Archive for the ‘Linux Security’ Category

Linux 101 Hacks

Looking to enhance your Linux skills? Practical examples to build a strong foundation in Linux – credit: Ramesh Nararajan******************************************* Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Leave a Comment

10 Best Linux Distributions In 2023

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, simultaneously with Windows and macOS. Here we have provided you with a top 10 best Linux distros list 2023 for all professionals. Hence Linux can be defined as the most rebellious among the three, as it’s flexible and customization, including a bunch of various Best Linux […]

Leave a Comment

SUDO HAS A HIGH-SEVERITY VULNERABILITY THAT LOW-PRIVILEGE ATTACKERS MIGHT EXPLOIT TO GET ROOT ACCESS

Sudo is one of the most essential, powerful, and often used tools that comes as a core command pre-installed on macOS and practically every other UNIX or Linux-based operating system. It is also one of the programs that comes pre-installed as a core command. A system administrator has the ability to delegate authority to certain […]

Leave a Comment

A NEW PRIVILEGE ESCALATION VULNERABILITY IN THE LINUX KERNEL, ENABLES A LOCAL ATTACKER TO EXECUTE MALWARE ON VULNERABLE SYSTEMS

A new privilege escalation vulnerability has been identified in the Linux kernel by researcher Davide Ornaghi. This vulnerability might enable a local attacker to execute code on vulnerable computers with elevated rights if the kernel is installed on those systems. Additionally, Davide published the proof-of-concept and the write-up. The vulnerability, which has been assigned the tracking number […]

Leave a Comment

Kali Linux: What’s next for the popular pentesting distro?

If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it. We talked to Jim O’Gorman, Chief Content and Strategy Officer at Offensive Security (OffSec), about the direction in which the development of the open-source distro is headed. [The answers […]

Leave a Comment

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably best known […]

Leave a Comment

A New Linux Flaw Lets Attackers Gain Full Root Privilege

The Threat Research Unit at Qualys’ has revealed how a new Linux flaw tracked as (CVE-2022-3328),  may be combined with two other, seemingly insignificant flaws to gain full root rights on a compromised system. The Linux snap-confine function, a SUID-root program installed by default on Ubuntu, is where the vulnerability is located. The snap-confine program is used internally by […]

Leave a Comment

5 Kali Linux tools you should learn how to use

Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing. Kali Linux also comes with several hundred specialized tools for carrying out penetration testing, security research, computer forensics, reverse engineering, vulnerability management, and red team testing. Here are 5 you should learn […]

Comments (1)

5 Kali Linux books you should read this year

Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering. Here is a selection of books for different experience levels, you can either start from scratch or get advanced tips – there’s something for everyone. Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book […]

Comments (2)

Parrot Security OS 5.1 Release

Parrot 5.1 – What’s New? Parrot created the latest release of the operating system to ensure it was as stable and adaptable as possible. There are a number of factors that have contributed to the success of this project. Here below we have mentioned all the new additions:- New kernel 5.18 Updated docker containers Updated backports System […]

Leave a Comment

5 Kali Linux books you should read this year

Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) frameworks In-depth network scanning Web app pentesting Advanced techniques like “Living off the Land” AV […]

Leave a Comment

Latest OpenSSL version is affected by a remote memory corruption flaw

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory […]

Leave a Comment

Symbiote, a nearly-impossible-to-detect Linux malware

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with the infected systems. For this […]

Leave a Comment

Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats

Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities can be chained […]

Leave a Comment

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an […]

Leave a Comment

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape

A Linux kernel flaw, tracked as CVE-2022-0492, can allow an attacker to escape a container to execute arbitrary commands on the container host. A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0), can be exploited by an attacker to escape a container to execute arbitrary commands on the container host. The issue is a privilege […]

Leave a Comment

New Book: Advanced Security Testing with Kali Linux!

In Advanced Security Testing with Kali Linux you will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) Frameworks Indepth Network Scanning Web App Pentesting Advanced Techniques like “Living off the Land” AV Bypass Tools Using IoT Devices in Security and much, much more!! Learning attacker Tactics, Techniques and Procedures (TTPs) are imperative in defending […]

Comments (1)

CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager

Canonical’s Snap software packaging and deployment system are affected by multiple vulnerabilities, including a privilege escalation flaw tracked as  CVE-2021-44731  (CVSS score 7.8). Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range […]

Leave a Comment

Kali Linux 2021.4 released: Wider Samba compatibility, The Social-Engineer Toolkit, new tools, and more!

Samba Client, Kaboxer theme support Starting Kali Linux 2021.4, the Samba client is now configured for Wide Compatibility so that it can connect to pretty much every Samba server out there, regardless of the version of the protocol in use. This change should make it easier to discover vulnerable Samba servers “out of the box”, […]

Leave a Comment

Can *YOU* blow a PC speaker using only a Linux kernel driver?

We don’t often put out programming appeals on Naked Security, especially when the code that we’re looking for is dangerous and destructive. But this time we’re prepared to make an exception, given that it’s a rainy Friday afternoon where we are, and that this issue is now in its fifteenth consecutive year. Our attention was […]

Leave a Comment