PPAs Management Improved in Ubuntu 23.01 for Enhanced Security
Canonical confirmed that they had been developing a new method for managing PPAs (Personal Packaging Archives) in the next Ubuntu 23.10 (Mantic Minotaur) release. The...
Check the status of CVEs. Learn More.
Not sure what live patching is or how it works? Check out this comprehensive guide.
Canonical confirmed that they had been developing a new method for managing PPAs (Personal Packaging Archives) in the next Ubuntu 23.10 (Mantic Minotaur) release. The...
Ransomware perpetrators are continually devising innovative strategies to coerce their victims into meeting their demands. But, in most cases, threats are aimed at those who...
UNC3944 has been using advanced phishing and SIM swapping methods to access Microsoft Azure administrator accounts and infiltrate virtual machines (VMs), gain control of compromised...
Tails 5.13, a privacy-focused Debian-based GNU/Linux distribution, has been released with important changes for enhanced anonymity and file security. The Amnesic Incognito Live System, or...
As part of the #StopRansomware campaign, the U.S. and Australian governments, as well as the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and Australian...
CISOs are getting more deeply involved in organizations, which includes an increasing focus on risk management, and not just from a threat perspective – but...
Linux Kernel 6.2 is now EOL (End of Life) as displayed on kernel.org, which means it will no longer receive bug and security fixes. Released...
Claroty and Otorio have discovered severe flaws in Teltonika Networks’ Industrial Internet of Things (IIoT) devices, posing a substantial danger to operational technology (OT) networks....
CISA (Cybersecurity and Infrastructure Security Agency) added seven new Linux vulnerabilities to its known exploited vulnerabilities (KEV) catalog on May 12, 2023. These include Ruckus...
In a world where technology ceaselessly advances, organizations find themselves in a constant pursuit of the latest software iterations. Canonical’s Ubuntu 18.04, a Long Term...
A researcher known as “vdohney” discovered a critical vulnerability (CVE-2023-32784) in the open-source password manager KeePass. This vulnerability allows hostile actors to get the master...
Welcome to the TuxCare Weekly Blog Wrap-Up – your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the...
SentinelOne has issued a warning regarding an increase in the number of new ransomware families created exclusively for VMware ESXi systems. These dangerous apps are...
The AlmaLinux OS recently announced the release of AlmaLinux 9.2, the newest version of their free and open-source enterprise-grade operating system. This release is binary...
In May 2022, the AlmaLinux Foundation launched AlmaLinux 9. At first, there wasn’t a straightforward method for upgrading from AlmaLinux 8 to AlmaLinux 9, so...
According to a recent Capterra survey, an alarming 61% of U.S. organizations have suffered significant repercussions as a result of software supply chain vulnerabilities in...
KDE Plasma 6 is in development and will bring numerous exciting updates and new features. Over the past weekend, the KDE Project and TUXEDO Computers...
Operational technology (OT) requires protective cybersecurity measures just like any other system – and even more so given that some OT supports mission-critical environments such...
Deep Instinct has discovered the existence of BPFDoor, a previously unreported and exceedingly elusive variation of a Linux backdoor. This backdoor has garnered popularity due...
Canonical, the publisher of widely used Ubuntu Linux distribution, has announced the release of an optimized version of Ubuntu 23.04 for the StarFive VisionFive 2...
We have received requests for assistance with converting systems running RHEL 7 to CentOS 7. There are various reasons for organizations wanting to make this...
According to Imperva’s 10th annual Bad Bot Report, bad bot traffic has dominated the internet, hitting a new high of 47.4% of all online activity,...
Red Hat has announced the release of Red Hat Enterprise Linux 9.2, the latest update to their Red Hat Enterprise Linux operating system series. RHEL...
Cyberattacks are primarily motivated by financial gain, which leads attackers to come up with new techniques to access data continuously. Despite the constant rise in...
ESET has discovered a new Lazarus campaign as part of “Operation DreamJob,” marking the first instance of malware targeting Linux users and verifying Lazarus’ participation...
Companies collaborate to efficiently offer world-class support for Japan’s vast prospective user base Uniquely arms organizations with automated security patching, continuous compliance and minimal downtime...
Welcome to the TuxCare Weekly Blog Wrap-Up – your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the...
Core technologies including encryption, password management, and two-factor authentication are being evaluated as threat actor protection tactics, however, patch management should not be forgotten in...
A new version of the Raspberry Pi OS for Raspberry Pi devices was recently made available by the Raspberry Pi Foundation. It includes updated applications,...
DevSecOps, an evolution of the DevOps approach, takes security into deeper consideration from the start of the software development process. By taking a DevSecOps approach,...
A NewsGuard research discovered the use of artificial intelligence (AI) in the production of content farms that not only lack usefulness but also restrict access...
The Debian Project has made an announcement about the release of Debian 11.7, which is now publicly available. This release marks the seventh ISO update...
Vulnerability management is a critical process for organizations to ensure the security and integrity of their systems and data. Core to proper vulnerability management is...
In a threat alert, Meta revealed that malicious actors are taking advantage of the rising popularity of generative artificial intelligence (AI), particularly ChatGPT, to carry...
Ubuntu 18.04 LTS, codenamed Bionic Beaver, was launched in April 2018 and was backed by Canonical with software and security updates for at least five...
A nation’s infrastructure makes for an attractive target because infrastructure is so critical to everyday life. Critical infrastructure such as electricity distribution, telecoms, and oil...
Denis Gennadievich Kulkov, a Russian national suspected of masterminding a profitable stolen credit card checking enterprise worth tens of millions of dollars, has been indicted...
In May 2022, the team behind AlmaLinux published AlmaLinux release 9, but initially, there was no simple upgrade route from AlmaLinux 8 to AlmaLinux 9,...
Kaspersky Lab has discovered a new Android subscription virus known as ‘Fleckpe’ on Google Play, the main software store for Android smartphones. This virus, disguised...
The Document Foundation released LibreOffice 7.5.3 as the third maintenance update to the free and open-source office suite series, LibreOffice 7.5. Almost five weeks after...
As software gets older and reaches its end-of-life (EOL) stage, it is no longer supported by the developers and can become vulnerable to security threats...
Microsoft has issued a warning about two cybercrime gangs that are aggressively exploiting vulnerabilities in PaperCut, a popular print management program. The groups in question...
Canonical released new Ubuntu kernel updates to patch two security vulnerabilities that allow an attacker to escalate their privileges on the system. The security updates...
Technological evolution can be defined in two contrasting ways: a steady progression marked by incremental improvements or a disruptive leap that redefines the status quo....
U.S. cybersecurity authorities have met with tech leaders and industry groups to advocate for the use of “secure by design” concepts in commercial software. The...
The latest desktop environment, GNOME 44, has received its first point release as the GNOME project released GNOME 44.1 last week. This brings numerous fixes...
APTs are highly sophisticated cyberattacks that are targeted at large or prominent organizations and carried out by well-resourced threat actors, such as nation-state-sponsored groups or...
According to a recent MyCena Security Solutions analysis, password resets may cost Financial Times Stock Exchange (FTSE 100) corporations more than $156 million every month....
GNU Linux-Libre 6.3 kernel is now publicly available, allowing users to have 100% freedom for their Linux systems. Linux 6.3 introduced several new wireless drivers,...
Red Hat announced over two years ago that they were altering their approach towards CentOS Linux, which involved discontinuing support for the widely popular stable...
The Cloud Security Alliance (CSA) has released a study detailing five ways attackers might leverage ChatGPT to improve their attack arsenal. The research investigates how...
Senior executives in financial services firms understand the critical role that risk management plays in protecting the assets of their clients, their organization’s assets, and...
The latest release of Fedora Linux, Fedora 38 has finally been released, which comes packed with lots of improvements, including Linux kernel 6.2 and GNOME...
