Lynis is a free and open-source security solution for Linux security auditing. In this article, learn how to install Lynis and conduct an audit of a Kali Linux system.
The post Linux Security Auditing with Lynis appeared first on Linux Today.
Pegasus, the malware developed by NSO Group, was responsible for the hacking of three Bahraini dissidents, according to an extensive study published on February 18, 2022 by The Citizen Lab. Two of the three activists have given their permission to be identified. NSO Group is an Israeli security company that…
The post Bahraini Journalists and Activists Hacked With Pegasus appeared first on Linux Tutorials, FOSS Reviews, Security News.
Read MoreIf you use snap to install your Linux applications, it’s time to patch. Security holes have been found in the snap Linux packaging system. Learn more here.
The post Oh snap! Security Holes Found in Linux Packaging System appeared first on Linux T…
Lynis is a free and open-source security auditing tool released as a GPL licensed project. Learn how to audit a remote Linux system with the Lynis security tool here.
The post How to Audit a Remote Linux System with Lynis Security Tool appeared first o…
There are several ways to harden NGINX web server security. This guide explains how to secure web applications and control access based on client IP address in NGINX.
The post How to Control Access Based on Client IP Address in NGINX appeared first on …
Wazuh is able to detect vulnerabilities through the integration of vulnerability feeds indexed by Canonical, Debian, Red Hat, and the National Vulnerability Database. Learn more here.
The post Wazuh Vulnerability Detection appeared first on Linux Today.
Recently, a zero-day vulnerability dubbed Log4Shell with CVE CVE-2021-44228 was detected in Apache’s Log4J 2 that allows malicious actors to launch Remote Code Execution (RCE) attacks. This means that an assailant can remotely send commands to a server running vulnerable applications. The key to combating the current wave of attacks is early detection of the vulnerability […]
The post Detecting Log4Shell with Wazuh appeared first on Linux Today.
Read MoreIt’s not that Linux is insecure; it’s that it’s so often deployed without enough thought given to security.
The post VMware Finds Linux Malware on the Rise appeared first on Linux Today.
Devs and maintainers are getting paid. But not to concentrate on security.
The post The Bill Comes Due: Securing Open-Source Software Isn’t Going to Be Cheap appeared first on Linux Today.
As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Learn how cybercriminals are using malware to target Linux-based operating systems he…
Read MoreMetasploit, one of the most widely used penetration testing tools, is a very powerful all-in-one tool for performing different steps of a penetration test. If you ever tried to exploit some vulnerable systems, chances are you have used Metasploit, or at least, are familiar with the name. It allows you to find information about system […]
The post Metasploit Tutorial for Beginners – Basics to Advanced appeared first on Linux Today.
Read MoreIf you consider all the components you need for your software, you have a pretty long chain, and those components have dependencies too. Any weak link can compromise the entire software supply chain, putting your business at risk. Learn more about how …
Read MoreA 12-year-old security vulnerability has been disclosed in the Linux’s system utility Polkit, which grants attackers root privileges. You should obtain and apply a patch ASAP. Learn more here.
The post A Polkit Vulnerability Gives Root on All Major Lin…
An easily exploited flaw in a program, found by Qualys in every major Linux distribution, is the latest serious security issue that has arisen in the open-source space in recent weeks. Learn more here.
The post Easily Exploitable Linux Flaw Exposes All…
According to the researchers, the vulnerability (CVE-2021-4034) was discovered in PolicyKit’s pkexec tool, which incorrectly handled command-line arguments. This could lead to local privilege escalation, allowing any regular user in a GNU/Linux distribution to gain administrative privileges and run programs as an administrator (root). The good news is that most major GNU/Linux distributions already received […]
The post 12-Year-Old PolicyKit Local Privilege Escalation Flaw Now Patched in Major Linux Distros appeared first on Linux Today.
Read MoreSimpleX is an open-source, decentralized client-server chat network that preserves metadata privacy. It uses disposable nodes to asynchronously pass the messages, providing receiver and sender anonymity. Learn more about SimpleX here.
The post SimpleX …
Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. Learn more about how attacks are escalating against Linux-based IoT de…
Read MoreVirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found.
In fact, with a €600 VirusTotal license, they have managed to coll…
Companies and developers, open-source organizations, and government agencies gather together to lock down and secure the software supply chain.
The post Open Source Security at the White House appeared first on Linux Today.
Discovered by William Liu and Jamie Hill-Daniel, the new security flaw (CVE-2022-0185) is an integer underflow vulnerability found in Linux kernel’s file system context functionality, which could allow an attacker to crash the system or run programs as an administrator. The security vulnerability affects all supported Ubuntu releases, including Ubuntu 21.10 (Impish Indri) systems running […]
The post New Linux Kernel Vulnerability Patched in All Supported Ubuntu Systems, Update Now appeared first on Linux Today.
Read More