Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.

Today’s newsletter highlights our two most recent feature articles: Fileless Malware on Linux: Anatomy of an Attack and A Linux Admin's Getting Started Guide to Improving PHP Security. We also examine various topics including DreamBus and FreakOut - two new botnets threatening Linux systems - and the recently discivered Dovecat crypto-mining malware targeting vulnerable QNAP NAS devices. Happy Monday - and happy reading!

Yours in Open Source,

Brittany Signature 150

LinuxSecurity.com Feature Extras:

Fileless Malware on Linux: Anatomy of an Attack - This article will provide you with answers to these questions by honing in on the anatomy of a Linux fileless malware attack - equipping you with the knowledge necessary to secure your systems and your data against this stealthy and malicious threat. Let’s begin by exploring the concept of fileless malware.

A Linux Admin's Getting Started Guide to Improving PHP Security - This article will examine how you can configure and run PHP securely to mitigate the risk of attacks and compromise, secure web applications, protect user privacy and maintain a secure and properly functioning Linux web server.

  Linux Mint fixes screensaver bypass discovered by two kids (Jan 18)
 

The Linux Mint project has patched a security flaw discovered by two kids that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops. Linux Mint is now working on adding a setting that will let users disable the on-screen keyboard, which would make mitigating future bugs in this component easier until patches are generally available.
  CloudLinux CentOS Replacement Available this Quarter, Named AlmaLinux (Jan 18)
 

A free, community-driven fork of Red Hat Enterprise Linux, AlmaLinux, will serve as a drop-in alternative for CentOS.
  Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed (Jan 19)
 

Security researchers have discovered a set of seven vulnerabilities in dnsmasq - a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services - which allow attackers to redirect users or execute malicious code. This dangerous set of flaws has been named DNSpooq. Patch dnsmasq now!
  The Home Directory Will be Private in Ubuntu 21.04, What Does it Mean? (Jan 20)
 

Until now, users on the same Ubuntu system could access and read the files in the home directory of other users. This is changing from Ubuntu 21.04 - adding a layer of security and privacy to Ubuntu systems.
  OpenWRT reports data breach after hacker gained access to forum admin account (Jan 19)
 

OpenWRT has disclosed a data breach that occurred after a malicious hacker gained access to a forum admin account. The OpenWRT wiki, which contains the official download links, was not compromised, the project said.
  'FreakOut' Botnet Targets Unpatched Linux Systems (Jan 21)
 

Researchers are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. Botnet operators have been mass-scanning for vulnerable Linux devices, and the command-and-control server associated with FreakOut has now targeted several hundred vulnerable devices.
  GeoIP for nftables (Jan 21)
 

Thank you to the GeoIP team for sharing their project with us. Have a similar open-source security project that you think the LinuxSecurity audience would be interested in learning about? Please do not hesitate to reach out!
  Red Hat introduces free RHEL for small production workloads and development teams (Jan 22)
 

In response to complaints about Red Hat's latest plans for CentOS Linux, the vendor will start offering free RHEL for small production workloads and customer development teams.
  DreamBus, FreakOut Botnets Pose New Threat to Linux Systems (Jan 22)
 

Two recently discovered Linux botnets - DreamBus and FreakOut - are designed for DDoS attacks, cryptocurrency mining and other malicious purposes.
  Linux commands you should never run on your system (Jan 20)
 

Learn about six dangerous Linux commands you should avoid at all costs.
  DreamBus botnet targets enterprise apps running on Linux servers (Jan 25)
 

The recently discovered DreamBus botnet uses exploits and brute-force attacks to target PostgreSQL, Redis, SaltStack, Hadoop, Spark, and others enterprise-level apps that run on Linux systems. "The idea is to give the DreamBus gang a foothold on a Linux server where they could later download and install an open-source app that mines the Monero (XMR) cryptocurrency to generate profits for the attackers."
  QNAP urges users to secure against Dovecat crypto-mining malware (Jan 25)
 

The Dovecat Monero-mining malware doesn't steal data, but it consumes large amounts of CPU and memory. This is the latest threat faced by QNAP customers - after research published in July 2020 identified that tens of thousands of NAS drives are potentially vulnerable to malware that prevents administrators from applying patches.