Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.
Today’s newsletter highlights our two most recent feature articles: How Secure Is Linux? and Get started with CrowdSec v.1.0.X. We also examine various topics including how you can use croc to easily and securely transfer files and folders between computers and five great Linux distros available for Windows Subsystem for Linux (WSL). Happy Monday - and happy reading!
Yours in Open Source,
LinuxSecurity.com Feature Extras:
How Secure Is Linux? - This article will examine the key factors that contribute to the robust security of Linux, and evaluate the level of protection against vulnerabilities and attacks that Linux offers administrators and users.
Get started with CrowdSec v.1.0.X - The official release of CrowdSec v.1.0.X introduces several improvements to the previous version, including a major architectural change: the introduction of a local REST API.
croc is a free and open-source command line tool for secure file transfers between computers. It uses relay-assisted peer-to-peer transactions and end-to-end encryption via password-authenticated key exchange. The program is written in Go and is available for Linux, Windows, macOS and *BSD. Learn about croc's key features and see how easy it is to use croc to send a file or folder in this Linux Uprising tutorial.
Last summer, the GRUB bootloader was impacted by "BootHole" with security issues hitting its UEFI Secure Boot support . Now a new round of GRUB2 vulnerabilities affecting its UEFI Secure Boot support have been made public.
There's been a 2,000% increase of new malware written in Go over the past few years. Many of these malware families are botnets targeting Linux and IoT devices to either install crypto miners or enroll the infected machine into DDoS botnets.
Too many admins disable SELinux or set it to Permissive on their data center systems, as opposed to spending the necessary time to make the projects they're working on work with SELinux. Jack Wallen warns that admins are playing with fire by shrugging off SELinux, leaving their OSes weakened and susceptible to attacks.
Malicious actors are exploiting a new 'Dependency Confusion' vulnerability to target Amazon, Zillow, Lyft, and Slack NodeJS apps and steal Linux/Unix password files and open reverse shells back to the attackers.
This LinuxSecurity.com feature article was recently featured on the frontpage of Slashdot. While all Linux 'distros' " or distributed versions of Linux software " are secure by design, certain distros go above and beyond when it comes to protecting users' privacy and security . We've put together a list of our favorite specialized secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great.
Linus Torvalds has warned of a nasty security bug in the first release candidate (RC) of the Linux kernel 5.12, which he has deemed a "double ungood" that can have catastrophic consequences for a computer's filesystem.