In this guide we will explore how to configure a scan policy on Nessus, later we will also use this policy to create a scan. We will then select a target system for scanning.
The post How to Configure a Nessus Vulnerability Scan Policy appeared first o…
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, recently noted, “Log4Shell will continue to haunt us for years to come.” His advice? “Dealing with Log4Shell will be a […]
The post Log4Shell: A New Fix, Details of Active Attacks, and Risk Mitigation Recommendations appeared first on Linux Today.
A vulnerability (CVE-2021-39685) has been identified in USB Gadget, a subsystem of the Linux kernel that provides a programming interface for creating client USB devices and software simulation of USB devices. This could lead to a kernel leak, crash, or arbitrary code execution at the kernels. The attack is carried out by an unprivileged local […]
The post Vulnerability Found in the USB Gadget Linux Kernel Subsystem appeared first on Linux Today.
Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds o…
A basic hands-on tutorial that shows you how to get started with encrypting and decrypting files with GPG in Linux.
The post Using GPG to Encrypt and Decrypt Files on Linux [Hands-on for Beginners] appeared first on Linux Today.
Everybody says that Linux is secure by default and agreed to some extent, though that’s a debateable topic. Linux does have in-built security model in place by default. But you may need to tune it up and customize it as per your need to make the system more secure. Linux is harder to manage but […]
The post 25 Hardening Security Tips for Linux Servers appeared first on Linux Today.
FontOnLake is a new malware that can attack Linux systems. A somewhat unprecedented issue for this malware is the fact that developers are constantly tweaking modules so that they evolve to infect as many systems as possible. Learn more about FontOnLak…
A critical vulnerability in the open-source logging software Apache Log4j 2 is fueling a chaotic race in the cybersecurity world, with the Apache Software Foundation (ASF) issuing an emergency security update as bad actors searched for vulnerable serve…
XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to work with misconfigurations within the Azure environment.
Misconfigurations within Azure environments are common. It’s …
Discover CrowdSec, the open-source and crowd-powered cybersecurity solution for Linux and learn how it can help you secure your PHP websites.
The post Protect your PHP Websites with CrowdSec, the Open-Source, Participative IPS for Linux appeared first …
Researchers at Spectral recently discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than 20 million times. The Kafdrop flaw has allowed the data from Kafka clusters – everything from financial transactions to mission-critical data – to be exposed internet-wide. It can […]
The post Kafdrop Security Flaw Exposes Kafka Clusters Data appeared first on Linux Today.
Acra’s features enable the implementation of application-level encryption in modern cloud applications, saving development costs and allowing tighter grip on sensitive data lifecycle. Security teams value that Acra unifies security control set around sensitive data, combining 9 strong data security controls on one choke point to data access: application-level encryption, searchable encryption, data masking, data […]
The post Acra: Open-source Database Protection with Field-level Encryption and Intrusion Detection appeared first on Linux Today.
Coming three weeks after the previous security updates, which addressed 13 vulnerabilities, the new Linux kernel security patches are available for Ubuntu 21.10 (Impish Indri), Ubuntu 21.04 (Hirsute Hippo), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as Ubuntu 16.04 ESM (Xenial Xerus) and Ubuntu 14.04 ESM (Trusty Tahr) to address […]
The post New Ubuntu Linux Kernel Security Patches for 6 Vulnerabilities appeared first on Linux Today.
The post How to Set a Custom SSH Warning Banner and MOTD in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides .SSH banner warnings are necessary when companies or organizations want to display a stern warning to discourage unauthorized …
I teach cybersecurity. It’s something I really believe in, but it’s hard work for all the wrong reasons.
The post Why We Can’t Teach Cybersecurity appeared first on Linux Today.
It happens. Yes, sometimes you can lose track of your passwords, including the root password which is critical in performing root privileged tasks. This can happen for a myriad of reasons including staying for a protracted period without logging in as a root user or having a complex root password – in which case you […]
The post How to Reset Forgotten Root Password in Rocky Linux / AlmaLinux appeared first on Linux Today.
Active response allows Wazuh to run commands on an agent in response to certain triggers. In this use case, we simulate an SSH Brute Force attack and configure an active response to block the IP of the attacker.
The post Wazuh Blocking Attacks with Act…
In this guide, learn how to check if an RHEL (or CentOS 6/7/8) system is vulnerable to a CVE. Also, learn how to mitigate these issues if you find your system is vulnerable.
The post How to Check if an RHEL System Is Vulnerable to a CVE appeared first …
Researchers uncovered a vulnerability in Intel Processors that could affect laptops, cars and embedded systems. The flaw—CVE-2021-0146—enables testing or debugging modes on multiple Intel processor lines, which could allow an unauthorized user with phy…
Thunderbird 91 is being back-ported to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. A security vulnerability affecting the Thunderbird 78.x series both builds offer is being actively exploited in the wild. But as upstream support for Thunderbird 78.x has end…