Security News

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. RedXOR's name comes from the fact that it encodes its network data with a scheme based on XOR, and that it's compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, suggesting that the malware is deployed in targeted attacks against legacy Linux systems.

A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel. Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.

Red Hat announced further strengthening of Red Hat Enterprise Linux as a platform of choice for users requiring more secure computing, with Red Hat Enterprise Linux 8.1 achieving Common Criteria Certification. The first major security certification for Red Hat Enterprise Linux 8, this validation emphasizes Red Hat's commitment to supporting customers that use the world's leading enterprise Linux platform for critical workloads in classified and sensitive deployments.

Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server.

Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.

Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. Voisin found the two working Linux and Windows exploits on the online VirusTotal malware analysis platform.

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. Kali Linux 2021.1 released: Tweaked DEs and terminals, new tools, Kali ARM for Apple Silicon MacsOffensive Security has released Kali Linux 2021.1, the latest version of its popular open source penetration testing platform.

Two developers, sponsored by Google, will dedicate their time to addressing vulnerabilities in the Linux kernel as part of a wider effort to improve the security of open-source software. Google will sponsor a pair of developers to work full-time on bolstering the security of Linux.

Google and the Linux Foundation this week announced the prioritizing of funds to allow long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving the security of the platform. The pervasive Linux operating system, according to a recent report from the Linux Foundation's Open Source Security Foundation and the Laboratory for Innovation Science at Harvard, needs additional work on security.

Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open source software.