Cybersecurity researchers have issued a warning about ViperSoftX, an information-stealing virus that has infected a large number of people and businesses who use Windows. According...
If you’re employed at the C-level, you’re hired to deal with challenges and… well, every year is going to be challenging. That said, sometimes these...
Fortra has discovered a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT utility, which has been actively abused by ransomware perpetrators to steal...
You may be familiar with the KDE desktop environment and the many software applications that are available through the KDE community. On April 20th, the...
Introduction: As businesses grow and evolve, they often need to upgrade their technology infrastructure to meet changing demands. One way to accomplish this is...
According to Palo Alto Networks Unit 42, there has been a monthly surge of 910% in newly registered and squatted domains associated to ChatGPT between...
With the release of Ubuntu 23.04, all the official Ubuntu flavors have been upgraded to version 23.04. Those official flavors include Edubuntu 23.04, Kubuntu 23.04,...
Recognizes KernelCare Enterprise’s uniquely automated security patching with zero downtime PALO ALTO, Calif. – May X, 2023 – TuxCare, a global innovator in enterprise-grade...
Proxylife and the Cryptolaemus group have detected a new phishing effort that distributes QBot malware via PDFs and Windows Script Files (WSF). QBot, also known...
Canonical released new kernel security updates on 19th April 2023 for patching 17 security vulnerabilities found in the Ubuntu kernels. These Ubuntu kernel security updates...
Binary compatibility is an essential technical concept that often remains overlooked but plays a crucial role in enabling programs to be distributed across different platforms....
A study conducted by ESET reveals that 56% of second-hand corporate network devices still contain sensitive company data. The security vendor purchased 16 recycled devices...
After the release of Linux Kernel 6.2 a few months ago, the latest stable version, Linux Kernel 6.3 has been released on April 23rd. This...
Patch management is a critical element in the world of cybersecurity, and patching vulnerabilities is critical across an organization’s entire ecosystem – from the largest...
Cisco and VMware have released security patches to address serious security flaws which malicious actors might exploit to execute arbitrary code on vulnerable computers. A...
AlmaLinux 9 was released in May 2022. At first, there was no easy upgrade path from AlmaLinux 8 to AlmaLinux 9. All upgrades required a...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has found two actively exploited vulnerabilities in its Known Exploited Vulnerabilities (KEV) list. The first is an...
Edubuntu 23.04 has released on April 20th as an official Ubuntu flavor based on Ubuntu 23.04 (Lunar Lobster). Edubuntu, formerly known as Ubuntu Education Edition,...
Welcome to the final installment of our five-part series looking at code bugs responsible for the vulnerabilities and exploits we try to stay safe from....
Trellix, a cybersecurity firm, has provided detailed information on the modus operandi of a new cybercriminal gang called the “Read The Manual” Locker. The group...
The Slint team announced the release of Slint 1.0, an open-source graphical toolkit based on the Rust programming language, on April 3rd, 2023. Formerly known...
“What do you mean having poor cybersecurity can get me in jail?” … is what probably went through the mind of the ex-CEO of a...
Google’s product security response team has discovered a Spectre-related vulnerability in Linux kernel version 6.2, extending the threat posed by the bug that has plagued...
The CentOS Project issued an important notice regarding the end dates for CentOS Linux 7 and CentOS Stream 8, urging users and administrators to start...
As the U.S. tax season comes to a close, Microsoft warns that a new phishing effort is targeting accounting companies and tax preparers, planting malware...
The upcoming release, Firefox 113 is set to introduce some exciting features, such as animated AV1 images (AVIS) support, a more secure password generator with...
Managed Service Providers (MSP s) play a critical role in maintaining reliable and secure systems for their clients. But, as a trusted technology partner, MSPs...
The notorious North Korean threat group, the Lazarus Group, has shifted its focus and updated its tactics as part of a campaign called DeathNote, according...
Welcome to part four of the five-part series where we look at the code bugs that explain the many exploits reported on a regular basis....
A handful of faults in Nexx’s smart home gadgets that hackers can exploit are estimated to put over 40,000 residential and commercial premises at danger....
End-of-life (EOL) software can pose serious security risks. In this post, we’ll be exploring the dangers of using EOL software, including specific risks for Linux...
BlackArch Linux, a distribution for penetration testing and ethical hacking based on Arch Linux, has released new ISOs containing more than 2800 tools. After a...
Security researchers from Trustwave SpiderLabs have discovered a new strain of malware called Rilide, which specifically targets users of Chromium-based browsers, including Google Chrome, Microsoft...
Linux Lite, an Ubuntu-based distribution designed to run smoothly on less powerful hardware, has released a fresh version 6.4 for download. Linux Lite 6.4 is...
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has released eight advisories concerning Industrial Control Systems (ICS) vulnerabilities in products from Hitachi...
Recently, the Linux kernel was found to have several critical flaws. Memory exhaustion, system crashes, denial of service (DoS), the disclosure of private data, cross-site...
A persistent effort that targets “all known and recently discovered theme and plugin vulnerabilities” has hacked an estimated one million WordPress websites according to Sucuri....
Operating system (OS) virtualization can accomplish incredible things. By abstracting the hardware layer, virtualization makes an OS believe it is running natively on hardware –...
Xubuntu 23.04, based on Ubuntu 23.04 (Lunar Lobser), is scheduled to release on April 20, 2023. Built on the Linux kernel 6.2, Xubuntu 23.04 will...
Operating in a cloud environment has risks that you need to be aware of, folks. In this article, I’ll be talking about the cloud security...
Genesis, an infamous hacker marketplace, was brought down by a 17-country multinational law enforcement operation. It was discovered that the marketplace was selling access to...
You’ve surely noticed the trend – it’s hard to miss if you’ve been paying attention. Changelogs have been getting more and more sparse, especially in...
Two security companies have detected a supply chain attack on 3CX, a popular communication software provider. The malware has infected the Windows Electron client, but...
Canonical made the beta version of its upcoming Ubuntu 23.04 (Lunar Lobster) operating system available for public testing on March 30 before the official release...
Fintech applications require a particularly strong security posture. After all, you’re safeguarding the financial data (or even more disconcerting – the money) of your customers. ...
The Cybersecurity and Infrastructure Security Agency (CISA) has directed government agencies to address security flaws used in zero-day attacks during recent incidents in which commercial...
GNOME 44, code-named “Kuala Lumpur”, is officially released and packed with new improvements, eye-catching features, quick settings, accessibility improvements, and more. GNOME is a widely...
A new modular toolkit, AlienFox, allows malicious actors to harvest credentials from multiple cloud service providers, according to SentinelLabs. The toolset is available for sale...
PALO ALTO, Calif. – April 11, 2023 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it was honored in the 17th...
Google Project Zero discloses CentOS Linux kernel flaws after failing to release timely fixes before the 90-day deadline. Google Project Zero is a security team...
Linux is everywhere in higher education – from the computer science lab right through to the large server fleets power cutting-edge research and everything in...
Experts in cybersecurity have lately identified a significant increase in the activity of botnets that propagate malware and attack vulnerable network devices. These assaults transmit...
Ubuntu Cinnamon Remix will officially join the other flavors as an official Ubuntu flavor with the next Ubuntu 23.04 (Lunar Lobster) release. The primary goal...
AlmaLinux is proving to be a popular alternative to the now-nearly-dead CentOS stable release. However, plenty of CentOS 7 and 8 users are still using...
Security researchers from cybersecurity firm Wiz have uncovered a new type of attack that enables hackers to bypass authentication and take over user accounts in...
As enterprises continue to innovate, the need for faster and more efficient data processing is growing. Edge computing, Internet of Things (IoT) devices, and sensors...
According to a recent campaign by Earth Preta, nation-state hackers aligned with China are becoming increasingly adept at circumventing security solutions. The threat actor has...
Healthcare organizations handle a vast amount of sensitive and confidential information, making these organizations a prime target for cyberattacks. The result: strict compliance requirements that...
