Subscribe: LinuxSecurity.com
http://www.linuxsecurity.com/static-content/linuxsecurity_hybrid.rss
Preview: LinuxSecurity.com

LinuxSecurity.com



The central voice for Linux and Open Source security news.



 



The Pirate Bay Takes Heat for Testing Monero Mining

Fri, 22 Sep 2017 09:29:05 +0000

LinuxSecurity.com: The Pirate Bay has come under fire for testing a Monero javascript miner as a possible means for generating new revenue to replace its current model of making money through advertising on the site.



Joomla patches eight-year-old critical CMS bug

Fri, 22 Sep 2017 09:23:20 +0000

LinuxSecurity.com: Joomla has patched a critical bug which could be used to steal account information and fully compromise website domains. This week, the content management system (CMS) provider issued a security advisory detailing the flaw, which is found in the LDAP authentication plugin.



You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

Thu, 21 Sep 2017 10:22:54 +0000

LinuxSecurity.com: Slack is distributing open Linux-based versions of its technology that are not digitally signed, contrary to industry best practice.



Apple's facial recognition: Well, it is more secure for the, er, sleeping user

Thu, 21 Sep 2017 10:20:53 +0000

LinuxSecurity.com: Hackers have defeated the Touch ID technology that has been superseded by Face ID. Galloway reckons it's only a matter of time before attacks against Apple's latest authentication technology are successful.



Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Wed, 20 Sep 2017 09:31:19 +0000

LinuxSecurity.com: Thousands of companies may be susceptible to the same type of hack that recently struck Equifax. The Equifax breach was the result of a vulnerable Apache Struts component.



Cloud Security Error Exposes Half a Million Voters' Personal Information

Wed, 20 Sep 2017 09:25:26 +0000

LinuxSecurity.com: Another day, another cloud leak: Kromtech researchers recently came across a misconfigured CouchDB database exposing information on 593,328 Alaskan voters.



Fedora 25: mpg123 Security Update

Fri, 22 Sep 2017 19:47:00 +0000

LinuxSecurity.com: Update to upstream release 1.25.6



Fedora 25: drupal7-views Security Update

Fri, 22 Sep 2017 19:44:00 +0000

LinuxSecurity.com: * [7.x-3.18](https://www.drupal.org/project/views/releases/7.x-3.18) * [7.x-3.17](https://www.drupal.org/project/views/releases/7.x-3.17) * [Moderately Critical - Access Bypass - DRUPAL-SA- CONTRIB-2017-068](https://www.drupal.org/node/2902604)



Fedora 25: krb5 Security Update

Fri, 22 Sep 2017 19:41:00 +0000

LinuxSecurity.com: - Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname.



Fedora 26: httpd Security Update

Fri, 22 Sep 2017 15:22:00 +0000

LinuxSecurity.com: This is a release fixing a security fix applied upstream, known as "optionsbleed" in popular parlance. It is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).



Fedora 26: gnome-shell Security Update

Fri, 22 Sep 2017 15:21:00 +0000

LinuxSecurity.com: Fix crash on fast status icon remapping



Fedora 26: drupal7-views Security Update

Fri, 22 Sep 2017 15:13:00 +0000

LinuxSecurity.com: * [7.x-3.18](https://www.drupal.org/project/views/releases/7.x-3.18) * [7.x-3.17](https://www.drupal.org/project/views/releases/7.x-3.17) * [Moderately Critical - Access Bypass - DRUPAL-SA- CONTRIB-2017-068](https://www.drupal.org/node/2902604)



Social Engineering Methods for Penetration Testing

Fri, 21 Oct 2016 10:18:59 +0000

LinuxSecurity.com: Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.



Putting Infosec Principles into Practice

Fri, 23 Sep 2016 10:53:29 +0000

LinuxSecurity.com: When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.