Security News
Knowing which sudo or su command to run is important. If you're a new Linux admin, you probably at least know about sudo.
Google Chrome developers have announced plans to roll out DNS-over-HTTPS support to Chrome web browser for Linux. Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.
Recent Linux kernel updates include patches for a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Symantec reported on Monday that Piotr Krysiuk, a member of its Threat Hunter team, has identified two new vulnerabilities in the Linux kernel that can be exploited to bypass mitigations for the Spectre vulnerabilities.
New Linux admins need to know how to give and take sudo privileges from users. You might come into a situation when you need to "Promote" one of those users to admin and give them sudo privileges.
Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory.
![S3 Ep25: Drained accounts, ransomware attacks and Linux badware [Podcast]](/static/build/img/news/s3-ep25-drained-accounts-ransomware-attacks-and-linux-badware-podcast-small.jpg)
How a social engineer ripped off a victim lured in by one of those "Small outstanding fee to pay" home delivery scams. The ransomware crooks targeting networks that still haven't done their Hafnium patches.
Researchers at cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel. Except, of course, that most Linux systems not only come with hundreds or even thousands of kernel modules in the /lib/modules directory tree, ready to use in case they are ever needed, but also come configured to allow suitably authorised apps to trigger the automatic loading of modules on demand.
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.
To keep your Linux servers and desktops as secure as possible, you should check for and remove legacy communication services. Jack Wallen shows you how.
Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. GRIMM researchers discovered the bugs 15 years after they were introduced in 2006 during the initial development stages of the iSCSI kernel subsystem.