LinuxSecurity.com

The Open Metaverse Foundation (OMF), launched last week by the Linux Foundation , was created to implement the protection and interoperability standards required to drive metaverse adoption at scale, according to Royal O'Brien, a Linux Foundation GM and the executive director of OMF.

Linux is a popular and powerful operating system, but it is not immune to malware. In fact, malware that targets Linux systems is on the rise. In fact, findings from Atlas VPN based on data from threat intelligence platform AV-ATLAS, claims that in 2022 there were 1.9 million new Linux malware threats, bringing the figure up 50% year-on-year.

Last week I wrote about Linux developers evaluating a new "DOITM" security mitigation for the latest Intel CPUs . While the cost for now of engaging the Data Operand Independent Timing Mode (DOITM) functionality is minimal, following internal Intel engineering discussions it looks like the Linux kernel patches will need to be re-worked with this functionality not intended to always be enabled.

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to contain intrusions and whatnot.

Red Hat and Oracle announced jointly Tuesday that they have partnered to bring Red Hat Enterprise Linux (RHEL) to Oracle Cloud Infrastructure, broadening Oracle's available public cloud options and creating a measure of d©tente between two long-standing competitors.

Open source security automation is a critical aspect of modern cybersecurity. It involves the use of open source tools and technologies to automate various security tasks, such as vulnerability scanning , incident response, and compliance monitoring. The goal of open source security automation is to improve the efficiency and effectiveness of security operations while reducing costs.

Published back in November were a set of patches for allowing (e)BPF to extend the Linux kernel's scheduler . That interesting work is continuing with Friday having brought a second revision to the patches.

Merged on Sunday prior to tagging Linux 6.2-rc6 is a late "fix" for the AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) code to avoid possible situations of undefined behavior with difficult to debug issues where a modern Linux host with SEV-SNP may try booting a Linux virtual machine with an outdated kernel.

In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.

Threat actors are evolving to target a wide variety of systems and infrastructure, BlackBerry says in a new report. "In addition, attacks against Linux systems and cloud infrastructure will increase as threat actors look to install backdoors on target systems and gain visibility into organizations for further activities."

The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs.

After rising and falling since 2021, new Linux malware hit record highs at year-end in 2022, growing by 117% over previous levels.

In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.

For bad actors, the more intelligence they have on their target, the better. Attackers typically gather intelligence by scraping data readily available from public sources, called open source intelligence (OSINT).

Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware.

Node.js is an open source development platform for running JavaScript code on the server side. Node is useful for developing applications that require a persistent browser-server connection and is often used for real-time applications such as chat, social applications, or news feeds.

There's been a shift towards 'memory safe' languages. So, can updates to C++ help it catch up in the eyes of developers?

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa.

Linux is undoubtedly the best open-source operating system, and is arguably the most secure OS by design . Most computers these days are Linux-based. Android OS, which is the most commonly used mobile operating system, is also Linux-based. The same goes for Chromebooks and a variety of tablets.

Unless your computer is pretty old, it probably uses UEFI (Unified Extensible Firmware Interface) to boot. The idea is that a bootloader picks up files from an EFI partition and uses them to start your operating system.