Ubuntu 23.04, which is also known as Lunar Lobster, is set to get its final release on April 20, 2023. It is a short-term release...
According to Malwarebytes, tax fraudsters are on the rise courtesy of the “Trojan Emotet” to carry out their operations. It is capable of intercepting network...
The popular open-source and cross-platform browser, Mozilla Firefox, is gearing up for its major next release, Firefox 112. This release brings some exciting updates for...
On the second day of Pwn2Own Vancouver 2023, a group of security researchers exploited ten zero-day vulnerabilities in various products, earning $475,000 in total. The...
Mozilla has allocated a $30 million budget to initiate a new startup Mozilla.ai, which aims to build a trustworthy open-source AI ecosystem that benefits all....
The AT&T Alien Labs team discovered a new version of the BlackGuard stealer with additional features such as USB propagation, persistence mechanisms, memory loading of...
SaveDesktop is an open-source application that allows you to store your Linux desktop configuration. Have you spent hours configuring your Linux desktop to look just...
Google has removed a fake Chrome browser extension called “ChatGPT For Google” from its Web Store after it was discovered to be a phishing tool...
Google’s Project Zero has discovered 18 zero-day vulnerabilities in Samsung’s Exynos chips, which attackers could use to completely compromise a phone without the user’s knowledge....
A new variant of IceFire ransomware has been discovered that targets Linux systems. In the past, it has been found to target Windows only. This...
Cybersecurity threats are ever present and government organizations face unique challenges in securing the sensitive information of citizens. As workers with limited technology training become...
ReliaQuest has discovered a security incident caused by the QBot banking trojan in a client’s environment. A threat actor gained access to the network via...
Docker is a popular open-source containerization platform that helps to create, deploy, and manage applications in a containerized environment. Recently, concerns have been raised in...
Sometimes getting 101’s right comes down to how seriously you take the issue – whether it’s given the right level of priority. Take health 101’s:...
Offensive Security has announced the release of Kali Linux 2023.1, marking the 10th anniversary of the project. The latest version of the distribution includes a...
The sanctions imposed on the Russian government and its defense industry have caused some interesting issues in the open-source community. The conflict between Russia and...
IoT in manufacturing and production industries enables higher levels of automation, data collection, and efficiency, so it’s no surprise that IoT empowers manufacturers tremendously. In...
Cybercriminals have found a new way to distribute info-stealing malware to unsuspecting users by abusing Adobe Acrobat Sign, a popular online document signing service. Avast...
A new Ubuntu Desktop is in development that provides the usual Ubuntu experience with the addition of Flatpak preinstalled. Since Canonical announced it to not...
“No plan survives contact with the enemy” is one of the truisms of conflict. It’s somewhat (un)surprising how accurately this describes the cybersecurity posture of...
Btrfs, the short form for “B-Tree File System,” is a Linux kernel-based, state-of-the-art file system that seeks to replace the current standard ext4 file system...
Reaching an acceptable level of cyber hygiene is a challenge for all healthcare providers, hospitals, and pharmaceutical companies. Many security breaches occur with legacy systems...
Cybersecurity researchers from SentinelLabs discovered a new variant of the Icefire ransomware, with a specific focus on Linux enterprise systems. SentinelLabs was the first to...
Vanilla OS 2.0 had been using Ubuntu from its early development stages, but now it is all set to shift to Debian Sid. Vanilla OS...
The core reason why organizations utilize CI/CD is that they’re supremely beneficial for system administration, live patching, or patch management, as well as testing code...
A former TikTok risk manager has met with congressional investigators to express his concerns that the company’s plan for protecting user data in the United...
In the current scenario where almost all software uses open-source code, at least one known open-source vulnerability was detected in 84% of them. The researchers...
It’s been about a decade since the discovery of Heartbleed, a dangerous OpenSSL exploit that affected millions of systems – and a vulnerability that made...
Palo Alto Networks’ Unit42 researchers have discovered a new GoBruteforcer malware that targets phpMyAdmin, MySQL, FTP, and Postgres. The newly discovered Golang-based botnet malware seeks...
Several critical vulnerabilities were detected in the Linux kernel that could cause a denial of service (DoS), possibly execute arbitrary code, and leak sensitive information....
Buffer overflow vulnerabilities are still a common route by which cyber criminals get illegal access to computer systems. It’s a growing problem too as there...
According to cybersecurity firm Mandiant, a North Korean espionage group known as UNC2970 has been carrying out spear-phishing attacks against media and technology organizations in...
Linux Torvalds announced the first release candidate for Linux Kernel 6.3 on March 14, 2023. This kernel release candidate officially starts the testing phase for...
We need an opportunity to achieve our cybersecurity goals. The tighter this window, the harder it becomes to do our cybersecurity jobs. Recent reports stating...
PALO ALTO, Calif. – March 21, 2023 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it received top honors in this...
Mandiant researchers have discovered a malware campaign that targets SonicWall SMA 100 Series appliances and is thought to have originated in China. The malware was...
You don’t need to be a Linux mastermind to recover lost and deleted data in Linux. With the right know-how, you can recover both, and...
Two buffer overflow vulnerabilities in the Trusted Platform Module (TPM) 2.0 specification could allow attackers to access or replace sensitive data such as cryptographic keys....
Canonical has released new Linux kernel security updates that address 17 vulnerabilities affecting Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS systems running Linux...
Lucky Mouse, a cyber threat group, has created a Linux version of the malware called SysUpdate, increasing its ability to attack devices that use the...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a free and open-source tool called Decider to assist defenders in mapping adversary behavior to...
It’s crucial for organizations to adopt patch management best practices to keep their systems as secure as possible. I’ll be walking you through the importance...
Brave Search now includes Summarizer, an AI-powered tool that provides a summarized answer to an inputted question before the rest of the search results. It...
Recently, Canonical announced that all Ubuntu Flavors would not include Flatpak by default. Flatpak was introduced to Ubuntu several years ago with the goal of...
Cybercriminals use a range of strategies to target vulnerable systems – and remote code execution (RCE) attacks are one of the most common strategies. Indeed,...
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a new ransomware gang known as Royal ransomware. The ransomware...
Security researchers have discovered 700+ malicious open-source packages in npm and PyPI. npm and PyPI are among the most widely used software repositories globally by...
Freshen up with something new and improved – if it’s as simple as applying a software update…. well, why not? That’s a tempting argument to...
In an effort to shift the burden of defending U.S. cyberspace away from small organizations and individuals, the Biden Administration is pushing for new regulations...
There have been countless articles posted about the new AI chat bots in the past few months, and, since those bots became available to the...
The Trellix Advanced Research Center (TARC) has discovered a new type of privilege escalation bug on MacOS and iOS. These bugs could potentially allow attackers...
Elektrobit and Canonical announced the partnership on October 27, 2022, to lead the path toward a new era of software-defined vehicles. After some months of...
It’s impossible to avoid change in technology – by definition, technology always moves forward. And that’s generally great news, but keeping up with the changes...
Microsoft recently issued a new security advisory urging Exchange Server administrators to remove certain antivirus software exclusions that could expose systems to attacks. According to...
KDE Plasma is a popular desktop environment that allows users to interact with their computers through a graphical interface. It is widely used on Linux-based...
Infrastructure is at the core of any business – whether it’s a pipeline for liquids, a data center, or the development process you’ve taken years...
Google has uncovered a critical Remote Code Execution (RCE) vulnerability in Chrome that could allow attackers to take control of affected systems. Users who are...
Real-time Ubuntu offers secure and reliable solutions for time-sensitive workloads in modern enterprises. By including real-time computing support, Canonical showcases its dedication to providing the...
Cybercriminals are exploiting unpatched vulnerabilities in Fortinet and Zoho products, leaving many organizations vulnerable. According to a Check Point Research report, attackers have been exploiting...
