Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.


Today’s newsletter highlights our two most recent feature articles: A Linux Admin's Getting Started Guide to Improving PHP Security and Linux Pentesting: What Is It and How Can It Improve Network Security? We also examine various topics including several serious vulnerablities in Nvidia drivers impacting both Linux and Windows users that have been discovered and patched and a high-risk RCE bug impacting PHP-based websites running a vulnerable version of the Zend Framework and some Laminas Project releases that has been discovered, disputed and patched. Happy Monday - and happy reading!

Yours in Open Source,

Brittany Signature 150

LinuxSecurity.com Feature Extras:

A Linux Admin's Getting Started Guide to Improving PHP Security - This article will examine how you can configure and run PHP securely to mitigate the risk of attacks and compromise, secure web applications, protect user privacy and maintain a secure and properly functioning Linux web server.

Linux Pentesting: What Is It and How Can It Improve Network Security? - This article will introduce the concept of pentesting to improve and verify network security, explain basic pentesting methodology and explore some excellent pentesting tools, distros and OSes available to Linux users in 2021.

  Cryptocurrency stealer for Windows, macOS, and Linux went undetected for a year (Jan 6)
 

The ElectroRAT cryptocurrency-stealing malware was written from scratch and was likely installed by thousands of Linux, Windows and MacOS users over the past year.
  Debian-based deepin Linux 20.1 is here and you should switch from Windows 10 now! (Jan 5)
 

"Neither Windows 10 or macOS are the prettiest desktop OS -- that designation belongs to a Debian-based Linux distro from China called "Deepin". Learn what you can expect from from the latest version of Deepin - Deepin 20.1.
  6 Open Source Tools for Your Security Team (Jan 7)
 

Looking to improve your company's security in 2021? Open-source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.
  Golang malware infecting Windows, Linux servers with XMRig miner (Jan 4)
 

The Golang malware has been active since last month, exploiting poor security practices to target both Linux and Windows-based servers. Implementing 2FA with robust passwords and keeping all running software updated can help protect against Golang and other dangerous attacks.
  Linux malware authors use Ezuri Golang crypter for zero detection (Jan 8)
 

Linux malware authors are leveraging the Ezuri Golang crypter to pack their malware with dangerous zero detection capabilities.
  33 hardware and firmware vulnerabilities: A guide to the threats (Jan 7)
 

Meltdown and Spectre have raised awareness of the danger of hardware and firmware vulnerabilities. Here's a roundup of the ones that present the most significant threats.
  Red Hat OpenShift supports both Windows and Linux containers (Jan 8)
 

Most container work is done with Linux - but the fact that some jobs are also done with Windows-based containers can't be ignored. Now Red Hat makes it possible to manage both Linux and Windows containers with Kubernetes via OpenShift.
  RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework (Jan 6)
 

A high-risk RCE bug impacting PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases has been discovered and disputed by Zend. Regardless of the dispute, Zend has issued a patch addressing this vulnerability which "provides type checking of the $streamName property before performing a cleanup operation (which results in an unlink() operation, which, previously, could have resulted in an implied call to an an objects __toString() method) in the Laminas\Http\Response\Stream destructor".
  How to Enable Timestamp in Linux Ping Command Output (Jan 4)
 

Learn how to enable timestamp in the ping command output to assist in your network troubleshooting endeavors in this LinuxBuzz tutorial.
  How To Install Tor Browser On Ubuntu Linux? (Jan 5)
 

"Sure  Linux is the most secure OS out  there, but can we trust third-party apps and your Internet Service Provider? Definitely not." Learn how to install the Tor browser on Ubuntu Linux to protect your privacy online and gain full control of your data in this Fossbytes tutorial.
  Linux machines again targeted by hackers with new memory loader (Jan 11)
 

Linux has become a popular target among cybercriminal groups, who have started infecting Linux machines via a fileless malware installation technique that until recently was more commonly used against Windows-based systems.
  Nvidia has patched several serious security flaws affecting Windows and Linux devices (Jan 11)
 

Nvidia has patched several serious security vulnerabilities affecting Windows and Linux devices. These flaws could lead to privilege escalation or denial of service if left unpatched.