Security News
Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform. Visually refreshed and with improved usability for visually impaired users, it comes also with a new "Kali-linux-everything" image, wider compatibility for Kali's SSH client, and new tools.
Kali Everything Image - An all-packages-in-one solution now available to download. Kali-Tweaks Meets SSH - Connect to old SSH servers using legacy SSH protocols and ciphers. As the first version of the new year, the Kali Team has performed a visual refresh adding new backgrounds for the desktop, login, and boot displays, and a new installer theme.
The bug hunters at Google's Project Zero team have released their latest time-to-fix data and Linux is smashing the opposition. Between 2019 and 2021 open-source developers fixed Linux issues in an average of 25 days, compared to 83 for Microsoft and Oracle pulling last place at 109 days, albeit from a very low number of cases.
Contextualizing supply chain risks in a SaaS environmentIn the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. The four types of remote workers your security awareness program must addressNo matter how much technology you acquire or how many specific technical controls you install, when it comes to your information security awareness program, the most important control to tune within your environment is your people.
As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker's ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads, VMware reveals.
A critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations. Several updated versions of Samba have been released on Monday, fixing CVE-2021-44142 and two other flaws, but since the software is included in most Linux and Unix-like operating systems, users of those are advised to keep an eye out for specific updates by those developer teams.
That's the sort of glitch behind CVE-2022-0330, a Linux kernel bug in the Intel i915 graphics card driver that was patched last week. Permission to load and run code on the GPU. Once again, in some environments, users might have graphics processing uniut "Coding powers" not because they are avid gamers, but in order to take advantages of the GPU's huge performance for specialised programming - everything from image and video rendering, through cryptomining, to cryptographic research.
Linux users on Tuesday got a major dose of bad news - a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes.
Dubbed PwnKit, it's been sitting in a user policy module used in Linux distros for over a decade and can be used by anyone to gain root privileges. Heads up, Linux users: A newly discovered vulnerability in pretty much every major distro allows any unprivileged user to gain root access to their target, and it's been hiding in plain sight for 12 years.
LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines.Due to this, ransomware gangs have evolved their tactics to create Linux encryptors that specifically target the popular VMware vSphere and ESXi virtualization platforms over the past year.