Security News

Microsoft releases PowerShell 7 for Windows, macOS and Linux
2020-03-06 10:06

Microsoft has released PowerShell 7, the latest major update to its popular task automation tool and configuration management framework that can be used on various operating systems. PowerShell was initially a Windows component, but was open-sourced in 2016 and made available for Windows, macOS and various Linux distributions.

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
2020-03-06 06:17

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections.

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
2020-03-06 06:17

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections.

How to install and use the NordPass password manager on Linux
2020-03-05 22:18

The makers of NordVPN have come out with a new version of their NordPass password manager. From the office of "Things you should have started doing years ago," comes a warning I've given countless times: A password manager should be considered a must-have.

How to install and use the open source OTPClient 2FA tool on Linux
2020-03-04 16:48

If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient.

How to create a Linux user that cannot log in
2020-03-03 14:49

For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.

Kali Linux evolution: What’s next for the open source pentesting Linux distro?
2020-03-02 06:00

According to Jim O'Gorman, Chief Content and Strategy officer at Offensive Security and leader of the Kali team, Kali users generally fall into two buckets: highly informed, experienced professionals/hobbyist and individuals that are new to Linux in general. "As a whole, I think it's fair to say that we build and design Kali for security professionals and hobbyists to utilize as a base platform for their work. These are individuals that could easily roll their own version of Linux for their needs, but if Kali is done right, it's a no-brainer to use it and save the work and effort that would go into building your own," he told Help Net Security.

How to install and use the open source OTPClient 2FA tool on Linux
2020-02-28 21:15

If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient. What about those looking for an open source GUI 2FA tool for the Linux desktop? If that's you, there's OTPClient.

How to create a Linux user that cannot log in
2020-02-25 21:58

For security reasons, you might need to create a Linux user without the ability to log in. As a Linux system administrator, there are times when you might need to create a user who doesn't have the ability to log in.

The “Cloud Snooper” malware that sneaks into your Linux servers
2020-02-25 13:35

TCP source ports only need to be unique for each outbound connection, so most programmers simply let the operating system choose a port number for them, known in the jargon as an ephemeral port. Most of the time it won't, because the crooks use source port numbers below 10000, while conventional software and most modern operating systems stick to source port numbers of 32768 and above.