Version 3.0.7 of the OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786 — two high-severity buffer overflow vulnerabilities in the punycode decoder that could lead to crashes or potentially remote code execution.
The p…
Red Hat’s recent Twitter and media coverage exaggerate the severity of bugs to compete with Microsoft-affiliated news sites. Learn more here.
The post Red Hat Hypes a Pair of Flaws That Isn’t Critical or Actively Exploited appeared first on…
The OpenSSL project has announced plans to release version 3.0.7 on November 1st to patch a critical security flaw. Learn more here.
The post Heartbleed 2.0? OpenSSL Warns of Second-Ever Critical Security Flaw appeared first on Linux Today.
GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Learn what this means here.
The post Cybercriminals Use Fake Public PoCs to Spread Malware and Stea…
With the latest warning from OpenSSL, we can safely say that come Nov. 1, everyone — and I mean everyone — will need to patch OpenSSL 3.x. Learn more here.
The post OpenSSL Warns of Critical Security Vulnerability With Upcoming Patch appeared first on …
Due to an OpenSSL vulnerability, Fedora Linux 37 has been postponed with a new release date. Learn more here.
The post Fedora 37 Release Has Been Postponed for the Second Time appeared first on Linux Today.
Text4Shell is one of the latest critical security vulnerabilities that the security community is buzzing about. Learn more in this assessment of Text4Shell.
The post Time-Consuming Remediation: Assessing the Impact of Text4Shell appeared first on Linux…
The post 11 Best Free and Low-Cost SSL Certificate Authorities first appeared on Tecmint: Linux Howtos, Tutorials & Guides .Brief: There are multiple Certificate Authorities that you can purchase an SSL certificate from. In this guide, we focus on 10 o…
A freshly fixed flaw (CVE-2022-42889) in the Apache Commons Text library has been getting attention from security researchers these last few days. Learn more here.
The post Apache Commons Text Flaw Not a Repeat of Log4Shell appeared first on Linux Today.
On October 18th, 2022, Debian GNU/Linux and Ubuntu users received a new major kernel update. Learn more here.
The post Debian and Ubuntu Users Get Kernel Updates to Fix Wi-Fi Stack Flaws appeared first on Linux Today.
The Alchimist attack framework, of probable Chinese cybercriminal origin, has been discovered. Learn more here.
The post New Alchimist Attack Framework Hits Windows, Linux and Mac appeared first on Linux Today.
Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private npm packages. Learn more here.
The post Vulnerable API Exposes Private npm Packages appeared first on Linux Today.
The new Ubuntu Linux kernel security updates come about three weeks after the previous security update and patch a total of 16 vulnerabilities for Ubuntu 22.04 LTS. Learn more here.
The post New Ubuntu Linux Kernel Security Updates Fix 16 Vulnerabiliti…
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Learn more here.
The post Critical vm2 Sandbox Escape Vulnerability Uncovered appeared first on Linux Today.
Tutorial about the Bluetooth security risks and the defensive measures to protect the data and privacy and the recommendations to test the device’s security.
This tutorial describes both command line and graphical free XSS (Cross-site scripting) scanning and exploitation tools.
ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software. Learn more here.
The post ZINC Hackers Leverage Open-source Software to Lure IT Pros appeared first on Linux Today.
Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting MS SQL servers. Learn more here.
The post MS SQL Servers Are Getting Hacked to Deliver Ransomware appeared first on Linux Today.
The post 5 Best Practices to Prevent SSH Brute-Force Login Attacks in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides .Servers running SSH are usually a soft target for brute-force attacks. Hackers are constantly coming up with innova…
It’s not reliable to allow multiple users to have access to the root account, especially when one or more sudo users reside on your system, so you can simply lock it by disabling the su command.
The post How to Disable ‘su’ Access for Sudo Users …