Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
77
XSScritical flawweb vulnerabilityWeb Vulnerability Report Reveals 60% Of Sites Face Major Flaws
Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security. The Website vulnerability statistics, based on Website vulnerability data gathered from WhiteHat's own enterprise clients, show that 63 percent of Websites have at least one high, critical, or urgent vulnerability issue, and there's an average of seven unfixed vulnerabilities in a Website today. . "What we know from this report is that the Web is at least this insecure," says Jeremiah Grossman, CTO of WhiteHat. The top ten classes of vulnerabilities hasn't changed much from WhiteHat's findings in the fourth quarter of 2008. The pervasive cross-site scripting (XSS) flaw still leads the pack as the most likely vulnerability in a Website, with a 65 percent chance that a Website has XSS bugs, followed by information leakage, with 47 percent. And the average number of vulnerabilities per Website over its lifetime is 17, according to WhiteHat's data. "Customers are fixing large swaths of vulnerabilities, but it's really tough to wipe out 100 percent of vulnerabilities, even by class and severity," Grossman says. "And even if you fix nine of 10 cross-site scripting vulnerabilities, you still have one. That's why the percentage of sites likely to have cross-site scripting vulns is" so high, he says. The link for this article located at Dark Reading is no longer available. . Many online platforms encounter critical challenges, with more than 65% harboring substantial defects; CyberGuard's analysis uncovers prominent weaknesses.. Web Application Security, Vulnerability Statistics, XSS Risks, Critical Flaw Data. . LinuxSecurity.com Team
May 19, 2009
•
Server Security
83
online bankingweb vulnerabilitycybersecurity threatPharming Attack Exploits Critical Flaws Across 50 Global Banks
An attack this week that targeted online customers of at least 50 financial institutions in the U.S., Europe, and Asia-Pacific has been shut down, a security expert said Thursday. The attack was notable for the extra effort put into it by the hackers, who constructed a separate look-alike Web site for each financial institution they targeted, said Henry Gonzalez, senior security researcher for Websense Inc. . To be infected, a user had to be lured to a Web site that hosted malicious code exploiting a critical vulnerability revealed last year in Microsoft's software, Websense said. The vulnerability, for which Microsoft had issued a patch, is particularly dangerous since it requires a user merely to visit a Web site rigged with the malicious code. The link for this article located at Infoworld is no longer available. . To be infected, a user had to be lured to a Web site that hosted malicious code exploiting a critica. attack, targeted, online, customers, least, financial, institutions. . LinuxSecurity.com Team
Feb 22, 2007
•
Hacks/Cracks
83
authentication issueFirefox securityweb vulnerabilityFirefox Cookie Issue: Attackers Manipulate Authentication Risks
A bug was recently uncovered in Firefox that could allow a malicious Web site to appear authentic. The bug affects the way Firefox handles writing to the "location.hostname" DOM property, according to a posting by security researcher Michal Zalewski on the security mailing list Full Disclosure. The vulnerability could potentially allow a malicious Web site to manipulate the authentication cookies for a third-party Web site. . By bypassing same-origin policy, attackers can possibly tamper with the way these sites are displayed or how they work. For users, this means the bug could allow for the browser to appear as if the user were connecting to a bank, when in fact the user would instead be receiving data from an attacker. The link for this article located at eWeek is no longer available. . By circumventing the same-origin policy, malicious users can manipulate site visuals and session authentication tokens.. Firefox Flaw,Cookie Security,Web Safety,Browser Exploit. . LinuxSecurity.com Team
Feb 19, 2007
•
Hacks/Cracks
83
security advisorycross-site scriptingonline threatCorporate Websites: Advisory on Risks from Cross-Site Scripting Issues
Insecurely written software still looms as one of the greatest threats to Internet commerce, and user-generated Web content is becoming a vast new vulnerability hackers want to exploit, according to experts at RSA Conference. Cross-site scripting attacks on Web sites can lead to malware taking over the browsers of machines that use the sites, said Caleb Sima, a member of the Secure Software Forum and co-founder of SPI Dynamics. . The link for this article located at Network World is no longer available. . Unprotected applications pose a significant risk to digital trade, as cybercriminals take advantage of weaknesses in website features.. Cross-Site Scripting, Web Exploits, Online Security, Browser Malware. . LinuxSecurity.com Team
Feb 09, 2007
•
Hacks/Cracks
83
data breachdatabase securityuser privacyO'Reilly Data Breach: 100,000 User Profiles Risk From Coding Flaw
