Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.
Today’s newsletter highlights our two most recent feature articles: Secure Linux Hosting for Businesses and What Is Threat Intelligence? We also examine various topics including how the Necro Python bot is evading traditional security detection by morphing and a new survey revealing how enterprises handle the security concerns of vulnerability detection and patch management. Happy Monday - and happy reading!
Yours in Open Source,
LinuxSecurity.com Feature Extras:
Secure Linux Hosting for Businesses - Linux prevails as the most popular OS among hosting providers - and for good reason. Linux is secure by design , cost-efficient, compatible with the majority of key programming languages used worldwide and offers high levels of customization.
What Is Threat Intelligence? - Threat intelligence (or threat intell) is information used to understand past, present, and future threats targeting an organization. It is evidence-based knowledge about a previous, existing or emerging threat to organizational assets.
As the Linux Foundation's Zephyr Project celebrates its fifth anniversary, it has become apparent that addressing constrained device security challenges is more critical than ever. Luckily, the Zephyr Project is rising to meet these challenges. Learn how.
Offensive Security has announced the release of Kali Linux 2021.2 as the latest version of this Debian-based distro for ethical hacking and penetration testing. This release comes with a selection of new tools, and Raspberry Pi improvements. Learn the details.
Looking for s secure, reliable and user-friendly Linux distro? MX Linux is an impressive Linux distro with Xfce desktop environment as the default. It is lightning fast, stable and yet still offers modern versions of the software you might expect from other Linux distros.
Amazon Ring has announced that it will change the way police can request footage from millions of doorbell cameras in communities across the country. "Rings small reforms invite bigger questions: Why does a customer-focused technology company need to develop and maintain a feature for law enforcement in the first place? Why must Ring and other technology companies continue to offer police free features to facilitate surveillance and the transfer of information from users to the government?"
Detecting vulnerabilities and managing the associated patching is challenging even in a small-scale Linux environment. Scale things up and the challenge becomes almost unsurmountable. There are approaches that help, but these approaches are unevenly applied. Learn what a new survey reveals about how enterprises handle the security concerns of vulnerability detection and patch management.
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. This polkit local privilege escalation bug (tracked as CVE-2021-3560 ) was publicly disclosed, and a fix was released on June 3, 2021.
Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux, fixing 14 security vulnerabilities, including one zero-day vulnerability exploited in the wild (tracked as CVE-2021-30551). This marks the sixth Chrome zero-day exploited in the wild this year.