Sicurezza – Bollettini Microsoft e Linux

News, Alert e Bollettini di sicurezza Microsoft e Linux

Microsoft (Microsoft Technical Security Notifications, MSRC Blog)
  • August 2017 security update release
    by MSRC Team on 8 agosto 2017 at 5:02 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide. &nbs […]

  • MS17-007 - Critical: Cumulative Security Update for Microsoft Edge (4013071) - Version: 2.0
    on 8 agosto 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (August 8, 2017): To comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
    on 8 agosto 2017 at 5:00 pm

    Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This advisory also provides guidance on what developers and individuals can do to ensure that their applications hosting the WebBrowser Control are properly secured. […]

  • MS17-MAR - Microsoft Security Bulletin Summary for March 2017 - Version: 4.0
    on 8 agosto 2017 at 5:00 pm

    Revision Note: V4.0 (August 8, 2017): For MS17-007, to comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerabilitySummary: This bulletin summary lists security bulletins released for March 2017 […]

  • The MSRC 2017 list of “Top 100” security researchers
    by MSRC Team on 7 agosto 2017 at 6:36 pm

    Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at BlackHat North America, the Microsoft Security Response Center highlights contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft. This list... […]

  • Announcing the Windows Bounty Program
    by MSRC Team on 26 luglio 2017 at 5:01 pm

    Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities. We built in mitigations and defenses such as DEP, ASLR, CFG,... […]

  • July 2017 security update release
    by MSRC Team on 11 luglio 2017 at 5:30 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide. MSRC team […]

  • MS16-111 - Important: Security Update for Windows Kernel (3186973) - Version: 2.0
    on 11 luglio 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system. […]

  • MS16-SEP - Microsoft Security Bulletin Summary for September 2016 - Version: 2.0
    on 11 luglio 2017 at 5:00 pm

    Revision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for September 2016. […]

  • Update on Petya malware attacks
    by MSRC Team on 28 giugno 2017 at 11:49 pm

    As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release... […]

  • 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
    on 27 giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. […]

  • Extending the Microsoft Edge Bounty Program
    by MSRC Team on 21 giugno 2017 at 5:00 pm

    Over the past ten months we have paid out over $200,000 USD in bounties. This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers. Keeping in line with our philosophy of protecting customers and proactively partnering with researchers, today... […]

  • June 2017 security update release
    by MSRC Team on 13 giugno 2017 at 6:15 pm

    Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are... […]

  • 4025685 - Guidance related to June 2017 security update release - Version: 1.0
    on 13 giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today. […]

  • MS16-AUG - Microsoft Security Bulletin Summary for August 2016 - Version:
    on 13 giugno 2017 at 5:00 pm

    Revision Note: V (June 13, 2017): Summary: This bulletin summary lists security bulletins released for August 2016. […]

  • MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 2.0
    on 13 giugno 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (June 13, 2017): To comprehensively address CVE-2016-3326, Microsoft is releasing June security updates for all affected Microsoft browsers. Microsoft recommends that customers running affected Microsoft browsers should install the applicable June security update to be fully protected from this vulnerability. See the applicable Release Notes or Microsoft Knowledge Base article for more information.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • Extending Microsoft Edge Bounty Program
    by MSRC Team on 16 maggio 2017 at 11:52 pm

    Over the past 10 months, we’ve paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. Partnering with the research community has helped improve Microsoft Edge security, and to continue this collaboration, today we're extending the end date of the Edge on Windows Insider Preview (WIP) bounty... […]

  • Customer Guidance for WannaCrypt attacks
    by MSRC Team on 13 maggio 2017 at 6:42 am

    Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and... […]

  • 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
    on 12 maggio 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”. This is an informational change only.Summary: Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. […]

  • 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
    on 12 maggio 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. […]

  • 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
    on 10 maggio 2017 at 5:00 pm

    Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only.Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly. […]

  • Coming together to address Encapsulated PostScript (EPS) attacks
    by MSRC Team on 9 maggio 2017 at 5:02 pm

    Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the attacks described below. As a best practice to ensure customers... […]

