LinuxSecurity.com

Syndikovat obsah LinuxSecurity - Security Articles
The central voice for Linux and Open Source security news.
Aktualizace: 1 min 49 sek zpět

Malicious PyPI package opens backdoors on Windows, Linux, and Macs>

5 hodin 2 min zpět
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
Kategorie: Hacking & Security

381,000-plus Kubernetes API servers 'exposed to internet'>

16 hodin 30 min zpět
A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.
Kategorie: Hacking & Security

Complete Guide to Keylogging in Linux: Part 1>

23 Květen, 2022 - 20:11
In this first part of our Complete Guide to Keylogging in Linux, we will explore the basics of keylogging and its importance in the realm of Linux security, and dive deeper into keylogging in userspace, demonstrating how a keylogger can be written for Linux, by reading events directly from a keyboard device.
Kategorie: Hacking & Security

VirtualBox On Linux Affected By Security Vulnerability Leaking Host Data To Guests>

23 Květen, 2022 - 13:00
Security researcher Jason Donenfeld who is known for leading the development of the WireGuard open-source software has outlined a new security vulnerability affecting the Oracle VM VirtualBox software.
Kategorie: Hacking & Security

Microsoft: This botnet is growing fast and hunting for servers with weak passwords>

23 Květen, 2022 - 13:00
Protect your Linux servers from XorDdos, a botnet scanning the internet for SSH servers with weak passwords, Microsoft warns.
Kategorie: Hacking & Security

Google Makes Public Their Open-Source PSP Security Protocol>

23 Květen, 2022 - 01:27
Hearing "open-source", "PSP", and "security" all together got me excited with my initial reaction thinking it was about AMD's Platform Security Processor (PSP) albeit that's not the case here. Google's PSP is the "PSP Security Protocol" and is designed for dealing with cryptographic hardware offloading at data center scale and used by Google already in production.
Kategorie: Hacking & Security

Citi Donates Software Supply Chain Security Kit to OpenSSF>

20 Květen, 2022 - 13:00
The financial services company's prototype system based on CNCF's software supply chain security guidelines joins OpenSSF's $150 million open source standards campaign.
Kategorie: Hacking & Security

Open source security: Linux Foundation project presents 10-point plan>

19 Květen, 2022 - 13:00
The Open Source Software Security Foundation (OpenSSF), a project of the Linux Foundation, has come up with a 10-point plan to improve the safety of the software supply chain, costed at $147.9M over two years, though it relies in part on developers changing their behaviour to take more account of security issues.
Kategorie: Hacking & Security

Establishing a Root of Trust in Embedded Linux and IoT>

18 Květen, 2022 - 13:00
With IoT, 5G and embedded devices becoming a larger part of everyone's daily lives, security''and more importantly, trust in our technology''is on everyone's minds. Embedded devices don't have a good security track record; the last several years saw a significant number of high-profile hacks that could prevent people from widely accepting IoT into their homes.
Kategorie: Hacking & Security

What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute>

17 Květen, 2022 - 18:28
Last Friday, Microsoft announced that they have discovered a new botnet that exposes both Windows and Linux computers and web servers to new threats. The botnet, known as Sysrv-K, takes advantage of unpatched computers by installing cryptocurrency miners.
Kategorie: Hacking & Security

Open Source Burnout: An Opening to More Security Gaps?>

17 Květen, 2022 - 13:56
"It's important for the industry to understand that open source development burnout is real and can have a significant impact upon those who depend on the projects they maintain. Incentivize and recognize efforts. Don't just take, but give back to the community."
Kategorie: Hacking & Security

Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits>

17 Květen, 2022 - 13:00
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers.
Kategorie: Hacking & Security

BPFdoor: Stealthy Linux malware bypasses firewalls for remote access>

16 Květen, 2022 - 13:00
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.
Kategorie: Hacking & Security

Primer to Container Security>

13 Květen, 2022 - 13:00
Containers are considered to be a standard way of deploying these microservices to the cloud. Containers are better than virtual machines in almost all ways except security, which may be the main barrier to their widespread adoption.
Kategorie: Hacking & Security

Red Hat Enterprise Linux 9: Security baked in>

12 Květen, 2022 - 13:00
The newest RHEL moves beyond servers and the datacenter to the edge and multicloud.
Kategorie: Hacking & Security

BPFDoor: Chinese tool almost undetected for FIVE years is second BPF-based attack uncovered this year>

10 Květen, 2022 - 13:00
Researchers have uncovered a highly-evasive Chinese surveillance tool using the Berkeley Packet Filter (BPF). The malware, dubbed BPFDoor, is present on ''thousands'' of Linux systems, its controller has gone almost completely unnoticed by endpoint protection vendors despite it being in use for at least five years.
Kategorie: Hacking & Security

Linux Security Study Reveals When, How You Patch Matters>

9 Květen, 2022 - 13:00
Computer security only happens when software is kept up to date. That should be a basic tenet for business users and IT departments. Apparently, it isn't. At least for some Linux users who ignore installing patches, critical or otherwise. A recent survey sponsored by TuxCare , a vendor-neutral enterprise support system for commercial Linux, shows companies fail to protect themselves against cyberattacks even when patches exist.
Kategorie: Hacking & Security

The Best VPNs for Linux in 2022 (and the Worst)>

6 Květen, 2022 - 13:47
Although many open-source VPN clients are available for Linux, a native app from the provider requires less configuration and more features. Learn about seven great VPNs for Linux you should consider.
Kategorie: Hacking & Security

Debian GNU/Linux 11 Users Get a Massive Linux Kernel Security Update, Patch Now>

6 Květen, 2022 - 13:00
The Debian Project has published a massive Linux kernel security update for its Debian GNU/Linux 11 ''Bullseye'' operating system series to address 19 security vulnerabilities discovered by various security researchers in the upstream Linux 5.10 LTS kernel, which may lead to a privilege escalation, denial of service or information leaks.
Kategorie: Hacking & Security

Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google>

5 Květen, 2022 - 13:00
The Google and OpenSSF Package Analysis project aims to reduce security risks created by developers' crazy package-updating schedules.
Kategorie: Hacking & Security