Security News

Windows 10 now lets you run Linux GUI apps without using a virtual machine after Microsoft added GUI support to the Windows Subsystem for Linux. Microsoft designed the WSL compatibility layer to make it possible for Windows 10 customers to run Linux binaries in ELF format natively on their Windows computers, in a PowerShell or Windows 10 command prompt.

In a rare, groundbreaking decision, Linux kernel project maintainers have imposed a ban on the University of Minnesota from contributing to the open-source Linux project. The move comes after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux codebase, as a part of their research activities.

The Linux Foundation announced Linux Foundation Research, a new division that will broaden the understanding of open source projects, ecosystem dynamics, and impact, with never before seen insights on the efficacy of open source collaboration as a means to solve many of the world's pressing problems. Through a series of research projects and related content, Linux Foundation Research will leverage the Linux Foundation's vast repository of data, tools, and communities across industry verticals and technology horizontals.

A new malicious package has been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems. The malicious package is called "Web-browserify," and imitates the popular Browserify npm component downloaded over 160 million times over its lifetime.

Knowing which sudo or su command to run is important. If you're a new Linux admin, you probably at least know about sudo.

Google Chrome developers have announced plans to roll out DNS-over-HTTPS support to Chrome web browser for Linux. Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.

Recent Linux kernel updates include patches for a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Symantec reported on Monday that Piotr Krysiuk, a member of its Threat Hunter team, has identified two new vulnerabilities in the Linux kernel that can be exploited to bypass mitigations for the Spectre vulnerabilities.

New Linux admins need to know how to give and take sudo privileges from users. You might come into a situation when you need to "Promote" one of those users to admin and give them sudo privileges.

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory.

How a social engineer ripped off a victim lured in by one of those "Small outstanding fee to pay" home delivery scams. The ransomware crooks targeting networks that still haven't done their Hafnium patches.