Linux 6.2 is the major kernel update of the year 2023 with some new exciting features. It undergoes a range of updates and improvements, such...
Cybercriminals are now delivering stealthy malware onto Macs using pirated versions of the video editing software Final Cut Pro. This is a concerning trend because...
If you have limited resources, what should you do first: make your systems more tamper proof by patching where and when you can, or ensure...
Unit 42 researchers discovered “Mirai v3g4”, a new variant of the Mirai botnet that targets 13 unpatched vulnerabilities in Internet of Things (IoT) devices. The...
Proxmox VE is an open-source platform for server virtualization that offers robust capabilities for managing both KVM (Kernel-based Virtual Machine) hypervisors and Linux Containers (LXC)....
Threat actors are actively exploiting two zero-day vulnerabilities in Windows and iOS, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The first flaw,...
KernelCare Enterprise’s Linux kernel live patching software has supported ARMv8 (AArch64) in addition to x86_64 (Intel IA32/AMD AMD64) for some time now. However, to get...
Group-IB recently discovered a new phishing campaign believed to be the work of the notorious Chinese state-sponsored hacking group, Sidewinder. The attacks, which began in...
No matter which tech stack you depend on, you can be sure it’s composed of plenty of building blocks – lots of moving parts stacked...
A critical Remote Code Execution (RCE) vulnerability in a popular software library used by a wide range of applications has been discovered by researchers. The...
Denial of Service (DoS) attacks are a special type of cybersecurity threat. The attacker does not need to hack your systems or find a gap...
Forescout researchers discovered two new vulnerabilities in Schneider Electric’s Modicon programmable logic controllers (PLCs), which could allow for authentication bypass and remote code execution. The...
KernelCare Enterprise enables organizations to rapidly patch Linux kernel and critical userspace library vulnerabilities on enterprise Linux environments without requiring kernel restarts or system downtime....
According to Blackberry researchers, a new phishing campaign dubbed “NewsPenguin” has been targeting Pakistan’s military-industrial complex for months, using an advanced malware tool to steal...
Managed services providers (MSPs) face several challenges that can affect their ability to deliver high-quality service. Keeping up with rapidly evolving technology is one challenge...
Microsoft has announced that its support diagnostic tool, MSDT, will be phased out by 2025. The Windows Diagnostic Data Viewer (DDV) application will replace the...
Patches for recently discovered OpenSSL vulnerabilities are already available through TuxCare’s KernelCare Enterprise, which, for some distributions, we’ve released before the vendor-supplied updates have been...
A game mode in Dota 2 exploited a high-severity vulnerability, allowing attackers to remotely execute code on the targeted system. The flaw was discovered in...
Keeping databases patched with the latest security updates is essential for organizations to protect their data. Unpatched database systems can lead to exploits against core...
Proofpoint Threat Research researchers have discovered a new phishing campaign that employs screenshots to deliver malware payload to unsuspecting victims. The attacker sends an email...
TuxCare was there with you right at the start of the CentOS crisis, just as Red Hat suddenly pulled the rug from one of the...
Researchers have discovered a new type of obfuscated malware that is specifically designed to steal sensitive data from victims’ computers. Malware is distributed through phishing...
With Centos-8 EOL, open-source communities of enterprise users and web hosts now face a great amount of risk. But, extended lifecycle support solutions can buy...
Abnormal Security discovered a new business email attack threat actor known as “Firebrick Ostrich” performing Business email compromise (BEC) on a near-industrial scale. It also...
We first reported on W4SP Stealer in November in response to widespread news of a new Python supply chain attack. Unfortunately, as it so often...
Censys, a security firm, has warned that up to 29,000 network storage devices manufactured by Taiwan-based QNAP are vulnerable to easily executed SQL injection attacks,...
Agile methodologies, cloud computing, and automation tools allow software development teams to work faster and more efficiently. They emphasize fast iteration and continuous delivery, enabling...
A Lazarus Group cyberattack is targeting the medical research and energy industries, and their supply chain partners, through exploiting known vulnerabilities found in unpatched Zimbra...
Ever been in a position where you needed to validate an important technical purchase to a group of executives who just didn’t understand what value...
Atlassian has addressed a serious security vulnerability in its Jira Service Management Server and Data Center that could have allowed an attacker to impersonate another...
FIPS 140-3 is a standard issued by the National Institute of Standards and Technology (NIST) that aims to provide a consistent and secure method for...
Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) have warned of a new ransomware attack named ESXiArgs that is targeting VMware ESXi...
Organizations will often try to patch their systems “on time” in order to be secure from new threats. In this context, “on time” will mean...
Threat actors are targeting Bitwarden through Google ads phishing campaigns in order to steal users’ password vault credentials. A spoof version of Bitwarden was expertly...
In the world of Linux distributions, or “distros,” the lifecycle of a distribution refers to the period during which the distribution receives security updates and...
DDoS attacks on German airports, banks, and government agencies have been blamed on Killnet, a self-proclaimed Russian hacktivist group. DDoS is a distributed denial-of-service (DDoS)...
PALO ALTO, Calif. – February 8, 2023 – TuxCare,, a division of CloudLinux Inc, the main sponsoring company of the AlmaLinux OS Project, today announced...
According to the Trellix research team, they patched nearly 62,000 open-source projects that were vulnerable to a 15-year-old path traversal vulnerability in the Python programming...
There is one vulnerability exploited every 2 hours and attackers can cause significant disruption, downtime, and revenue loss. Before divulging into the cloud patching know-how,...
Palo Alto Networks Unit 42 security researchers investigated a PlugX malware variant that can hide malicious files on removable USB devices and then infect the...
Akamai researchers have published a proof-of-concept (PoC) for a vulnerability in a Microsoft tool that enables the Windows application development interface to deal with cryptography....
PALO ALTO, Calif. – February 3, 2023 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced that its KernelCare Enterprise Live Patching...
Ermetic researchers discovered EmojiDeploy, a cross-site request forgery (CSRF) bug in Microsoft Azure services that could allow attackers to remotely execute code on affected systems....
Chinese hackers were discovered using a recently discovered flaw in Fortinet’s FortiOS software as a zero-day vulnerability to distribute malware. CVE-2022-42475 (CVSS score of 9.8)...
Kaspersky has discovered a new malicious app known as Wroba.o that uses DNS hijacking to steal victims’ personal and financial information. The app, discovered in...
ThreatFabric cybersecurity researchers have discovered a new type of Android malware known as ‘Hook.’ Hackers can use the malware to gain remote control of an...
End-of-life software is just a fact of our fast-paced technology life. Tech teams know that they need to manage the software lifecycle. Teams also know...
According to CyberArk researchers, GPT-based models like ChatGPT can be used to create polymorphic malware because they can generate large amounts of unique and varied...
Live patching is a method of updating a Linux kernel without restarting the kernel – and therefore without the need to reboot the machine. Live...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in unpatched versions of the Control Web Panel, a popular free, closed-source web-hosting interface. The vulnerability...
Regulations and standards guide companies toward a consistent cybersecurity response. Even if it sets just a minimal baseline, rulebooks still serve as an improvement on...
Deep Instinct researchers reported that RATs like StrRAT and Ratty were used in a 2022 campaign via polyglot and JAR files. Both threats appear to...
On a fictional tv show that started airing last year, a spy fell out of grace by forgetting some classified intelligence papers on a public...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with Amazon Web Services to notify customers who have AWS tokens that may have been impacted...
Anyone that’s committed to a five-nines mandate will dread the idea of a cybersecurity breach. It’s a fast way to lose service continuity and it...
A remote attacker could exploit multiple vulnerabilities in four Cisco small business routers to bypass authentication or execute arbitrary commands on an affected device. The...
Linux kernel updates are a fact of life. They are as dull as taxes and about as fun as going to the dentist. But sysadmins...
In a notable IcedID malware attack, the assailant impacted the Active Directory domain of the victim in less than 24 hours, transiting from initial infection...
