LinuxSecurity.com

Researchers have discovered a never-before-seen backdoor for Linux that's being used by a threat actor linked to the Chinese government.

A critical buffer overflow vulnerability has been found in c-ares before 1_16_1 thru 1_17_0 via the function ares_parse_soa_reply in ares_parse_soa_reply.c ( CVE-2020-22217 ). Due to how simple this bug is to exploit and its significant threat to the confidentiality, integrity, and availability of impacted systems, it has received a National Vulnerability Database base score of 9.8 out of 10 (''Critical'' severity).

You'll be surprised at how easy it is to harden the Ubuntu Server and ensure your deployments' foundation is as secure as possible.

It turns out that Ubuntu Linux installations of Ubuntu 23.04, 22.04.3 LTS, and installs done since April 2023 that accepted the Snap version update haven't been following Ubuntu's own recommended security best practices for their security pocket configuration for packages. A new Subiquity release was issued today to fix this problem while those on affected Ubuntu installs are recommended to manually edit their /etc/apt/sources.list file.

APT36 is a highly sophisticated APT (Advanced Persistent Threat) group known for conducting targeted espionage in South Asia and is strongly linked to Pakistan.

Multiple severe, remotely exploitable security vulnerabilities have been found in Chromium, including out-of-bounds memory access in V8, CSS, and Fonts ( CVE-2023-4427 , CVE-2023-4428 , and CVE-2023-4431 ), and use after frees in Loader and Vulkan ( CVE-2023-4429 and CVE-2023-4430 ). Because of the serious threat these bugs pose to the confidentiality, integrity, and availability of impacted systems and their ease of exploitation, they have all received a National Vulnerability Database severity rating of ''High''.

A critical memory safety bug has been discovered in Thunderbird 115.0 and Thunderbird 102.13 ( CVE-2023-4056 ). Due to the severity of this vulnerability's threat to the confidentiality, integrity, and availability of impacted systems, it has received a National Vulnerability Database base score of 9.8 out of 10. Other severe vulnerabilities have also been found in Thunderbird, including improper validation of the Text Direction Override Unicode Character in filenames ( CVE-2023-3417 ) and copying of an untrusted input stream to a stack buffer without checking its size ( CVE-2023-4050 ).

A critical vulnerability was found in the OpenDMARC open-source implementation of the DMARC specification. It was discovered that OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 incorrectly handled certain inputs, resulting in remote memory corruption in certain situations ( CVE-2020-12460 ). This vulnerability has received a National Vulnerability Database base score of 9.8 out of 10 (''Critical'' severity).

We do not often talk about Linux malware because it is often quickly patched up and not exploited much in the wild compared to Windows/macOS. However, there has been a concern regarding the Free Download Manager (a decently popular cross-platform download manager).

One of the new Linux networking features we've been looking forward to seeing in the kernel is TCP Authentication Option (TCP-AO / RFC5925) as a means of improving TCP security and authenticity. The eleventh iteration of the TCP-AO patches were posted today for the Linux kernel with it looking like work on this network addition potentially wrapping up soon.

More RISC-V architecture updates were merged this weekend for the ongoing Linux 6.6 merge window.

Since early this year AMD has been working on Linux enablement patches for Dynamic Boost Control (DBC). This is a new feature of some AMD SoCs that allow an "authenticated entity" to have greater control over certain SoC characteristics to improve the power/performance. AMD DBC was merged for Linux 6.6 just days ago while already new patches have been posted that extend the supported platforms for this Dynamic Boost Control functionality.

The recent news regarding Red Hat's decision to limit access to the source code of their Red Hat Enterprise Linux (RHEL) distribution has garnered considerable attention. "It is wise to make sure security and IT compliance aspects are addressed. Perhaps more open source Linux distributions will appear in the near future and offer another alternative to CentOS Linux."

In the world of web development, terms like MEAN, MERN, LEMP, and PERN are frequently encountered. These terms refer to web stacks, which are bundles of software, frameworks, and libraries used for building full-stack web applications. One such popular web stack is LEMP. In this comprehensive guide, we will explore what the LEMP stack is, its components, how it works, and why it is popular in web development.

The usage of Blueshell malware spikes up by various threat actors to target Windows, Linux, and other operating systems across Korea and Thailand.

Two major security vulnerabilities were recently discovered in PHP. It was discovered that PHP incorrectly handled certain XML files ( CVE-2023-3823 ) and certain PHAR files ( CVE-2023-3824 ). Due to their ease of exploitation and the severe threat that these issues pose to impacted systems, these vulnerabilities have been rated by the National Vulnerability Database as High-Severity and Critcial, respectively.

Cybersecurity researchers at ReversingLabs claim that a recent malicious cyber campaign targeting MacOS, Linux, and Windows systems was carried out by the North Korean threat group Lazarus.

One of the most-used Linux distros is Kali Linux, which is preferred by security professionals.

Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven't been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed.

While I have been eagerly following the AMD openSIL project for open-source CPU initialization that will eventually replace AGESA , today AMD announced a new open-source firmware drop: the SEV firmware has been made open-source.