Tags: Vulnerabilities

Security Orchestration and Incident Response

Last month at the RSA Conference, I saw a lot of companies selling security incident response automation. Their promise was to replace people with computers ­-- sometimes with the addition of machine learning or other artificial intelligence techniques ­-- and to respond to attacks at computer...
Read 0 Comments

security-fundamentals-linuxcom-hero-v2b.jpg

security fundamentals
Learn how to estimate the costs associated with a potential attack and loss of assets; get details in this Security Fundamentals course preview.

Linux Security Fundamentals: Estimating the Cost of a Cyber Attack

Start exploring Linux Security Fundamentals by downloading the free sample chapter today. DOWNLOAD NOW Last week, we learned to begin a risk assessment by first evaluating the feasibility of a potential attack and the value of the assets you’re protecting. These are important steps to determining...
Read 0 Comments

security-software-vulnerabilities.jpg

software vulnerabilities
In his upcoming talk at ELC + OpenIoT Summit, Ryan Ware, Security Architect at Intel, will explain how you can navigate the flood of vulnerabilities and manage the security of your product.

How to Manage the Security Vulnerabilities of Your Open Source Product

The security vulnerabilities that you need to consider when developing open source software can be overwhelming. Common Vulnerability Enumeration (CVE) IDs, zero-day, and other vulnerabilities are seemingly announced every day. With this flood of information, how can you stay up to date? “If you...
Read 0 Comments

Security Hygiene for Software Professionals

As software makers, we face a unique threat model. The computers or accounts we use to develop and deliver software are of more value to an attacker than what ordinary computer users have—cloud service keys can be stolen and used for profit, and the software we ship can be loaded with malware ...
Read 0 Comments

AI Isn't Just for the Good Guys Anymore

Last summer at the Black Hat cybersecurity conference, the DARPA Cyber Grand Challenge pitted automated systems against one another, trying to find weaknesses in the others' code and exploit them. "This is a great example of how easily machines can find and exploit new vulnerabilities, something we...
Read 0 Comments

Linux.Proxy.10 Infects Thousands of Devices with Standard Settings

Dr. Web researchers spotted a Linux trojan, dubbed Linux.Proxy.10 that has been used to infect thousands of Linux devices. The trojan infiltrates computers and devices that etiher have standard settings or are already infected by a  Linux malware and is  distributed by the threat actor logging into...
Read 0 Comments

GitHub Bug Bounty Program Offers Bonus Rewards

GitHub celebrates the third anniversary of its Bug Bounty program, with bonus rewards for security disclosures, as the program continues to help the popular code development platform stay secure.  In January 2014, the GitHub distributed version control code repository first launched a bug bounty...
Read 0 Comments

Fedora and Ubuntu Zero-Days Show that Hacking Desktop Linux is Now a Thing

If you run a mainstream distribution of Linux on a desktop computer, there's a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you're running Chrome on the just-released Fedora 25, his code-...
Read 0 Comments

Mozilla and Tor Release Urgent Update for Firefox 0-day Under Active Attack

Developers with both Mozilla and Tor have published browser updates that patch a critical Firefox vulnerability being actively exploited to deanonymize people using the privacy service. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor...
Read 0 Comments

Mitigating dirtyc0w with systemd

Basic mitigation Known exploits for the CVE-2016–5195 vulnerability involve the madvise syscall, so it’s possible to mitigate by excluding the necessary call via a systemd service or container configuration. This is easy with for a systemd unit: [Service] SystemCallFilter=~madviseThe tilde after...
Read 0 Comments

Pages

Click Here!