LinuxSecurity.com
Kali Linux 2023.2 Released with 13 New Tools, Pre-Built HyperV Image
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies.
Kategorie: Hacking & Security
Nitrux 2.8.1 Linux Distribution Unleashes Supercharged Security and Privacy Powers
Nitrux 2.8.1, codenamed "sc" for "safer computing," has been released, offering enhanced privacy and security features. While the distribution does not claim to be impenetrable or unhackable, it aims to protect users' privacy and provide tools for online anonymization.
Kategorie: Hacking & Security
High-Severity ntfs-3g Buffer Overflow Vulns Fixed
Several buffer overflow vulnerabilities have been identified in ntfs-3g. With a low attack complexity and a high confidentiality, integrity and availability impact, these vulnerabilities have received a National Vulnerability Database (NVD) severity rating of ''High''.
Kategorie: Hacking & Security
Critical Remotely Exploitable Django Vuln Fixed
It was discovered that Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1 incorrectly handled uploading multiple files using one form field (CVE-2023-31047). With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, this vulnerability has been rated as ''Critical'' by the National Vulnerability Database (NVD).
Kategorie: Hacking & Security
Linux Container Security Primer
In today's rapidly evolving digital landscape, where agility and scalability are paramount, traditional software deployment methods often fall short. Container technology is a game-changing innovation that has revolutionized how software is deployed, managed, and scaled. It offers many benefits, ensuring that applications run consistently regardless of the hosting environment.
Kategorie: Hacking & Security
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center (JPCERT/CC) said in a report published today.
Kategorie: Hacking & Security
The Moment for AI
Red Hat President and Chief Executive Officer, Matt Hicks, shares insights and reflections from Red Hat Summit 2023.
Kategorie: Hacking & Security
Email Phishing Using Kali Linux
No matter how often you go online and how or why you primarily use the Internet, you've probably seen phishing attack attempts. They're now so common and problematic that cybersecurity professionals regularly provide information to help people spot and avoid phishing attacks.
Kategorie: Hacking & Security
New Ransomware Group Uses Repurposed LockBit, Babuk Variants
A new ransomware operation has been targeting Windows and Linux systems with a combination of payloads relying on leaked LockBit and Babuk code and custom-developed tools.
Kategorie: Hacking & Security
PyPI Open-Source Code Repository Deals with Manic Malware Maelstrom
Public source code repositories, from Sourceforge to GitHub , from the Linux Kernel Archives to ReactOS.org , from PHP Packagist to the Python Package Index , better known as PyPI , are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers' toolkits that have done computer science and software engineering a world of good.
Kategorie: Hacking & Security
CISA Warns Several Old Linux Vulns Exploited in Attacks
The Cybersecurity & Infrastructure Security Agency (CISA) added seven new Linux vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Friday based on evidence of active exploitation, some of which have been known for a decade:
Kategorie: Hacking & Security
Linux Kernel DoS, Info Disclosure Bugs Fixed
Several important security issues have been found in the Linux kernel, including a slab-out-of-bound read problem (CVE-2023-1380), a heap out-of-bounds read/write vulnerability in the traffic control (QoS) subsystem (CVE-2023-2248), and an out-of-bounds write issue in the kernel before 6.2.13 (CVE-2023-31436). The vulnerabilities have received a National Vulnerability Database (NVD) rating of ''high-severity'' due to their high confidentiality, integrity and availability impact.
Kategorie: Hacking & Security
Important Ruby ReDoS Vulns Discovered & Fixed
Two important ReDoS issues have been found in the Ruby programming language; one in the URI component (CVE-2023-28755) and one in the Time component (CVE-2023-28756). It was discovered that the URI parser and the Time parser mishandle invalid URLs that have specific characters, causing an increase in execution time for parsing strings to URI and Time objects.
Kategorie: Hacking & Security
Is Linux A More Secure Option Than Windows For Businesses?
There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.
Kategorie: Hacking & Security
Budgie-flavored Fedora Onyx To Be a New Immutable Fedora Variant
Fedora Onyx is now approved to be an official Fedora variant. A Budgie desktop user? You will love this!
Kategorie: Hacking & Security
SQLite 3.42 Released With "Secure Delete" Command
SQLite 3.42 is now available as the newest update to this widely-used, embed-friendly SQL database option that is used by countless applications and other software for lightweight and speedy data storage purposes.
Kategorie: Hacking & Security
AWS Open Sources Security Tools
AWS is open sourcing its Cedar policy language and authorization engine and Snapchange, an open source snapshot-based fuzzing tool.
Kategorie: Hacking & Security
Important runC Privilege Escalation Flaws Fixed
Several important security issues were identified in the runC Open Container Project. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories (CVE-2023-27561), and incorrectly handled /proc and /sys mounts inside a container (CVE-2023-28642).
Kategorie: Hacking & Security
How Secure Is Linux?
It is no secret that the OS you choose is a key determinant of your security online. After all, your OS is the most critical software running on your computer - it manages its memory and processes, as well as all of its software and hardware. The general consensus among experts is that Linux is a highly secure OS - arguably the most secure OS by design. This article will examine the key factors that contribute to the robust security of Linux, and evaluate the level of protection against vulnerabilities and attacks that Linux offers administrators and users.
Kategorie: Hacking & Security
Ubuntu 23.10 Improving PPA Management For Enhanced Security & Reliability
One of the great longtime features of Ubuntu Linux has been Launchpad's Personal Package Archives (PPAs) for easily augmenting the official Ubuntu repositories with additional packages either to supply updated versions of select software or for software not yet found in the official Ubuntu archives. With Ubuntu 23.10 a change is being made in how PPAs are managed to enhance the security and reliability.
Kategorie: Hacking & Security