Coming only three weeks after the previous kernel security update, the new one is currently only available for Ubuntu 21.04 (Hirsute Hippo) and Ubuntu 20.04.3 LTS (Focal Fossa) systems running the Linux 5.11 kernel series, and it’s available for all su…
Over the past quarter of a century, the open-source movement has gone from strength to strength. But that success and the openness inherent in the community have led to a major challenge – security. The more software that is developed, the greater the likelihood there is for vulnerabilities. To make matters worse, the open-source world prides […]
The post Take a Look at 20 Best Open-Source Security Tools appeared first on Linux Today.
The post How to Install ModSecurity for Nginx on Debian/Ubuntu first appeared on Tecmint: Linux Howtos, Tutorials & Guides .
It is every developer’s desire to deploy secure web applications which are safe from threats. On most occasions, this is effort…
PHP Composer is a dependency manager for PHP. In this tutorial, we will show you how to install Composer on Debian 11. All the steps should work on other Debian-based distributions as well.
The post How to Install PHP Composer on Debian 11 appeared fir…
ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when.
The post ThreatMapper: Open-Source Platform for S…
SSH (Secure Shell) is an open-source network protocol that is used to connect local or remote Linux servers to transfer files, make remote backups, remote command execution, and other network-related tasks via scp command or sftp command between two servers that connect on a secure channel over the network. In this article, I will show […]
The post 5 Best OpenSSH Server Best Security Practices appeared first on Linux Today.
A new attack vector was found against the Apache http server, which remained unpatched in the 2.4.50 update and allows access to files from areas outside the root directory of the site. In addition, researchers have found a way that, in the presence of certain non-standard settings, not only read system files but also remotely […]
The post UPDATE NOW: CVE-2021-42013 Vulnerability in Apache httpd Allows Access Outside the Site Root Directory appeared first on Linux Today.
The post How to Secure Apache with Let’s Encrypt SSL Certificate on CentOS 8 first appeared on Tecmint: Linux Howtos, Tutorials & Guides .Securing your web server is always one of the key factors that you should consider before going live with your web…
Another breach of the year 2021 is the Twitch Data Leak, which comprises 125GB of company data as well as the platform’s source code. An anonymous member on 4chan leaked the data on October 6, 2021.
The post Twitch Data Leak 2021 Includes 125GB Private…
Passbolt is a free, open-source and self-hosted password manager that allows you to store your website and other passwords securely. In this tutorial, I will show you how to install the Passbolt password manager on Debian 11.
The post How to Install Pa…
Certainly, open source software plays an integral part in many critical infrastructure and national security systems, with recent data suggests that attacks on open-source software have increased in the last year. To answer the need, Google launched the Secure Open Source (SOS) Rewards pilot program run by the Linux Foundation with initial sponsorship of $1 […]
The post More on Google’s Secure Open Source (SOS) Program for Developers appeared first on Linux Today.
Google recently introduced the Secure Open Source (SOS) initiative, which will provide bonuses for work related to hardening critical open source security. A million dollars have been allocated for the first payments, but if the initiative is recognized as successful, the investment in the project will continue. Learn more about Google’s open source security project […]
The post Google Allocates $1 Million to Work to Improve Open Source Security appeared first on Linux Today.
New malware for Linux has been found, which uses Windows Subsystem for Linux (WSL) to avoid getting caught by the security tools. The Black Lotus labs have found this malware and have published a report. Learn more about the Steal Malware for Linux fin…
The Apache web server is highly customizable and can be configured in multiple ways to suit your needs. There are many third-party modules that you can use to configure Apache to your preference.
The post How to Set Up ModSecurity with Apache on Debian…
This brief guide explains how to find if a user is using password-based or key-based SSH authentication in Linux operating systems.
The post How to Find if a User Is Using Password-Based or Key-Based SSH Authentication in Linux appeared first on Linux …
CSF is also known as “Config Server Firewall” is a free and advanced firewall for Linux systems. It comes with some advanced security features such as intrusion, flood, and login detections.
The post How to Install Config Server Firewall (C…
OpenSSH 8.8, an open client and server implementation for the SSH 2.0 and SFTP protocols has been published. The release is notable for disabling by default the ability to use digital signatures based on RSA keys with a SHA-1 hash (“ssh-rsa”).
The post…
Google has published the source code for the project HIBA (Host Identity Based Authorization), which proposes the implementation of an additional authorization mechanism for organizing user access via SSH in relation to hosts (checking whether or not access to a particular resource is allowed when authenticating using public keys). Integration with OpenSSH is provided by […]
The post Google publishes HIBA, an OpenSSH Add-On for Certificate-Based Authorization appeared first on Linux Today.
Cybercriminals are targeting Linux-based servers running Microsoft’s Azure public cloud environment that are vulnerable to flaws, after Microsoft didn’t automatically apply a patch on affected clients in its infrastructure. According to cybersecurity firm Recorded Future, the attacks began the night of Sept. 16 after a proof-of-concept exploit was published earlier in the day on GitHub. […]
The post Attackers Exploit OMIGOD Flaw in Azure Despite Microsoft Fixes appeared first on Linux Today.