Cancel
CreatorsPublishersAdvertisers
View more in
Computers

Trend Micro’s Linux Threat Report identifies the most vulnerable distributions and biggest security headaches

By CyberSecDN
cybersecdn.com
 9 days ago

Cover picture for the articleAnalysts reviewed 13 million security incidents and found that end-of-life versions of Linux distributions were at the biggest risk. Linux now has been around long enough that old versions are causing security problems, according to a new report from Trend Micro. Security analysts found that 44% of security breach detections came from CentOS versions 7.4 to 7.9, followed by CloudLinux Server, which had more than 40% of the detections, and Ubuntu with almost 7%. CentOS 7 was first released in June 2014 and full support ended in August 2019.

cybersecdn.com

Comments / 0

IN THIS ARTICLE
#Linux Distributions#Software Security#Ubuntu Linux#Application Security#Trend Micro#Cloudlinux Server#The Linux Threat Report#Ubuntu Server#Red Hat Enterprise Linux#Coin Miners#Owasp#Sql#Java#Docker Hub#Wordpress#Memchached#The Trend Micro
YOU MAY ALSO LIKE
NewsBreak
Data Security
NewsBreak
Technology
NewsBreak
Computers
Country
Thailand
Country
Singapore
Related
Computerscybersecdn.com

Customize your Windows 10 experience with these free tools

Windows 10 comes with built-in personalization settings to help you customize the desktop and it provides plenty of options by default. However, if you want to get the most out of your desktop, we recommend these third-party open-source programs. Fluent Search. Fluent Search is an open-source app that lets you...
Public Safetyinfosecurity-magazine.com

Why Ransomware Protection Should Start with User Awareness

Ransomware is now the biggest threat to UK businesses, according to the National Cyber Security Centre (NCSC). Throughout the pandemic, breaches have soared as threat actors targeted distracted home workers and insecure devices and networks. For many smaller businesses, a serious ransomware attack could represent an existential threat. In this context, security operations (SecOps) teams have plenty to keep them busy. But while monitoring for ever-changing tactics, techniques and procedures (TTPs), they must also remember the one constant in many attacks: human error.
Softwaretheregister.com

Re-volting: AMD Secure Encrypted Virtualization undone by electrical attack

AMD's Secure Encrypted Virtualization (SEV) scheme is not as secure as its name suggests. Boffins from the Technische Universität Berlin have devised an attack that defeats the primary purpose of this silicon safe room technology: protecting the data in virtual machines from rogue administrators in cloud environments. In a paper...
ComputersCSO

Securing Hybrid Clouds and Multi-Cloud with Virtualized Network Firewalls

Organizations are looking to realize the promise of cloud computing, including faster time to market, increased responsiveness, and cost reductions. As part of this, many organizations use two or more clouds to meet business needs such as disaster recovery, data backup, application resiliency, and global coverage. In fact, 76% of organizations are using two or more cloud providers.2 And according to the Flexera 2020 State of the Cloud Report, “93 percent of enterprises have a multi-cloud strategy” while “87 percent have a hybrid cloud strategy.” As a result, this can introduce complexities without the right cloud security solutions that can secure any cloud environment.
Public Safetycybersecdn.com

Why ransomware is such a threat to critical infrastructure

A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation’s critical infrastructure and the ease with which their systems can be breached. Little more than a decade ago, what was considered critical infrastructure was largely limited to air traffic control and generation and transmission of energy,...
NFLlinuxtoday.com

New Ubuntu Linux Security Patches Fix Up to Seven Vulnerabilities, Update Now

The new Ubuntu Linux security patches are available for the Ubuntu 21.04 (Hirsute Hippo), Ubuntu 20.04 LTS (Focal Fossa), and Ubuntu 18.04 LTS (Bionic Beaver) operating system series, and addresses three security issues related to the Bluetooth subsystem and NFC implementation affecting all three releases. These are CVE-2021-3564 and CVE-2021-3573,...
Technologycisco.com

Threat Protection: The REvil Ransomware

The REvil ransomware family has been in the news due to its involvement in high-profile incidents, such as the JBS cyberattack and the Kaseya supply chain attack. Yet this threat carries a much more storied history, with varying functionality from one campaign to the next. The threat actors behind REvil...
ComputersPosted by
Tom's Hardware

Disable Windows 11 Bloatware With This New System Tool

The first unofficial optimization tool for Windows 11 is already here. ThisIsWin11 allows you to customize many of Windows 11's settings all from one app. Instead of hunting down each setting yourself through the control panel, settings app or other tools. You can do things such as disable Microsoft Teams, disable PowerThrottling, adjust visual effects for best performance, and change windows to dark mode all from the software.
SoftwareComputer Weekly

