LinuxSecurity.com

German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns associated with the widely used sudo command. Let's explore run0's implications for Linux admins and security practitioners.

Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to streamline the management of hybrid cloud environments. While RHEL 7.9 received four more years of support, RHEL 7 Extended Life Cycle Support (ELS) is a one-time extension and may not be seen with other RHEL versions. Thus, Red Hat urges users to upgrade to RHEL 9.4 . This latest version enhances management and automation capabilities while providing proactive support for building standard operating environments (SOEs) for distributed systems.

A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's delve into the details of the Spectre v2 exploit, its implications, and the measures being taken to mitigate its impact.

Several significant vulnerabilities have been found in the Thunderbird email client and Firefox web browser. An attacker could exploit these issues to disrupt services, obtain sensitive data, bypass security restrictions, perform cross-site tracing, run rogue programs on your computer, or escalate privileges on impacted systems.

The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and innovation in open-source OSes. As security practitioners and Linux administrators, we always seek stable and innovative operating systems that can meet our needs while keeping our systems secure.

The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected several versions of Ubuntu and could potentially lead to server disruption and injection of malicious code.

A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential risks to systems worldwide. The vulnerability, CVE-2024-26925 , arises from improperly releasing a mutex within the garbage collection (GC) sequence of nf_tables. It could potentially lead to race conditions and compromise the stability and security of the Linux kernel.

The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements include unprivileged user namespace restrictions, binary hardening, AppArmor 4 , disabling old TLS versions, and upstream kernel security features.

The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary code. Over the next few days or weeks, the Google Stable channel will be updated to 124.0.6367.78 for Linux. As security practitioners, Linux admins, infosec professionals, and sysadmins must be aware of the implications of such vulnerabilities and take appropriate action.

This first part of the Complete Guide to Keylogging in Linux will explore keylogger attacks in network security. Keylogging can be valuable for testing within the Linux Security realm, so we will dive deeper into how you can write keyloggers and read events directly from a keyboard device on Linux.

Researchers have exposed new and sophisticated types of attacks that endanger the security and confidentiality of virtual machines (VMs). Two variations of Ahoi attacks, Heckler and WeSee, have been identified targeting hardware-based trusted execution environments, specifically AMD's Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel's Trust Domain Extensions (TDX) technologies.

The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle against Spectre v2 vulnerabilities. Researchers have revealed that BHI can bypass existing Spectre v2/BHI mitigations to read sensitive data from the memory of Intel systems.

Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a Debian-based operating system that enables users to remain incognito online and securely browse the web.

In Complete Guide to Keylogging in Linux: Part 1 , we discussed how to write keyloggers for Linux by reading keyboard device events. This article will continue to discuss keyboard event capture so you have more techniques to use for keylogger attacks in network security.

Fedora 40 , the newest version of the Fedora operating system, is an efficient and lightning-fast release with various new and useful features. Compared to its previous releases, Fedora 40 is lightning-fast and offers maximum efficiency to users.

Keylogger attacks in network security have become more popular over time. Therefore, businesses must implement procedures and tactics to prevent these network security issues from harming a server.

AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a reliable server operating system, it can also function effectively as a desktop OS. Security, stability, and long-term support are key advantages of choosing AlmaLinux 9.4 beta as your desktop OS.

Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs. Understanding and mitigating the vulnerabilities in the Linux kernel is essential in safeguarding your systems against exploits leading to compromise. Let's examine why kernel vulnerabilities are such a severe threat and mitigation strategies for protecting against them.

The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew of improvements and new features that will certainly intrigue security practitioners. This release aims to enhance user-facing features while addressing compatibility and security issues.

The alarming discovery of a backdoor in the xz data compression library , which had the potential to compromise Linux systems, has dominated recent security news. While the backdoor did not make its way into production Linux distributions, the incident raises crucial questions about open-source security and the need for vigilance in the face of emerging threats.