System administrators that work in enterprise environments know that patching is practically a full-time job. Consider the effort involved in patching just one system: a...
Bitdefender experts have created a universal decryptor for victims of the MegaCortex ransomware family. MegaCortex has been in use since at least January 2019, and...
PALO ALTO, Calif. – January 19, 2023 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced the launch of its TuxCare OEM...
The Cybernews research team observed that the AI-powered chatbot ChatGPT can provide step-by-step directions on how to hack websites. When the researchers asked the AI...
Colleges and universities are heavily targeted by cybercriminals that seek to exploit vulnerabilities and trick staff members to infect systems with malware, spyware, and ransomware....
Zoho says it has patched several ManageEngine products for a newly disclosed high-severity SQL injection flaw. CVE-2022-47523 is a SQL injection (SQLi) vulnerability in ManageEngine...
Look, everyone knows that it’s a tough act. Thousands of CVEs are added to the list every month – all in the context of a...
Qualcomm and Lenovo have issued patches to address a number of security flaws in their chipsets, some of which could result in data leakage and...
The public sector, including state and federal agencies, are at just as much risk of cyberattacks as the private sector. Yet, in terms of technology...
Dridex, a Windows-focused banking trojan that has since expanded its capabilities to include information theft and botnet capabilities, is now targeting Macs via email attachments...
According to ARMO researchers, The Kyverno admission controller for container images has a high-severity security vulnerability. Using a malicious image repository or MITM proxy, the...
Hackers frequently target payment card industry (PCI) data. To help protect against this, compliance regimes like the PCI Data Security Standard (PCI DSS) were put...
Researchers at Cyble Research & Intelligence Labs (CRIL) have discovered GodFather malware, a new version of the Android banking Trojan. This malware has infiltrated over...
Cybersecurity insurance policies are considered by many to be a last resort safety net that, when things go wrong in a terrible way, provides at...
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two-year-old security flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9),...
It’s the making of a horror film: a cyberattack that tampers with the water supply of a city and poisons the residents. It nearly happened...
According to a Guardio Labs report, “MasquerAds” malware targets organizations, GPUs, and Crypto Wallets by using the Google Ads platform to spread malware to users...
As expected, 2022 was a tough year for cybersecurity, with one headline-grabbing cyberattack after another – and there are no signs that 2023 will go...
Dr. Web has discovered Linux.BackDoor.WordPressExploit.1, a website hacking tool based on the WordPress CMS. It takes advantage of 30 vulnerabilities in various plugins and themes...
To meet organizational requirements, compliance mandates, and regulatory requirements, Managed Security Service Providers (MSSPs) have a vulnerability patching approach available to them that they may...
SentinelOne researchers discovered that the Vice Society group has released PolyVice, a custom ransomware that employs a reliable encryption scheme based on the NTRUEncrypt and...
As one of the most popular scripting languages for a variety of applications, Python also offers incredibly valuable functionality when it comes to automated live...
Okta has revealed that a malicious users hacked and replicated its source code repositories on GitHub earlier this month, after previously reporting a compromise carried...
The National Institute of Standards and Technology (NIST) advised organizations, including healthcare, federal/state government, and financial services providers, to deploy software updates through enterprise patch...
According to Microsoft, Zerobot, a one-of-a-kind botnet written in Go and distributed via IoT and web application vulnerabilities, has added new features and infection mechanisms....
SentinelOne researchers discovered that the Vice Society group has released PolyVice, a custom ransomware that employs a reliable encryption scheme based on the NTRUEncrypt and...
In cybersecurity, metrics provide a way to measure cybersecurity performance and point to how successfully you’re defending your technology assets. Mean time to patch, or...
This is part three of our five-part blog series exploring the code bugs that lead to the vulnerabilities showing up every day. In this part,...
According to Cisco Talos, two vulnerabilities in the Ghost CMS newsletter subscription system, CVE-2022-41654, and CVE-2022-41697, exist in the newsletter subscription functionality of Ghost Foundation...
Retention rates, NPS, customer score… if you work in the IT department of a telecoms company or any client-facing team, you’ll know all about the...
In an extensive two-factor authentication bypass campaign, multiple Comcast Xfinity email accounts were hacked, and the disrupted accounts were used to reset passwords for other...
Did you know that 75% of cybersecurity threats occur due to the vulnerabilities present in third-party applications? In this blog, we’ll be discussing how patch...
Understanding the relationship between development operations (DevOps) and the agile software development (Scrum) framework is critical for organizations to create a secure, rapid application development...
Eufy, an Anker security camera brand, has been under fire for quite some time due to security concerns about uploaded footage, which it recently admitted....
The Linux Kernel has grown in scope and functionality over the years. New schedulers, new drivers, new filesystems, new communication protocols, new security holes… oh,...
Talos researchers recently uncovered a phishing campaign that uses Scalable Vector Graphics (SVG) images embedded in HTML email attachments to distribute QBot malware. Basically, when...
Frameworks are an effective tool in cybersecurity because of the complexity of cybersecurity challenges and because so many organizations have so little structure to their...
Google has launched OSV-Scanner, a free tool for open-source developers to easily access vulnerability information. It is said to include an interface to the OSV...
VMware has released patches for a number of vulnerabilities, including a virtual machine escape flaw, CVE-2022-31705, which was exploited during the GeekPwn 2022 hacking challenge,...
The U.S. National Security Agency has warned that a Chinese state-sponsored group is exploiting an unauthenticated remote code execution flaw (CVE-2022-27518) to compromise Citrix Application...
Eclypsium Research has identified and reported three vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. This is used by AMD, Ampere, Asrock,...
As part of developing and testing new patches, the KernelCare team has reevaluated the impact of the Retbleed patches. We have serious concerns that the...
Google’s Threat Analysis Group discovered APT37, also known as Scarcruft or Reaper, a North Korean-linked hacking group, exploiting a zero-day vulnerability in Internet Explorer’s JScript...
PALO ALTO, Calif. – December 21, 2022 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it now offers a new CentOS...
Patching to protect systems against security vulnerabilities is at the top of the SecOps agenda. However, despite the focus on patching, it’s something that has...
According to Secureworks Counter Threat Unit researchers, the Drokbk malware has been targeting the networks of several local governments in the United States since February....
Critical infrastructure is at the core of a functional society, supplying key utilities such as water, energy, and transport to the nation. It makes infrastructure...
ThreatFabric researchers have discovered the Zombinder service, which allows cybercriminals to easily embed malware into legitimate apps and steal data while also wreaking havoc on...
Deep Instincts researchers have uncovered a hacker group known as MuddyWater, which has been linked to Iran’s Ministry of Intelligence and Security and typically engages...
Eufy denies claims that its cameras can be live streamed without encryption. Eufy stated that it does not upload identifiable footage to the cloud from...
A number of digital certificates used by vendors such as Samsung, LG, and MediaTek have been discovered to be compromised in order to stamp approval...
PALO ALTO, Calif. – December 14, 2022 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, announced it expanded its award-winning KernelCare Enterprise live...
Vedere Labs researchers recently discovered three new security flaws in a long list of flaws collectively tracked as OT:ICEFALL. The flaws are said to affect...
MySQL high availability allows companies to run databases that meet higher uptime requirements and zero data loss tolerance, which are highly sought-after goals that every...
Wiz security researchers discovered Hell’s Keychain, a first-of-its-kind cloud service provider supply-chain vulnerability, in IBM Cloud Databases for PostgreSQL. This occurred while researchers were conducting...
“We are in the process of digging ourselves into an anachronism by preserving practices that have no rational basis beyond their historical roots in an...
Aqua Nautilus, a cloud security firm, discovered new Go-based malware that targets Redis (remote dictionary server), an open source in-memory database and cache. The attack...