How Grab is using Kafka in fraud detection

When Grab first built its technology stack for fraud detection and prevention, the in-house software was intertwined with internal systems, making it difficult to achieve interoperability if it were to open it up to partners such as e-commerce and financial technology (fintech) firms. So, before it launched Grab Defence, as...
ComputersZDNet

Ransomware: Now attackers are exploiting Windows PrintNightmare vulnerabilities

Cyber criminals are exploiting Windows PrintNightmare vulnerabilities in their attempts to infect victims with ransomware – and the number of ransomware groups attempting to take advantage of unpatched networks is likely to grow. The remote code execution vulnerabilities (CVE-2021-34527 and CVE-2021-1675) in Windows Print Spooler – a service enabled by...
Softwarecybersecdn.com

Windows 365 exposes Microsoft Azure credentials in plaintext

A security researcher has figured out a way to dump a user’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s new Windows 365 Cloud PC service using Mimikatz. Mimikatz is an open-source cybersecurity project created by Benjamin Delpy that allows researchers to test various credential stealing and impersonation vulnerabilities. “It’s well...
Coding & Programmingtowardsdatascience.com

Turn Your Code into a Real Program: Packaging, Running and Distributing Scripts using Docker

With Docker, it is easy to package your code into an image that we can run anywhere, anytime; regardless of your hardware or software. It will run on a laptop, Raspberry Pi, Server, Mac, Linux or Windows. This article will detail the process of packaging your script into a Docker image that can be shared and run. It focuses particularly on how to run the programs that exist in the Docker image.
Softwaremartechseries.com

zvelo Releases Malicious Detailed Detection Feed™ — Global Malicious Threat Detection Plus Metadata and IOCs for Blocking and Threat Research

Zvelo is excited to announce the release of Malicious Detailed Detection Feed™ (MDDF) — The most recent addition to zvelo’s advanced zveloCTI™ (Cyber Threat Intelligence) feeds. MDDF delivers highly curated malicious threat intelligence to identify, confirm and enrich intelligence data on malicious URLs and malware files for quick and decisive action by defenders.
Softwaredevops.com

Google Unveils Tool to Better Secure GitHub Repos

Google today launched a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. Kim Lewandowski, a product manager for open source software security at Google, said the Allstar application enables IT teams to assess any project on GitHub to check for security policy adherence. In addition, Allstar sets desired enforcement actions and automatically applies those rules when triggered by a setting or file change in a repository.
Softwarelatesthackingnews.com

Realtek SDK Bugs Make Various IoT Devices Vulnerable To RCE Attacks

Realtek has recently addressed serious security issues in its SDK within numerous routers. Exploiting these bugs could allow an adversary to exploit remote code execution attacks. Realtek SDK Vulnerabilities. Researchers from IoT Security have highlighted details of the four security bugs they found in Realtek SDK. Realtek chips which are...
SoftwareFudzilla

AMD's Secure Encrypted Virtualisation is a little insecure

AMD's Secure Encrypted Virtualisation (SEV) scheme may not be as secure as its claims according to a team of Berlin boffins. The team at Technische Universität Berlin has devised an attack that defeats the system of protecting the data in virtual machines from rogue administrators in cloud environments. In a...
Public Safetyinformation-age.com

Hackers targeting vulnerable UK government and police servers, say security researchers

According to security researchers, outdated Microsoft Exchange email servers have left UK government and police bodies vulnerable to cyber attacks. Since Microsoft Exchange email system flaws were discovered earlier this year, and detailed at a Black Hat security conference, over 50% of UK Microsoft Exchange servers have not been updated, with the gov.uk domain used by the UK government, and the police.uk domain, being among those at risk.
Softwarecybersecdn.com

Linux Threat Report H1′ 2021: Key Security Takeaways

As the popularity of Linux continues to increase, so does its attack surface. This brings to light a pressing question for organizations: who is responsible for the security of all the Linux instances running your cloud environment?. By: Aaron Ansari. August 23, 2021. The vast majority of the cloud environments...
Softwaremarketresearchtelecast.com

AMD processors: cloud virtual machines remain insecure

Several research teams have discovered new attack vectors on the RAM encryption of AMD’s Epyc processors. The company can improve two variants with the help of the extended Secure Nested Paging (SEV-SNP) function and firmware updates that AMD has built into the third generation Epyc 7003, alias Milan, with Zen 3 architecture. A third type of attack also leverages SEV-SNP, provided that one has one-time access to the system.

Comments / 0

Community Policy