  • MS17-013 - Critical: Security Update for Microsoft Graphics Component (4013075) - Version: 3.0
    on 9 maggio 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V3.0 (May 9, 2017): Microsoft has re-released security update 4017018 for affected editions of Windows Server 2008. The re-release has been re-classified as a security update. Microsoft recommends that customers should install update 4017018 to be fully protected from CVE-2017-0038. Customers who have already installed the update do not need to take any further action. In addition, this security update correction also applies to Windows Server 2008 for Itanium-based Systems.Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. […]

  • 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
    on 9 maggio 2017 at 5:00 pm

    Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and displays an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a Microsoft Trusted Root CA where the end-entity certificate or the issuing intermediate uses SHA-1. Manually-installed enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2. For more information, please see Windows Enforcement of SHA1 Certificates. […]

  • MS16-APR - Microsoft Security Bulletin Summary for April 2016 - Version: 3.0
    on 11 aprile 2017 at 5:00 pm

    Revision Note: V3.0 (April 11, 2017): For MS16-037, Bulletin Summary revised to announce the release of a new Internet Explorer cumulative update (4014661) for CVE-2016-0162. The update adds to the original release to comprehensively address CVE-2016-0162. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described in this bulletin. See Microsoft Knowledge Base Article 4014661 for more information.Summary: This bulletin summary lists security bulletins released for April 2016. […]

  • MS17-014 - Important: Security Update for Microsoft Office (4013241) - Version: 2.0
    on 11 aprile 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V2.0 (April 11, 2017): To comprehensively address CVE-2017-0027 for Office for Mac 2011 only, Microsoft is releasing security update 3212218. Microsoft recommends that customers running Office for Mac 2011 install update 3212218 to be fully protected from this vulnerability. See Microsoft Knowledge Base Article 3212218 for more information.Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. […]

  • MS16-037 - Critical: Cumulative Security Update for Internet Explorer (3148531) - Version: 2.0
    on 11 aprile 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (April 11, 2017): Bulletin revised to announce the release of a new Internet Explorer cumulative update (4014661) for CVE-2016-0162. The update adds to the original release to comprehensively address CVE-2016-0162. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described in this bulletin. See Microsoft Knowledge Base Article 4014661 for more information.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • MS17-021 - Important: Security Update for Windows DirectShow (4010318) - Version: 2.0
    on 11 aprile 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V2.0 (April 11, 2017): Bulletin revised to announce that the security updates that apply to CVE-2017-0042 for Windows Server 2012 are now available. Customers running Windows Server 2012 should install update 4015548 (Security Only) or 4015551 (Monthly Rollup) to be fully protected from this vulnerability. Customers running other versions of Microsoft Windows do not need to take any further action.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an Information Disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system. […]

  • MS16-084 - Critical: Cumulative Security Update for Internet Explorer (3169991) - Version: 1.1
    on 17 marzo 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V1.1 (March 17, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • MS16-JUL - Microsoft Security Bulletin Summary for July 2016 - Version: 1.2
    on 17 marzo 2017 at 5:00 pm

    Revision Note: V1.2 (March 17, 2017): For MS16-087, added a Known Issues reference to the Executive Summaries table. If you are using network printing in your environment, after you apply the 3170005 security update you may receive a warning about installing a printer driver, or the driver may fail to install without notification. For more information about the update and the known issue, see Microsoft Knowledge Base Article 3170005.Summary: This bulletin summary lists security bulletins released for July 2016. […]

Linux (Community’s Center for Security)
  • Blowing the Whistle on Bad Attribution
    on 18 agosto 2017 at 11:15 am

    LinuxSecurity.com: The New York Times this week published a fascinating story about a young programmer in Ukraine who'd turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It's a good read, as long as you can ignore that the premise of the piece is completely wrong. […]

  • Skilled bad actors use new pulse wave DDoS attacks to hit multiple targets
    on 17 agosto 2017 at 9:52 am