ESET researchers discovered an ongoing campaign by the Bahamut APT group, a notorious cyber-mercenary group that has been active since 2016, that targets Android users...
A digital twin (DT) is a virtualized representation of an actual device, and is often used in relation to operational technology (OT), industrial control system...
A memory leak bug on Local Security Authority Subsystem Service (LSASS), a service that allows users to manage local security, user logins, and permissions, is...
After discovering malicious behaviors in 1,652 of 250,000 unverified Linux images publicly available on Docker Hub, security researchers have warned developers of the risks of...
Despite fixes released by the chipmaker, a set of five medium-severity security flaws in Arm’s Mali GPU driver have remained unpatched on Android devices such...
Continuous integration (CI) refers to testing code changes before deployment to production. Continuous delivery (CD) is where code changes are automatically deployed to production systems...
The APT group DefrayX has launched a new version of its RansomExx malware known as RansomExx2, a variant for Linux rewritten in the Rust programming...
When it comes to the Industrial Internet of Things (IIoT), the legacy Purdue model no longer provides adequate levels of security projection – as newer...
DuckDuckGo, a privacy-focused search engine, has added an App Tracking Protection tool to its Android app, allowing users to see what personal data trackers are...
If your organization deploys IoT solutions, you know that development of embedded systems is a bit different from standard desktop development. Linux’s low cost is...
A few days after Microsoft acknowledged problems with Kerberos authentication that affected Windows Servers with the Domain Controller role, causing domain user sign and Remote...
Thousands of databases hosted on Amazon Web Services Relational Database Service (RDS) have been discovered to be leaking personally identifiable information, potentially providing a gold...
Security researchers from Checkmarx have uncovered an ongoing supply chain attack that involves spreading the malware identified as W4SP Stealer. W4SP Stealer is a discord...
Keeping your systems up to date can be done in many different ways, each with its own pros and cons. Some so-called “patching” methods are...
Attackers are using phishing tactics to spread QBot, a Windows malware that started as a banking trojan but evolved into a full-featured malware dropper. According...
Gone are the days of Operational Technology (OT) being distinctly separated from IT. With the need of constant monitoring and tracking of the physical assets,...
Apple has released security updates for iOS, iPadOS, and macOS Ventura to fix two remote code execution (RCE) vulnerabilities that allow remote or Internet attackers...
Cybersecurity professionals need to be aware of new threats and take action immediately so that we can minimize the risk of future incidents occurring. Much...
Worok malware makes the rounds by deploying multi-level malware designed to steal data and compromise high-profile victims such as government entities in the Middle East,...
Breakthroughs don’t often happen in cybersecurity, but when one does, it can be a real magic bullet. Linux kernel live patching, which is the ability...
IceXLoader, an updated version of a malware loader, is suspected of infecting thousands of personal and enterprise Windows machines around the world. IceXLoader is a...
Operational technology (OT) is equipment and computer software used for analyzing utility control processes for critical infrastructure, while Industrial Control System (ICS) assets are the...
A security researcher, David Schütz has received a $70,000 bug bounty after he accidentally discovered a Google Pixel lock-screen bypass hack that solved a serious...
Operational Technology (OT) and Industrial Control Systems (ICS) technologies help ensure safety by monitoring and controlling critical operations. OT includes Supervisory Controls And Data Acquisition...
Microsoft has fixed six actively exploited Windows vulnerabilities and 68 vulnerabilities in its November 2022 Patch Tuesday. Eleven of the 68 vulnerabilities fixed are classified...
There are many different ways to improve upon traditional patching, so it’s easy to get confused about how each patching approach works. In the past,...
The long-awaited OpenSSL bug fixes to fix a critical severity security hole are available now. New OpenSSL patches have reduced the severity of the bug...
Threat actors are distributing malicious Python packages to the popular Python Package Index (PyPI) service, using authentic-sounding file names, and hidden imports to deceive developers...
RomCom, a threat actor, is said to be conducting a series of new attack campaigns using the brand power of SolarWinds, KeePass and PDF Technologies....
Cisco has released security updates to address two vulnerabilities that are classified as “high”: CVE-2022-20961 and CVE-2022-20956. The vulnerabilities affect the Cisco Identity Services Engine...
We continue to look at the code issues that cause the vulnerabilities impacting the IT world. In this installment of our five-part blog series exploring...
According to security researchers from SentinelOne, the relatively new ransomware gang called Black Basta shares tooling and possibly personnel with the notorious FIN7 hacking group....
Not all Linux live patching solutions are created equal. In fact, many live patching solutions are quite limited. Oracle’s Ksplice is an example of a...
Researchers from the Leiden Institute of Advanced Computer Science have discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for vulnerabilities and...
Last year, CISA created a list of vulnerabilities being actively exploited and a list of applications directly affected by those vulnerabilities. Over time, the list...
Microsoft Internet Information Services (IIS), a web server that enables hosting of websites and web applications, is being exploited by the Cranefly hacking group to...
What Is an Embedded System? Before diving into embedded Linux, let’s first discuss what it’s used for: embedded systems. There are embedded systems in everything:...
The cloud has never been about reducing costs. In fact, even staunch cloud advocates admit it – crunching the numbers just doesn’t make sense financially...
A hacker group that is identified simply as DEV-0950 is using CIop ransomware to encrypt the network of organizations that were previously infected with the...
Major operating system vendors, software publishers, email providers and technology companies that integrate OpenSSL into their products have been asked to prepare for a possible...
Researchers from the Checkmarx Supply Chain Security team have discovered a “high-severity” vulnerability in GitHub. Using a technique known as Repo jacking, attackers could take...
Researchers from the cybersecurity company Fortinet have uncovered a malicious campaign in which attackers exploit a critical vulnerability in the VMware Workspace One Access to...
The CIS Critical Security Controls, known widely as CIS Controls, are a series of actionable cybersecurity recommendations designed to prevent common and not-so-common attacks against...
Researchers from Singapore-based Numen Cyber Labs have discovered and shared details on a vulnerability in the Move virtual machine responsible for powering the Aptos blockchain...
Content giant Patreon recently laid off its entire internal cybersecurity team. While it’s publicly known that five employees from the team were let go, the...
A relatively new ransomware operation, identified as Venus is hacking into publicly exposed Remote Desktop services to encrypt Windows devices. According to researchers, Venus ransomware...
The technology world is full of big promises, including in cybersecurity. Just think about it: how many times have you heard the promise of a...
Hackers are using the Emotet botnet to exploit password-protected archive files to drop CoinMiner and Quasar RAT on vulnerable devices. Based on one of the...
It’s common to hear about new vulnerabilities and exploits, some of which even get fancy names of their own, but sometimes the details of how...
Wordfence, a WordPress security company, has uncovered attempts by hackers to exploit the new Text4Shell vulnerability. Tracked as CVE-2022-42889 the flaw was discovered in Apache...
Notorious cyber espionage group Budworm has launched deliberate attacks against a number of high-profile targets, including a U.S. state legislature, a Middle Eastern country and...
Security company Cloudflare recently ended a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. The company announced the incident while pointing to...
Hackers are exploiting a vulnerability tracked as CVE-2022-41352 in the Zimbra Collaboration Suite (ZCS). Already, threat actors were able to hack into almost 900 servers....
Attackers are using a Windows malware called Ducktail to steal Facebook accounts, browsing data and crypto wallets. Ducktail is associated with Vietnamese hackers and relies...
Hackers compromised Binance’s BNB Smart Chain (BSC) and stole an estimated USD 110 million. Hackers were able to get their hands on as much as...
A malicious campaign uncovered by security firm Armorblox shows that attackers manipulate Zoom to compromise Microsoft user data. In one of the incidents analyzed, more...
A Fortinet vulnerability in FortiGate firewalls and FortiProxy web proxies could allow a threat actor to perform unauthorized actions on vulnerable devices. The bug, a...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA have issued a joint report describing an intrusion into the network of...
