The Linux Foundation and the Open Source Security Foundation (OpenSSF) have introduced the Open Source Software Security Mobilization Plan. This is in response to attacks on the software supply chain and an uptick in interest in securing them. Supply chains are appealing targets to malicious actors because they can compromise a single point and have a cascading impact across the ecosystem of customers, as the SolarWinds and Log4j attacks have shown.
Daily Archives: May 30, 2022
Linux malware is on the rise—6 types of attacks to look for
Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of things (IoT) devices. Still, not enough is done to protect the machines running it.
“Linux malware has been massively overlooked,” says Giovanni Vigna, senior director of threat intelligence at VMware. “Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers.”
Mobile Threat Volumes Slump 58% in a Year
USN-5431-1: GnuPG vulnerability
It was discovered that GnuPG was not properly processing keys
with large amounts of signatures. An attacker could possibly
use this issue to cause a denial of service.
DSA-5153 trafficserver – security update
Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in HTTP request
smuggling or MITM attacks.
DSA-5152 spip – security update
It was discovered that SPIP, a website engine for publishing, would
allow a malicious user to perform cross-site scripting attacks.