    LinuxSecurity.com: In a new report, Incapsula warns about a new type of ferocious DDoS attack that uses "pulse waves" to hit multiple targets. Pulse wave DDoS is a new attack tactic designed by skilled bad actors "to double the botnet's output and exploit soft spots in 'appliance first cloud second' hybrid mitigation solutions." […]

  • A Deep Flaw in Your Car Lets Hackers Shut Down Safety Features
    on 17 agosto 2017 at 8:05 am

    LinuxSecurity.com: Since two security researchers showed they could hijack a moving Jeep on a highway three years ago, both automakers and the cybersecurity industry have accepted that connected cars are as vulnerable to hacking as anything else linked to the internet. […]

  • Take Part in a Study to Help Improve Onion Services
    on 16 agosto 2017 at 2:06 pm

    LinuxSecurity.com: I am a postdoc at Princeton University studying computer security and human-computer interaction. My colleagues and I want to understand how Tor users interact with onion services (formerly known as hidden services). The goal of our study is to understand your expectations, assumptions, and habits when browsing onion services. For example, we are wondering: How do you keep track of onion domains? […]

  • Google awards student $10k for discovery of App Engine data leak flaw
    on 16 agosto 2017 at 2:04 pm

    LinuxSecurity.com: Google has awarded $10,000 to a high school student for the discovery of a bug in Google's App Engine server which could lead to information disclosure. […]

  • Top 10 Enterprise Encryption Products
    on 16 agosto 2017 at 1:59 pm

    LinuxSecurity.com: A decade ago, encryption was hot enterprise security news. As a measure of its effectiveness as a technology, it has been incorporated as a key feature in many security suites since. But that doesn't mean it has faded in importance. With so many incidents of ransomware, fraud and data breaches in the news, encrypting sensitive data remains a vital necessity. […]

  • Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass
    on 14 agosto 2017 at 1:13 pm

    LinuxSecurity.com: A teenager in Uruguay has scored big after finding and reporting a bug in Google's App Engine to view confidential internal Google documents. […]

  • Those Free Stingray-Detector Apps? Yeah, Spies Could Outsmart Them
    on 14 agosto 2017 at 1:12 pm

    LinuxSecurity.com: As smartphone users have become more aware that fake cell phone towers, known as IMSI catchers or stingrays, can spy on them, developers have rushed to offer apps that detect when your phone connects to one. Unfortunately, it seems, those tools aren't as effective as they claim. Watching the watchers turns out to be a complicated business. […]

  • Git, SVN and Mercurial Open-Source Version Control Systems Update for Critical Security Vulnerabilit
    on 11 agosto 2017 at 10:43 am

    LinuxSecurity.com: Developers around the world take note - you must update your version control systems now, or face the possibility of being exploited due to a known flaw. […]

  • The DDoS Threat: Ukraine's Postal Service Hit by Two-Day Attack
    on 11 agosto 2017 at 10:42 am

    LinuxSecurity.com: The website for Ukraine's national postal service Ukrposhta was recently taken down by DDoS attacks for two days in a row, Interfax reports. […]

  • Hackers are now using the exploit behind WannaCry to snoop on hotel Wi-Fi
    on 11 agosto 2017 at 10:14 am

    LinuxSecurity.com: A hacking group accused of linked meddling in the run up to the US presidential election is harnessing the Windows exploit which made WannaCry ransomware and Petya so powerful -- and using it to perform cyberattacks against hotels in Europe. […]

  • World's first hack using DNA? Malware in genetic code could wreck police CSI work
    on 10 agosto 2017 at 11:40 am

    LinuxSecurity.com: Scientists have successfully encoded a software exploit in a gene to remotely hack a computer. But why would anyone want to hack a computer with a malicious DNA strand? The researchers who developed it argue an attacker could use it to hack any computer in the DNA sequencing pipeline. […]

  • openSUSE: 2017:2119-1: important: mariadb
    on 9 agosto 2017 at 9:21 pm

    LinuxSecurity.com: An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. […]