According to Trend Micro researchers, a threat actor identified as ‘Water Labbu’ is hacking into cryptocurrency scam sites to inject malicious JavaScript with the aim...
ESET researchers have uncovered the malicious activities of Lazarus, a North Korean hacking group that exploits a Dell hardware driver flaw for Bring Your Own...
The software security company Checkmarx has uncovered the malicious activities of the threat actor LofyGang, which distributes trojanized and typosquatted packages on the NPM open...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Bitbucket Server RCE and two Microsoft Exchange zero-days to its list of exploited vulnerabilities....
While many were away enjoying some well-deserved R&R, security researchers, hackers wearing hats of all different colors, and intelligence agents from all over the world...
Sometimes organizations must embrace evolution in the way things are done, whether it’s because a new approach has become standard practice or because of some...
According to researchers from Lumen-based Black Lotus Lab, a new Chaos malware is targeting multiple architectures to spread DDoS, cryptocurrency miners, and install backdoors. The...
Cisco Talos researchers have uncovered a social engineering malware campaign that exploits a remote code execution flaw in Microsoft Office to apply a Cobalt Strike...
Microsoft has announced that two critical vulnerabilities in its Exchange application are being exploited by attackers. The company also explained that more than 22,000 servers...
A new malware, identified as Metador, is being used by attackers to target telecommunications, internet service providers and universities on multiple continents, according to security...
GitHub warns that cyber attackers are compromising user accounts through a sophisticated phishing campaign. The malicious messages notify users that their CircleCI session has expired...
TuxCare is pleased to announce it was honored in this year’s inaugural Merit Awards for Technology. Recognized with a silver win in the information security...
Threat actors are now updating the data exfiltration tool Exmatter with a unique data corruption feature, which attackers could switch to perform ransomware attacks in...
Sophos has warned that attackers are exploiting a critical code injection security vulnerability in the company’s Firewall product. The attackers are exploiting the flaw in...
Microsoft SQL servers are being targeted with FARGO ransomware according to AhbLab Security Emergency Response Center (ASEC) researchers. MS-SQL servers are considered database management systems...
A threat actor identified as Webworm is using Windows-based remote access trojans for cyber espionage. The Symantec Threat Hunter team identified cases where the attacker...
Bitdefender has published a free decryptor, which is supposed to help LockerGoga ransomware victims to restore their files without having to pay a ransom. The...
According to security researchers from AdvIntel, ransomware gangs such as Quantum and BlackCat are now using the Emotet malware in attacks. Emotet started as a...
A hacker gained access to Rockstar Games’ internal servers and stole 3 GB worth of early GTA 6 footage, photo and source code for the...
Security researchers at Malwarebytes have uncovered an ongoing malvertising campaign that injects ads into Microsoft’s Edge News Feed, redirecting potential victims to websites that promote...
Python has grown tremendously, and its impact has been remarkable. It has become one of the most popular programming languages among developers and researchers. Python...
Cybersecurity company Trend Micro has uncovered a malware campaign in which threat actors exploit security vulnerabilities in the Oracle WebLogic Server to deliver cryptocurrency mining...
Supply chain attacks come in all forms and shapes. One example is taking over legitimate accounts to deploy malicious code into widely used libraries. Another...
Chainalysis, a U.S. company, said it had worked with the FBI to recover more than $30 million in cryptocurrency stolen from online video game maker...
TuxCare’s KernelCare Enterprise provides live patches for various enterprise-grade Linux distributions. Preparing patches for each new CVE has to account for each of those distributions’...
A new version of the Bumblebee malware loader has been discovered by researchers. The new strain of malware offers a new chain of infection, including...
Wordfence, a WordPress security company, has warned of a zero-day WordPress vulnerability that is now being exploited by attackers. The bug is in a WordPress...
Ransomware has become such a common threat over the last few years that companies anticipate coming face to face with an attack at some point....
A China-based threat actor dubbed APT TA423 is carrying out waterhole attacks on domestic Australian organizations and offshore energy companies in the South China Sea...
A new ‘GIFShell” attack technique exploits bugs and vulnerabilities in Microsoft Teams to abuse legitimate Microsoft infrastructure, execute malicious files, execute commands, and exfiltrate data....
A backdoor in information stealing malware, Prynt Stealer is used to steal data that is exfiltrated by other cyberattackers, according to Zscaler ThreatLabz researchers. Already,...
Python is a language that has experienced explosive growth since its release and is now used extensively across industries by developers with different experience levels....
Google has released an emergency patch to fix a zero-day vulnerability exploited in the wild. Tracked as CVE-2022-3075, the zero-day flaw was discovered and reported...
Extended Lifecycle Support (ELS) for Python enables continued use of Python 2 applications, with timely security updates, without requiring any code refactoring or migration to...
A ransomware attack that began on Thursday, August 25, involved Windows and Linux systems operated by the Chilean government agency, and the incident was verified...
Being faced with the prospect of having to delve into old code to get it running against a new language version is one of the...
Cybersecurity researchers at Trend Micro have identified a 75% leap year-over-year in the number of ransomware attacks targeting Linux users. Apart from ransomware groups, there...
Samsung has confirmed a cyberattack on the company which led to attackers accessing some vital information belonging to attackers. The company stated in its data...
Mozilla is promoting the upcoming Firefox 105 with amazing features and the new version is now available to the beta channel for public testing, early...
Kai-Heng Feng released a patch on Tuesday that allows users’ laptops to switch their external monitor connections to be routed via a laptop’s discrete GPU...
Openbox is the default window manager in LXDE and LXQt and is used in various Linux distributions. Many consider Openbox to be a free, stackable...
The Kubuntu Focus team has unveiled the new Kubuntu Focus NX Mini Linux PC, which will expand the Linux hardware offering to more users. Kubuntu...
Linux Kernel 6.1 one of the latest updates to the Linux operating system provides users with a new logging system that will enable them to...
Losing files can generally be a painful experience, especially when it comes to a lot of vital information and Linux users are not exempted. Often,...
Security remains a top priority for Linux users worldwide. Apart from security, users are interested in browsers that can guarantee privacy. especially in a world...
Although Linux is the most private and secure operating system, according to AtlasVPN, it has seen an increase in malware samples. The results showed that...
Researchers be have uncovered at least 241 malicious Npm and PyPI packages that drop cryptominers after infecting Linux machines. These malicious packages are largely typosquats...
Linux Torvalds, the main developer of the Linux kernel used by the Linux distribution and other operating systems such as Android, has revealed the latest...
BlackBerry threat researchers have shared common tactics and strategies to better protect Linux systems from cyberattacks. To create a viable way to security, researchers investigated...
A malicious PyPI package identified as secretslib is used by Monero cryptominer on Linux systems. The malicious package activity was uncovered by security researchers at...
According to an advisory published by Trend Micro, the Luckymouse threat actor is said to have compromised the cross-platform messaging app MiMi to install backdoors...
Zhenpeng Lin, a PhD student, and other researchers have uncovered a new Linux Kernel exploitation called Dirty Cred. The flaw tracked as CVE-2022-2588 was unveiled...
Linux is an operating system just like Windows, iOS and MacOS. Android is powered by Linux OS. Operating system is basically software that controls the...
After the Equifax data breach, which highlighted the consequences of unpatched software, administrators have the delicate task of ensuring that the latest patches are applied...
PHP is used to power a vast number of websites on the Internet, some of which will be hosted side-by-side on the same system. When...
PHP Extended Lifecycle Support provides security updates and versions if you’re interested in maintaining compatibility with existing PHP code while remaining secure against the latest...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a path traversal bug in the UnRAR utility for Linux and Unix systems to its...
If you’re reading this blog regularly, you’ll already know that unremedied security vulnerabilities open the door to cyberattacks. You’ll also know how tough it is...
Threat hunters at Fortinet have uncovered a new botnet called “RapperBot.” The malware, which has been in use since mid-June 2022, has targeted Linux SSH...
