News Category: Security

Are Your Linux Servers Really Protected?

When thinking about IT security, one area that may not readily come to mind is the physical security of an enterprise’s servers. It’s often thought that because the servers are behind lock and key and/or in a data center, and because the data is in continuous use, encrypting the server drives isn’t...
Read 0 Comments

Key Differences in Security, Management for Serverless vs. Containers

Serverless functions and containers are two of the hottest topics in the IT world today. They’re also two technologies that share a lot in common — after all, both are ways to deploy code inside isolated, discrete environments. They are by no means identical technologies, but in the abstract, they...
Read 0 Comments

lvfs.png

LVFS
LVFS is a secure website that allows hardware vendors to upload firmware updates. It’s used by all major Linux distributions to provide metadata for clients, such as fwupdmgr, GNOME Software and KDE Discover.

Linux Foundation Welcomes LVFS Project

The Linux Foundation welcomes the Linux Vendor Firmware Service (LVFS) as a new project. LVFS is a secure website that allows hardware vendors to upload firmware updates. It’s used by all major Linux distributions to provide metadata for clients, such as fwupdmgr, GNOME Software and KDE Discover....
Read 0 Comments

The Central Security Project: Vulnerability Reporting for Open Source Java

When a security researcher finds a security bug, what do they do? Unfortunately, the answer sometimes is they search for the appropriate people to notify and, when they can’t be found, end up posting the vulnerability to public email lists, the GitHub project, or even Twitter. This is the problem...
Read 0 Comments

red-team.jpg

Red Team
The Red Team Project uses the same tools, techniques, and procedures used by malicious actors, but in a constructive way to provide feedback and help make open source projects more secure.

New Red Team Project Aims to Help Secure Open Source Software

The Linux Foundation has launched the Red Team Project, which incubates open source cybersecurity tools to support cyber range automation, containerized pentesting utilities, binary risk quantification, and standards validation and advancement. The Red Team Project’s main goal is to make open...
Read 0 Comments

A Brief History of Wi-Fi Security Protocols from “Oh My, That’s Bad” to WPA3

Thanks to upcoming developments in Wi-Fi, all of us connectivity-heads out there can look forward to getting familiar with new 802.11 protocols in the near future. Ars took a deep look at what's on the horizon last fall, but readers seemed to have a clear request in response—the time had come to...
Read 0 Comments

Open Source Maintainers Want to Reduce Application Security Risk

According to Snyk’s “State of Open Source Security Report 2019,” which surveyed over 500 open source users and maintainers, 30 percent of developers that maintain open source (OS) projects are highly confident in their security knowledge, which is up from 17 percent the year before. In addition,...
Read 0 Comments

Kubernetes, Docker, ContainerD Impacted by RunC Container Runtime Bug

The Linux community is dealing with another security flaw, with the latest bug impacting the runC container runtime that underpins Docker, cri-o, containerd, and Kubernetes. The bug, dubbed CVE-2019-5736, allows an infected container to overwrite the host runC binary and gain root-level code access...
Read 0 Comments

Outlaw Shellbot Infects Linux Servers to Mine for Monero

The Outlaw group is conducting an active campaign which is targeting Linux systems in cryptocurrency mining attacks. On Tuesday, the JASK Special Ops research team disclosed additional details (.PDF) of the attack wave which appears to focus on seizing infrastructure resources to support illicit...
Read 0 Comments

Remote Code Execution in apt/apt-get

tl;dr I found a vulnerability in apt that allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. The bug has been fixed in the latest versions of apt. If you’re worried about being exploited during the update process...
Read 0 Comments

Pages

Click Here!