Hardcore geek publishing house O'Reilly & Associates recently exposed their database of approximately 100,000 online users to outsiders, courtesy of a Web coding slip-up that their techie customer base might scoff at.. . .. Hardcore geek publishing house O'Reilly & Associates recently exposed their database of approximately 100,000 online users to outsiders, courtesy of a Web coding slip-up that their techie customer base might scoff at. O'Reilly's main Web site, as well as connected sites like Perl.com and XML.com, offer visitors free password-protected accounts for posting comments and subscribing to the publisher's e-mail lists. Until Monday, clicking on a link for reviewing and changing your user profile would land you at a URL of the form https://www.oreilly.com/ It turns out the number at the end is a sequentially-assigned user I.D., and by simply substituting other numbers one could browse or modify other people's profiles. The profiles include full name and email addresses, and, more rarely, physical mailing address, employer, title and phone number. The link for this article located at SecurityFocus is no longer available. . Tech Solutions Inc. inadvertently disclosed their client records because of a programming flaw, endangering the confidentiality of 50,000 clients.. User Privacy Exposure, Database Security, Web Vulnerabilities. . LinuxSecurity.com Team
May 13, 2002
•
Hacks/Cracks
83
cross-site scriptingsecurity flawinternet securityLeading Security Vendors Exposed to Cross-Site Scripting Risks
Web sites operated by several leading Internet security organizations are vulnerable to an old but serious security flaw known as the cross-site scripting (CSS) attack. A cursory survey today revealed that the corporate home pages of security software vendors including Network . . . . Web sites operated by several leading Internet security organizations are vulnerable to an old but serious security flaw known as the cross-site scripting (CSS) attack. A cursory survey today revealed that the corporate home pages of security software vendors including Network Associates, Kaspersky Lab, Trend Micro, SonicWall, and Command Software, were all susceptible to CSS attacks. Nearly two years ago, the Computer Emergency Response Team (CERT) warned Web developers to prevent their sites from being abused through CSS attacks. According to CERT, the presence of CSS vulnerabilities can be exploited by malicious third parties to perform an array of attacks on site users, including theft of passwords, credit card numbers, browser cookies, and other private data. The link for this article located at Newsbytes is no longer available. . Web sites operated by several leading Internet security organizations are vulnerable to an old but s. sites, operated, leading, internet, security, organizations, vulnerable. . LinuxSecurity.com Team
Jan 31, 2002
•
Hacks/Cracks
83
security strategiesweb vulnerabilityhacking demonstrationUniversity of Sussex Hacking Demo: Discover Ebusiness Security Risks
A few days ago I watched a live hacking demo at the University of Sussex in which a company showed how easy it was to access a large number of credit card numbers on a supposedly secure ebusiness site. The demo took 15 minutes and involved an arsenal of tools easily available on the internet. As the independent security consultants I-Sec made Swiss cheese of the website's firewall, many of the delegates' jaws dropped - mine included.. . .. A few days ago I watched a live hacking demo at the University of Sussex in which a company showed how easy it was to access a large number of credit card numbers on a supposedly secure ebusiness site. The demo took 15 minutes and involved an arsenal of tools easily available on the internet. As the independent security consultants I-Sec made Swiss cheese of the website's firewall, many of the delegates' jaws dropped - mine included. Here are the questions to ask yourself: what would you do if your site was targeted with some of the weapons above? What backup do you have? Are you up to date on the tools used to compromise ebusiness security? And are any of your staff using these tools? The link for this article located at vnunet is no longer available. . Come participate at the University of Brighton for an interactive session on cybersecurity tools, online threats, and protective measures.. Hacking Demonstration, Security Strategies, Web Vulnerability Management, Online Security Tools. . LinuxSecurity.com Team
Dec 13, 2001
•
Hacks/Cracks
81
data leakweb vulnerabilityprivacy breachAmazon Affiliate Data Leak: Web Bug Exposes Email Addresses
Just days after Amazon.com tightened its privacy policy, a bug in one of its Web pages exposed numerous email addresses of the site's Affiliate members. Dave English, who runs a software quality assurance company in New Hampshire, discovered the problem . . . . Just days after Amazon.com tightened its privacy policy, a bug in one of its Web pages exposed numerous email addresses of the site's Affiliate members. Dave English, who runs a software quality assurance company in New Hampshire, discovered the problem while trying to update his company's links for the Amazon Affiliate program, which pays members a commission when they refer shoppers to Amazon's stores. The link for this article located at CNET is no longer available. . An error on eBay's platform revealed a significant number of usernames of seller associates, affecting confidentiality protocols.. Amazon Affiliate Email Leak, Private Data Breach, Web Bug Issue. . LinuxSecurity.com Team
Sep 06, 2000
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More