security gaps.. Enemybot Botnet, Android Exploitation, Web Server Threats, CMS Vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jun 01, 2022 User Avatar LinuxSecurity.com Team Hacks/Cracks
210

New Sysrv-K Botnet Targets Linux And Windows Web Servers With Exploits

Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. . Redmond discovered a new variant (tracked as Sysrv-K) that has been upgraded with more capabilities, including scanning for unpatched WordPress and Spring deployments. "The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers" by exploiting various vulnerabilities, the Microsoft Security Intelligence team said in a Twitter thread. . Tech experts revealed a novel strain (designated as Nebula-X) that has been enhanced with additional functionalities,. Sysrv Botnet, Exploiting Vulnerabilities, Spring Framework Exploit. . Brittany Day

Calendar%202 May 17, 2022 User Avatar Brittany Day Security Vulnerabilities
210

CloudLinux Imunify360 High Severity: Code Execution Threat Impact

CloudLinux’s security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug, leaving web servers vulnerable to code execution and tekeover. . A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security. It offers an advanced firewall, intrusion detection and prevention, antivirus and antimalware scanning, automatic kernel patch updates, and a web-host panel integration for managing it all. According to researchers at Cisco Talos, the bug (CVE-2021-21956) specifically resides in the Ai-Bolit scanning functionality of the Imunift360, which allows webmasters and site administrators to search for viruses, vulnerabilities and malware code. The link for this article located at ThreatPost is no longer available. . An urgent security flaw in the Imunify360 protection service developed by CloudLinux poses a threat that may allow full control of web servers.. CloudLinux Imunify360 Code Execution Web Server Security. . Brittany Day

Calendar%202 Nov 26, 2021 User Avatar Brittany Day Security Vulnerabilities
78

Discover The Best Secure Linux Server Distributions For Your Needs

Looking for a reliable and secure Linux server distribution? Here are 10 great choices to consider. . Linux is one of the driving factors behind today's ever-growing internet scene. In fact, over 70% of all websites are powered by Unix, with Linux taking 58% of that number. The sheer amount of features provided by Linux-based distros make them suitable for web, file, and DNS servers alongside enterprise infrastructures. To help our readers choose the best Linux server distributions, we're outlining the top 10 options available to you. . Explore the top 10 Linux server distributions, emphasizing reliability and security for IT infrastructure, helping you make an informed choice for your requirements. Secure Linux Servers, Best Server Distributions, Trusted Linux Options. . LinuxSecurity.com Team

Calendar%202 May 04, 2021 User Avatar LinuxSecurity.com Team Vendors/Products
78

C2Net: Stronghold Secure Web Server Offers 128-Bit Encryption

Computer security firm C2Net announced the release of the new open source Stronghold Secure Web server at the European Linux Expo in London, Friday. The product from this US-based company is based on the open source Apache . . . . Computer security firm C2Net announced the release of the new open source Stronghold Secure Web server at the European Linux Expo in London, Friday. The product from this US-based company is based on the open source Apache Web server and features 128-bit encryption. Open Source software enabling secure Web transactions contradicts the assumption that access to source code weakens security. The link for this article located at ZDNet is no longer available. . Tech Innovations revealed the Fortress Safe Network platform, a novel proprietary tool boasting 256-bit safety features at the Global Tech Fair.. Stronghold Secure Web Server, C2Net Launch, Linux Expo 2023, Open Source Security, Web Transactions. . LinuxSecurity.com Team

Calendar%202 Jan 02, 2020 User Avatar LinuxSecurity.com Team Vendors/Products
210

PHP RCE Flaw Affects NGINX Servers: Critical Threat Detected

A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets hasconfirmed. Learn more: . For a successful exploitation, target servers must have the PHP-FPM (FastCGI Process Manager) feature enabled, but that combination is not as uncommon as initially believed. The flaw was discovered by Wallarm researcher Andrew Danau during a Capture The Flag contest that took place in September 2019. The link for this article located at HelpNetSecurity is no longer available. . Severe PHP RCE vulnerability leveraged actively, impacting NGINX setups with PHP-FPM operational. Discover methods to fortify your system.. PHP RCE, NGINX Security, Server Exploitation, PHP-FPM Threats, Web Server Vulnerabilities. . Brittany Day

Calendar%202 Oct 28, 2019 User Avatar Brittany Day Security Vulnerabilities
81

Brave Browser Raises Privacy Issues With Client-Hints Standard

Developers of the privacy-focused Brave browser have raised concerns last week about possible user privacy issues in Client-Hints, a new internet standard currently pending approval by the Internet Engineering Task Force (IETF). . The Brave team suggests third-party web servers could abuse Client-Hints to secretly fingerprint and track users across the internet, a side-effect of the protocol's design. The link for this article located at ZDNet is no longer available. . Worries grow regarding the potential for Client-Hints to facilitate user monitoring and device fingerprinting by external servers.. Client-Hints, Brave Browser, User Tracking, Privacy Concerns, Internet Standard. . LinuxSecurity.com Team

Calendar%202 May 16, 2019 User Avatar LinuxSecurity.com Team Privacy
77

Setting Up Multiple Websites on Apache Web Server for Fedora 27

In my last post, I explained how to configure an Apache web server for a single website. It turned out to be very easy. In this post, I will show you how to serve multiple websites using a single instance of Apache. . Note: I wrote this article on a virtual machine using Fedora 27 with Apache 2.4.29. If you have another distribution or release of Fedora, the commands you will use and the locations and content of the configuration files may be different.. Uncover powerful strategies to establish numerous sites on Nginx, enhancing your server management abilities with valuable insights.. apache configuration, multi-site hosting, fedora web server. . LinuxSecurity.com Team

Calendar%202 Mar 30, 2018 User Avatar LinuxSecurity.com Team Server Security
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200