With more than 4 billion social media users around the world, cybercriminals are more inclined than ever to target these users to make money or...
Catastrophic risks such as natural disasters and indeed cyberattacks require insurance. Insurers can afford large payouts when one insured party is hit – by pooling...
The TuxCare team has improved the accessibility of our KernelCare Enterprise changelog. It is easier to navigate and has now been updated to provide a...
In a symphony orchestra, instruments harmonize to create one pleasing sound. Similarly, enterprise IT procedures orchestrate to introduce new systems to production, monitoring, and maintenance...
We are pleased to announce that a new updated ePortal version 1.37-1 is now...
We are pleased to announce that a new updated KernelCare agent version 2.64-1 is now...
We are pleased to announce that a new updated ePortal version 1.36-1 is now...
IT environments are different everywhere you look. No two companies have precisely the same needs or requirements, so it follows that no two companies will...
We are pleased to announce that a new updated KernelCare agent version 2.63-1 is now...
We are pleased to announce that a new updated ePortal version 1.35-1 is now...
It’s an endless battle and the stakes are high: your organization’s information is at constant risk from threat actors ranging from your competitors looking for...
We are pleased to announce that a new updated KernelCare agent version 2.62-2 is now...
We are pleased to announce that a new updated ePortal version 1.34-1 is now...
Welcome to the March instalment of our monthly news round-up, bought to you by TuxCare. We’re honoured to be the Enterprise Linux industry’s trusted maintenance...
As regulations around cyber security tighten and the risks increase, have you ever wondered how your company’s IT processes rank compared to others? Are you...
We are pleased to announce that a new updated ePortal version 1.33-1 is now...
A few years ago, a vulnerability dubbed “Dirty Cow” (CVE-2016-5195) was in the spotlight for a while. It was a trivially exploitable privilege escalation path...
Proof of value (POV) is a key step in the buying process. It allows tech teams to test a product or service to find out...
The University of Zagreb’s Croatian Academic and Research Network (CARNet) faced a significant threat: like other educational institutions, its networks were under constant attack from...
We are pleased to announce that a new updated ePortal version 1.32-1 is now...
Welcome to the February instalment of our monthly news round-up, bought to you by TuxCare. We’re proud to be a trusted maintenance service provider for...
We are pleased to announce that a new updated KernelCare agent version 2.61-1 is now...
Many high-level technologies in the IT industry, in fact most of them, are built on top of existing features. Containers are a prime example of...
The TuxCare Team is always looking for new ways to improve the experience provided by our products. A pain point we identified was the amount...
Samba, the widely used file sharing tool, has a well-established presence, especially in mixed system environments, where file shares have to be accessed from different...
We are pleased to announce that a new updated ePortal version 1.31-1 is now...
We are pleased to announce that a new updated KernelCare agent version 2.60-2 is now...
Delivering solutions in complex technology environments means balancing many competing priorities, both internal and external. There’s always a risk that the customer experience takes a...
Welcome to the January instalment of our monthly news round-up, bought to you by TuxCare. Proud to be a trusted maintenance service provider for the...
Death, taxes, and new CVEs… those are all things we can be very certain about in life. For users of CentOS 8, the inevitable has...
We are pleased to announce that a new updated ePortal version 1.30-2 is now...
Still using CentOS 8 even though it’s now unsupported, and in spite of the obvious risks? Well, in a way it’s understandable. Red Hat took...
It looks like IT teams have no respite. Following all the hassles caused by log4j (and its variants), there is a new high profile, high-risk...
Welcome to the December installment of our monthly news round-up, bought to you by TuxCare. We’re proud to be the Enterprise Linux industry’s trusted maintenance...
A new updated vim package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated binutils package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
GNU Binutils is one of the fundamental packages in a development environment – it includes several different tools for manipulating ELF files, object files, and...
While backporting fixes for the binutils package for older Linux distributions covered by Extended Lifecycle Support, the team identified a vulnerability in the way CVE-2018-12699...
A new updated exim package within Ubuntu 16.04 ELS is now available for download from our production...
We are pleased to announce that a new updated ePortal version 1.29-1 is now...
A new updated nss package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
If you ask a sysadmin what annoys him or her the most about their job, chances are pretty high that you’ll get, in no particular...
A new updated binutils package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated binutils package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated nss package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
If you’re interested in Linux security, kernel vulnerabilities or simply have some spare time to run some tests, this article is for you. In it,...
In some of our previous articles, we’ve covered the closely integrated relationship between open-source software – which is essentially free – and the commercial organizations...
A new updated nss package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated python3.5 package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated openssh package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated busybox package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated nss package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated vim package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated openldap package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated binutils package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
We are pleased to announce that a new updated ePortal version 1.28-1 is now...
Welcome to the November installment of our monthly news round-up, bought to you by TuxCare. We are the Enterprise Linux industry’s trusted maintenance services provider....
A new Ubuntu 16.04 kernel within ELS is now available for download from our production...
We are pleased to announce that a new updated KernelCare agent version 2.59-1 is now...
A new updated binutils package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated binutils package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated openldap package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated openldap package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated php package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated vim package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated glibc package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
The server environment is complex and if you’re managing thousands of Linux servers, the last thing you want is for an operating system vendor to...
Let’s face it – everyone’s had just about enough. Exploits are everywhere, and it’s almost impossible to deal with the problem to a watertight degree....
A new updated bind package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
We are pleased to announce that a new updated KernelCare agent version 2.58-1 is now...
A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated php package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated php7.0 package within Ubuntu 16.04 ELS is now available for download from our production...
Iconv is a library used to convert between different character encodings and is part of a core group of tools and libraries used to perform...
A new updated glibc package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated glibc package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated glibc package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated bind package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated nginx package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated bind package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated bind package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated mysql package within Ubuntu 16.04 ELS is now available for download from our production...
Welcome to the next installment of our monthly news round-up, brought to you by TuxCare. We have developed live patching solutions that minimise maintenance workload...
If you’re a systems administrator responsible for thousands of servers, even a small slowdown can cause serious technical problems for your enterprise, and cost it...
A new updated gd package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated nginx package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated nginx package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated nginx package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated python3.5 package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated mysql package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated systemd package within Ubuntu 16.04 ELS is now available for download from our production...
TuxCare’s KernelCare team is preparing a large batch of patches for Ubuntu 20.04 HWE and AWS Hirsute variants, running the ubuntu-focal-hwe-5.11 and ubuntu-focal-aws-5.11 kernels. All...
We are pleased to announce that a new updated KernelCare agent version 2.57-1 is now...
Some time ago, we announced the availability of the CVE Dashboard for the Extended Lifecycle Support service. It provides an up-to-date view of CVE information...
A new updated httpd package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated binutils package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated gd package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated gd package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated gd package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated dovecot package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
TuxCare has recently introduced QEMUCare, the live patching solution for when you need to deploy patches to a QEMU-based infrastructure, but the logistics around the...
A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated httpd package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated httpd package within OracleLinux OS 6 ELS is now available for download from our production...
A new updated curl package within Ubuntu 16.04 ELS is now available for download from our production...
A new updated apache2 package within Ubuntu 16.04 ELS is now available for download from our production...
Welcome to our monthly news round-up, bought to you by TuxCare, the trusted maintenance services provider for the Enterprise Linux industry. Our services maximise system...
A new updated dovecot package within CentOS 6 ELS has been scheduled for gradual rollout from our production...
A new updated dovecot package within OracleLinux OS 6 ELS is now available for download from our production...
We are pleased to announce that a new updated KernelCare agent version 2.56-1 is now...
A new updated httpd package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
We are pleased to announce that a new updated KernelCare agent version 2.55-2 is now...
A new updated ntp package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...
A new updated openssl package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...