  • Fedora 25: cacti Security Update
    on 9 agosto 2017 at 4:14 pm

    LinuxSecurity.com: - Update to 1.1.16 - CVE-2017-12065 CVE-2017-12066 Release notes: https://www.cacti.net/release_notes.php?version=1.1.16 ---- - Update to 1.1.15 Release notes: https://www.cacti.net/release_notes.php?version=1.1.15 ---- - Update to 1.1.14 Release notes: https://www.cacti.net/release_notes.php?version=1.1.14 […]

  • Fedora 25: community-mysql Security Update
    on 9 agosto 2017 at 4:12 pm

    LinuxSecurity.com: **Update to version 5.7.19** Replication tests in the testsuite enabled, they don't fail anymore **Resolves:** #1462688; /run #1406172; random failures of the testsuite #1417880, #1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894, #1417896; replication tests **CVE fixes:** #1472716 CVE-2017-3633, […]

  • SuSE: 2017:2114-1: important: Linux Kernel Live Patch 0 for SLE 12 SP3
    on 9 agosto 2017 at 3:18 pm

    LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. […]

  • Fedora 26: pspp Security Update
    on 9 agosto 2017 at 12:17 pm

    LinuxSecurity.com: * FTBFS with GCC 7 […]

  • Fedora 26: community-mysql Security Update
    on 9 agosto 2017 at 12:13 pm

    LinuxSecurity.com: **Update to version 5.7.19** Replication tests in the testsuite enabled, they don't fail anymore **Resolves:** #1462688; /run #1406172; random failures of the testsuite #1417880, #1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894, #1417896; replication tests **CVE fixes:** #1472716 CVE-2017-3633, […]

  • SuSE: 2017:2113-1: important: puppet
    on 9 agosto 2017 at 9:44 am

    LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. […]

  • openSUSE: 2017:2111-1: important: libzypp, zypper
    on 9 agosto 2017 at 9:39 am

    LinuxSecurity.com: An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes is now available. is now available. […]

  • openSUSE: 2017:2112-1: important: the Linux Kernel
    on 9 agosto 2017 at 9:32 am

    LinuxSecurity.com: An update that solves four vulnerabilities and has 61 fixes An update that solves four vulnerabilities and has 61 fixes An update that solves four vulnerabilities and has 61 fixes is now available. is now available. […]

  • openSUSE: 2017:2110-1: important: the Linux Kernel
    on 9 agosto 2017 at 9:29 am

    LinuxSecurity.com: An update that solves 5 vulnerabilities and has 61 fixes is An update that solves 5 vulnerabilities and has 61 fixes is An update that solves 5 vulnerabilities and has 61 fixes is now available. now available. […]

  • SuSE: 2017:2109-1: important: tcmu-runner
    on 9 agosto 2017 at 9:18 am

    LinuxSecurity.com: An update that contains security fixes can now be installed. An update that contains security fixes can now be installed. An update that contains security fixes can now be installed. […]

  • SuSE: 2017:2099-1: important: Linux Kernel Live Patch 16 for SLE 12
    on 8 agosto 2017 at 12:26 pm

    LinuxSecurity.com: An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. […]

  • Social Engineering Methods for Penetration Testing
    on 21 ottobre 2016 at 10:18 am

    LinuxSecurity.com: Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited. […]

  • Putting Infosec Principles into Practice
    on 23 settembre 2016 at 10:53 am

    LinuxSecurity.com: When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly. […]

  • Installing an Apache Web Server with TLS
    on 22 agosto 2016 at 3:30 pm

    LinuxSecurity.com: One of the powerful things that Linux on servers allows you to do is to create scalable web applications with little to no software costs. Apache HTTPD, commonly referred to as just Apache, is the number one web server software in the world. […]

  • Essential tools for hardening and securing Unix based Environments
    on 26 maggio 2015 at 7:34 pm

    LinuxSecurity.com: System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services. […]

  • Securing a Linux Web Server
    on 28 aprile 2015 at 11:26 am

    LinuxSecurity.com: With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place. […]

  • Peter Smith Releases Linux Network Security Online
    on 6 gennaio 2014 at 6:28 pm

    LinuxSecurity.com: Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online." […]