Security News

Bluetooth vulnerabilities that a Google security researcher has identified in the Linux kernel could be exploited to run arbitrary code or access sensitive information. The most severe of these flaws is CVE-2020-12351, a heap-based type confusion that affects Linux kernel 4.8 and higher.

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things devices. According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under GNU General Public License, features the BlueZ kernel that has been part of the official Linux kernel since version 2.4.6.

Microsoft Linux is the next evolution of the Microsoft desktop operating system, argues Jack Wallen. It makes sense, especially given how hard Microsoft is working on Windows Subsystem for Linux, but from everything I've witnessed over the last few years, I think there's a conclusion to be drawn that makes even more sense for Microsoft.

While the spyware previously targeted Windows, iOS and Android users, researchers have discovered these campaigns using new variants that target macOS and Linux users. These samples include "Jabuka.app," a FinSpy variant for macOS, and "PDF," a FinSpy variant for Linux.

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. According to the human rights organization Amnesty International, the newly discovered campaign is not linked to 'NilePhish,' a hacking group known for attacking Egyptian NGOs in a series of attacks, involving an older version of FinSpy, phishing technique, and malicious Flash Player downloads.

Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose. The gocryptfs tool allows you to encrypt only the directories you need.

Red Hat Enterprise Linux has further solidified itself as a platform of choice for users requiring more secure computing, with Red Hat Enterprise Linux 7.6 achieving Common Criteria Certification as well as Commercial Solutions for Classified Status. For Common Criteria, Red Hat Enterprise Linux 7.6 was certified by the National Information Assurance Partnership, with testing and validation completed by Acumen Security, a U.S. government-accredited laboratory.

Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.

Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records," ESET researchers said in a Thursday analysis.

According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target. Many organisations choose Linux for strategically important servers and systems, and with a "Significant trend" towards using Linux as a desktop environment by big business as well as government bodies, attackers are in turn developing more malware for the platform.