LinuxSecurity.com
Malicious PyPI package opens backdoors on Windows, Linux, and Macs>
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
Kategorie: Hacking & Security
381,000-plus Kubernetes API servers 'exposed to internet'>
A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.
Kategorie: Hacking & Security
Complete Guide to Keylogging in Linux: Part 1>
In this first part of our Complete Guide to Keylogging in Linux, we will explore the basics of keylogging and its importance in the realm of Linux security, and dive deeper into keylogging in userspace, demonstrating how a keylogger can be written for Linux, by reading events directly from a keyboard device.
Kategorie: Hacking & Security
VirtualBox On Linux Affected By Security Vulnerability Leaking Host Data To Guests>
Security researcher Jason Donenfeld who is known for leading the development of the WireGuard open-source software has outlined a new security vulnerability affecting the Oracle VM VirtualBox software.
Kategorie: Hacking & Security
Microsoft: This botnet is growing fast and hunting for servers with weak passwords>
Protect your Linux servers from XorDdos, a botnet scanning the internet for SSH servers with weak passwords, Microsoft warns.
Kategorie: Hacking & Security
Google Makes Public Their Open-Source PSP Security Protocol>
Hearing "open-source", "PSP", and "security" all together got me excited with my initial reaction thinking it was about AMD's Platform Security Processor (PSP) albeit that's not the case here. Google's PSP is the "PSP Security Protocol" and is designed for dealing with cryptographic hardware offloading at data center scale and used by Google already in production.
Kategorie: Hacking & Security
Citi Donates Software Supply Chain Security Kit to OpenSSF>
The financial services company's prototype system based on CNCF's software supply chain security guidelines joins OpenSSF's $150 million open source standards campaign.
Kategorie: Hacking & Security
Open source security: Linux Foundation project presents 10-point plan>
The Open Source Software Security Foundation (OpenSSF), a project of the Linux Foundation, has come up with a 10-point plan to improve the safety of the software supply chain, costed at $147.9M over two years, though it relies in part on developers changing their behaviour to take more account of security issues.
Kategorie: Hacking & Security
Establishing a Root of Trust in Embedded Linux and IoT>
With IoT, 5G and embedded devices becoming a larger part of everyone's daily lives, security''and more importantly, trust in our technology''is on everyone's minds. Embedded devices don't have a good security track record; the last several years saw a significant number of high-profile hacks that could prevent people from widely accepting IoT into their homes.
Kategorie: Hacking & Security
What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute>
Last Friday, Microsoft announced that they have discovered a new botnet that exposes both Windows and Linux computers and web servers to new threats. The botnet, known as Sysrv-K, takes advantage of unpatched computers by installing cryptocurrency miners.
Kategorie: Hacking & Security
Open Source Burnout: An Opening to More Security Gaps?>
"It's important for the industry to understand that open source development burnout is real and can have a significant impact upon those who depend on the projects they maintain. Incentivize and recognize efforts. Don't just take, but give back to the community."
Kategorie: Hacking & Security
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits>
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers.
Kategorie: Hacking & Security
BPFdoor: Stealthy Linux malware bypasses firewalls for remote access>
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.
Kategorie: Hacking & Security
Primer to Container Security>
Containers are considered to be a standard way of deploying these microservices to the cloud. Containers are better than virtual machines in almost all ways except security, which may be the main barrier to their widespread adoption.
Kategorie: Hacking & Security
Red Hat Enterprise Linux 9: Security baked in>
The newest RHEL moves beyond servers and the datacenter to the edge and multicloud.
Kategorie: Hacking & Security
BPFDoor: Chinese tool almost undetected for FIVE years is second BPF-based attack uncovered this year>
Researchers have uncovered a highly-evasive Chinese surveillance tool using the Berkeley Packet Filter (BPF). The malware, dubbed BPFDoor, is present on ''thousands'' of Linux systems, its controller has gone almost completely unnoticed by endpoint protection vendors despite it being in use for at least five years.
Kategorie: Hacking & Security
Linux Security Study Reveals When, How You Patch Matters>
Computer security only happens when software is kept up to date. That should be a basic tenet for business users and IT departments. Apparently, it isn't. At least for some Linux users who ignore installing patches, critical or otherwise. A recent survey sponsored by TuxCare , a vendor-neutral enterprise support system for commercial Linux, shows companies fail to protect themselves against cyberattacks even when patches exist.
Kategorie: Hacking & Security
The Best VPNs for Linux in 2022 (and the Worst)>
Although many open-source VPN clients are available for Linux, a native app from the provider requires less configuration and more features. Learn about seven great VPNs for Linux you should consider.
Kategorie: Hacking & Security
Debian GNU/Linux 11 Users Get a Massive Linux Kernel Security Update, Patch Now>
The Debian Project has published a massive Linux kernel security update for its Debian GNU/Linux 11 ''Bullseye'' operating system series to address 19 security vulnerabilities discovered by various security researchers in the upstream Linux 5.10 LTS kernel, which may lead to a privilege escalation, denial of service or information leaks.
Kategorie: Hacking & Security
Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google>
The Google and OpenSSF Package Analysis project aims to reduce security risks created by developers' crazy package-updating schedules.
Kategorie: Hacking & Security