Security News

Offensive Security has released Kali Linux 2020.2, the latest iteration of the popular open source penetration testing platform. PowerShell has become more accessible: it has been moved from the Kali Linux's network repository to the kali-linux-large metapackage, meaning that it will be ready for use if users choose to install this metapackage during system setup or later, once Kali is up and running.

The sysctl system allows you to make changes to a running Linux kernel. The sysctl system also allows you to prevent things like SYN flood attacks and IP address spoofing.

The ToIP Foundation will use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online. "The ToIP Foundation has the promise to provide the digital trust layer that was missing in the original design of the Internet and to trigger a new era of human possibility," said Jim Zemlin, executive director at the Linux Foundation.

A recently identified botnet built using the Golang programming language is targeting Linux systems, including Internet of Things devices, using a custom implant, Intezer reports. The botnet, which security researcher MalwareMustDie named Kaiji, is of Chinese origin and spreads exclusively via SSH brute force attacks, targeting the root user only.

A new botnet has been infecting internet of things devices and Linux-based servers, to then leverage them in distributed denial-of-service attacks. The malware, dubbed Kaiji, has been written from scratch, which researchers say is "Rare in the IoT botnet landscape" today.

Are you certain your users are working with strong passwords on your Linux servers? Let John the Ripper show you who is and who isn't. The security of your Linux servers is only as strong as the passwords used by your end users.

WireGuard has yet to arrive in the Linux kernel, but you can still start testing how this new feature will work.

Red Hat announced the general availability of Red Hat Enterprise Linux 8.2, the foundation for Red Hat's hybrid cloud portfolio. Red Hat Enterprise Linux can help intelligently detect, diagnose and address potential issues before they impact production, driven by advancements in Red Hat Insights.

Siemens has released six new advisories for its April 2020 Patch Tuesday updates, including three that inform customers about the impact of the SegmentSmack vulnerability on some of the company's industrial products. Researcher Juha-Matti Tilli discovered in 2018 that the Linux kernel was affected by two vulnerabilities that could be exploited to launch remote denial-of-service attacks by sending specially crafted packets to the targeted system.

Five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and mobile devices running Android while remaining undetected for nearly a decade, according to BlackBerry. Linux runs nearly all of the top 1 million websites online, 75% of all web servers, 98% of the world's supercomputers and 75% of major cloud service providers.