Securing a Government System with Linux Security's Experts

Discover Government News

Addressing Memory Safety Concerns: Actions for Linux Administrators

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled "Exploring Memory Safety in Critical Open Source Projects," led by prominent cybersecurity bodies, reveals some severe repercussions and implications that Linux administrators must carefully consider.

Brittany Day
Jun 27, 2024

German State Abandons Microsoft for Linux and LibreOffice

The German state, Schleswig-Holstein, has decided to move away from proprietary software, such as Windows and Office, to open-source alternatives, including Linux and LibreOffice. The move is motivated by the need to "ensure that their data is kept safe with us, and we must ensure that we are always in control of the IT solutions we use and that we can act independently as a state," as stated by Dirk Schrödter, the digitalization minister for Schleswig-Holstein.

Brittany Day
Apr 05, 2024

White House Warns: Move to Memory-Safe Languages

The Office of the National Cyber Director (ONCD) emphasizes the urgent need for developers to adopt memory-safe programming languages like Rust to minimize vulnerabilities in software. The ONCD's "Back to the Building Blocks: A Path Toward Secure and Measurable Software" report is a strong recommendation rather than an executive order or law.

Brittany Day
Mar 04, 2024

European Court of Human Rights Declares Backdoored Encryption Illegal

The European Court of Human Rights (ECHR) has made a major decision, ruling that laws requiring weakened encryption and extensive data retention violate the European Convention on Human Rights. In a recent case involving Russia's demand for Telegram to provide encryption assistance, the Court stated that such legislation cannot be considered necessary in a democratic society.

Brittany Day
Feb 16, 2024

Debian Issues Statement about the EU Cyber Resilience Act

The EU Cyber Resilience Act (CRA) and the Product Liability Directive (PLD) aim to introduce a set of cybersecurity and vulnerability handling requirements for manufacturers, with the intention to improve security. However, the Debian project has issued a statement raising concerns about the negative implications for the open-source community and contributors.

Dave Wreski
Dec 29, 2023

Australia Faces Cybersecurity Challenge Amid Alleged Cyberattacks on Prime Minister’s Website

A cyberattack recently hit Australia's Prime Minister's website. The Prime Minister's Office confirmed the attack but did not comment on how it was carried out. Linux screenshots serve as evidence of this attack.

Brittany Day
Dec 28, 2023

Feds Warn Health Sector to Watch for Open-Source Threats

The government's warning to the health sector to watch for open-source threats has long been on the radar of the IT industry. Open-source software, which is free to use, can be a great tool for organizations that need to scale quickly or don't have the budget for proprietary software. However, using it has inherent risks, and no one knows that better than the government.

Brittany Day
Dec 09, 2023

CISA Orders Federal Agencies to Patch Looney Tunables Linux Bug

On May 10th, 2019, the US Congress passed an order requiring federal agencies to patch a Linux bug that can be used to gain root access. The bug, known as "Looney Tunables," was discovered by security researchers in January and allows attackers to change the value of any kernel parameter on Linux systems running the 3.10 kernel or earlier.

Brittany Day
Nov 25, 2023

Law Enforcement Agencies Dismantled the Illegal Botnet Proxy Service IPStorm

The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm.

Brittany Day
Nov 17, 2023

Article 45 Will Roll Back Web Security by 12 Years

The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government. Which CAs?

Brittany Day
Nov 08, 2023

APT36 Using Customized Malware to Attack Indian Government Linux and Windows Servers

APT36 is a highly sophisticated APT (Advanced Persistent Threat) group known for conducting targeted espionage in South Asia and is strongly linked to Pakistan.

Brittany Day
Sep 16, 2023

SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven't been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed.

Brittany Day
Sep 03, 2023

Monti Ransomware Deploying New Linux Encryptor

A ransomware campaign by the recently emerged Monti ransomware group is targeting victims with a new Linux variant of its malware. The threat group is the latest in a growing number of ransomware groups finding profit in going after Linux infrastructure.

Brittany Day
Aug 23, 2023

US Government Launches Cyber Contest to Harness AI for National Security

The White House launched a multimillion-dollar cyber contest to use artificial intelligence (AI) to detect and fix security vulnerabilities in the U.S. government's digital infrastructure in response to hackers' growing use of AI.

Brittany Day
Aug 14, 2023

US Government Extends Software Security Deadline Because Vendors Aren't Ready

The Biden Administration has extended the deadline for federal agencies to submit documentation proving that the software they use was developed with appropriate security practices, because the form for reporting on such matters isn't complete.

Brittany Day
Jun 18, 2023

India Bans Open Source Messaging Apps for Security Reasons. FOSS Community Says Good Luck

India's government has reportedly banned 14 messaging apps on national security grounds, including some open source services.

Brittany Day
May 12, 2023

The Cyber Resilience Act Threatens Open Source

Society and governments are struggling to adapt to a world full of cybersecurity threats. Case in point: the EU CRA — Cyber Resilience Act — is a proposal by the European Commission to enact legislation with a noble goal: protect consumers from cybercrime by having security baked in during design.

Brittany Day
Apr 23, 2023

Pakistan-Based Hackers are Trying to Hack the Indian Government

A technical report published by Uptycs security earlier this week revealed that a Pakistan-based advanced persistent threat (APT) actor called Transparent Tube attempted to deliver a Linux backdoor malware dubbed Poseidon on Indian government agency systems using a fake two-factor authentication tool.

Brittany Day
Apr 19, 2023

Linux Foundation Janssen Project Earns Digital Public Good Status

The Linux Foundation Janssen Project, a low-code digital ID software platform developed in partnership with Gluu, has been adjudged as a digital public good (DPG) following a review by the Digital Public Good Alliance (DPGA).

Brittany Day
Apr 07, 2023

OpenSSF Aimed to Stem Open Source Security Problems in 2022

In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.

Brittany Day
Jan 25, 2023

Government

Addressing Memory Safety Concerns: Actions for Linux Administrators

German State Abandons Microsoft for Linux and LibreOffice

White House Warns: Move to Memory-Safe Languages

Discover Government News

Addressing Memory Safety Concerns: Actions for Linux Administrators

German State Abandons Microsoft for Linux and LibreOffice

White House Warns: Move to Memory-Safe Languages

European Court of Human Rights Declares Backdoored Encryption Illegal

Debian Issues Statement about the EU Cyber Resilience Act

Australia Faces Cybersecurity Challenge Amid Alleged Cyberattacks on Prime Minister’s Website

Feds Warn Health Sector to Watch for Open-Source Threats

CISA Orders Federal Agencies to Patch Looney Tunables Linux Bug

Law Enforcement Agencies Dismantled the Illegal Botnet Proxy Service IPStorm

Article 45 Will Roll Back Web Security by 12 Years

APT36 Using Customized Malware to Attack Indian Government Linux and Windows Servers

SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

Monti Ransomware Deploying New Linux Encryptor

US Government Launches Cyber Contest to Harness AI for National Security

US Government Extends Software Security Deadline Because Vendors Aren't Ready

India Bans Open Source Messaging Apps for Security Reasons. FOSS Community Says Good Luck

The Cyber Resilience Act Threatens Open Source

Pakistan-Based Hackers are Trying to Hack the Indian Government

Linux Foundation Janssen Project Earns Digital Public Good Status

OpenSSF Aimed to Stem Open Source Security Problems in 2022

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By