Security researchers are warning that a PHP-FPM local privilege escalation vulnerability impacting PHP could put millions of websites at risk. The vulnerability allows a low-privilege user to escalate his privileges to root using a bug in PHP-FPM.
The …
MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on real-world observations.
Version 10 comes with new Data Source objects, new and change…
Hackers are always trying to hack into your Linux server. Here’s a useful and fun way to create an SSH honeypot to trap these hackers.
The post How to Create an SSH Honeypot to Catch Hackers in Your Linux Server appeared first on Linux Today.
Coming only three weeks after the previous kernel security update, the new one is currently only available for Ubuntu 21.04 (Hirsute Hippo) and Ubuntu 20.04.3 LTS (Focal Fossa) systems running the Linux 5.11 kernel series, and it’s available for all su…
Read MoreOver the past quarter of a century, the open-source movement has gone from strength to strength. But that success and the openness inherent in the community have led to a major challenge – security. The more software that is developed, the greater the likelihood there is for vulnerabilities. To make matters worse, the open-source world prides […]
The post Take a Look at 20 Best Open-Source Security Tools appeared first on Linux Today.
Read MoreThe post How to Install ModSecurity for Nginx on Debian/Ubuntu first appeared on Tecmint: Linux Howtos, Tutorials & Guides .
It is every developer’s desire to deploy secure web applications which are safe from threats. On most occasions, this is effort…
PHP Composer is a dependency manager for PHP. In this tutorial, we will show you how to install Composer on Debian 11. All the steps should work on other Debian-based distributions as well.
The post How to Install PHP Composer on Debian 11 appeared fir…
ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when.
The post ThreatMapper: Open-Source Platform for S…
SSH (Secure Shell) is an open-source network protocol that is used to connect local or remote Linux servers to transfer files, make remote backups, remote command execution, and other network-related tasks via scp command or sftp command between two servers that connect on a secure channel over the network. In this article, I will show […]
The post 5 Best OpenSSH Server Best Security Practices appeared first on Linux Today.
Read MoreA new attack vector was found against the Apache http server, which remained unpatched in the 2.4.50 update and allows access to files from areas outside the root directory of the site. In addition, researchers have found a way that, in the presence of certain non-standard settings, not only read system files but also remotely […]
The post UPDATE NOW: CVE-2021-42013 Vulnerability in Apache httpd Allows Access Outside the Site Root Directory appeared first on Linux Today.
Read MoreThe post How to Secure Apache with Let’s Encrypt SSL Certificate on CentOS 8 first appeared on Tecmint: Linux Howtos, Tutorials & Guides .Securing your web server is always one of the key factors that you should consider before going live with your web…
Read MoreAnother breach of the year 2021 is the Twitch Data Leak, which comprises 125GB of company data as well as the platform’s source code. An anonymous member on 4chan leaked the data on October 6, 2021.
The post Twitch Data Leak 2021 Includes 125GB Private…
Passbolt is a free, open-source and self-hosted password manager that allows you to store your website and other passwords securely. In this tutorial, I will show you how to install the Passbolt password manager on Debian 11.
The post How to Install Pa…
Certainly, open source software plays an integral part in many critical infrastructure and national security systems, with recent data suggests that attacks on open-source software have increased in the last year. To answer the need, Google launched the Secure Open Source (SOS) Rewards pilot program run by the Linux Foundation with initial sponsorship of $1 […]
The post More on Google’s Secure Open Source (SOS) Program for Developers appeared first on Linux Today.
Read MoreGoogle recently introduced the Secure Open Source (SOS) initiative, which will provide bonuses for work related to hardening critical open source security. A million dollars have been allocated for the first payments, but if the initiative is recognized as successful, the investment in the project will continue. Learn more about Google’s open source security project […]
The post Google Allocates $1 Million to Work to Improve Open Source Security appeared first on Linux Today.
Read MoreNew malware for Linux has been found, which uses Windows Subsystem for Linux (WSL) to avoid getting caught by the security tools. The Black Lotus labs have found this malware and have published a report. Learn more about the Steal Malware for Linux fin…
Read MoreThe Apache web server is highly customizable and can be configured in multiple ways to suit your needs. There are many third-party modules that you can use to configure Apache to your preference.
The post How to Set Up ModSecurity with Apache on Debian…
This brief guide explains how to find if a user is using password-based or key-based SSH authentication in Linux operating systems.
The post How to Find if a User Is Using Password-Based or Key-Based SSH Authentication in Linux appeared first on Linux …
CSF is also known as “Config Server Firewall” is a free and advanced firewall for Linux systems. It comes with some advanced security features such as intrusion, flood, and login detections.
The post How to Install Config Server Firewall (C…