Sicurezza – Bollettini Microsoft e Linux

News, Alert e Bollettini di sicurezza Microsoft e Linux

Microsoft (Microsoft Technical Security Notifications, MSRC Blog)
  • January 2018 security update release
    by MSRC Team on 9 gennaio 2018 at 6:16 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. &nbs […]

  • 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
    on 9 gennaio 2018 at 6:00 pm

    Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the update, see ADV170021.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange (DDE) fields. […]

  • December 2017 security update release
    by MSRC Team on 12 dicembre 2017 at 6:30 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. […]

  • 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
    on 12 dicembre 2017 at 6:00 pm

    Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory also provides guidance on what on-premises AD administrators can do to ensure that the account is properly secured. […]

  • November 2017 security update release
    by MSRC Team on 14 novembre 2017 at 6:00 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. […]

  • MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Version: 1.1
    on 19 ottobre 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V1.1 (October 19, 2017): Corrected a typo in the CVE description.Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR). […]

  • October 2017 security update release
    by MSRC Team on 10 ottobre 2017 at 5:00 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. […]

  • Extending the Microsoft Office Bounty Program
    by MSRC Team on 15 settembre 2017 at 10:10 pm

    Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017.  This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on the Office Insider Builds on Windows.  This program represents... […]

  • September 2017 security update release
    by MSRC Team on 12 settembre 2017 at 5:01 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide. &nbs […]

  • MS16-123 - Important: Security Update for Windows Kernel-Mode Drivers (3192892) - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3376. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. […]

  • MS16-AUG - Microsoft Security Bulletin Summary for August 2016 - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V3.0 (September 12, 2017): For MS16-095, revised the Windows Operating System and Components Affected Software table to include Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems and Internet Explorer 11 installed on Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3326. Microsoft recommends that customers running Internet Explorer on Windows 10 Version 1703 install update 4038788 to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for August 2016. […]

  • MS16-JUL - Microsoft Security Bulletin Summary for July 2016 - Version: 2.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V2.0 (September 12, 2017): For MS16-087, to address known issues with the 3170455 update for CVE-2016-3238, Microsoft has made available the following updates for currently-supported versions of Microsoft Windows: • Rereleased update 3170455 for Windows Server 2008 • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 and Windows Server 2012 R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016. Microsoft recommends that customers running Windows Server 2008 reinstall update 3170455. Microsoft recommends that customers running other supported versions of Windows install the appropriate update. See Microsoft Knowledge Base Article 3170005 (https://support.microsoft.com/en-us/help/3170005) for more information.Summary: This bulletin summary lists security bulletins released for July 2016. […]

  • MS16-APR - Microsoft Security Bulletin Summary for April 2016 - Version: 4.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V4.0 (September 12, 2017): For MS16-039, revised the Windows Operating Systems and Components affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-0165. Consumers running Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for April 2016. […]

  • MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 2.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (September 12, 2017): To address known issues with the 3170455 update for CVE-2016-3238, Microsoft has made available the following updates for currently-supported versions of Microsoft Windows: • Rereleased update 3170455 for Windows Server 2008 • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 and Windows Server 2012 R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016. Microsoft recommends that customers running Windows Server 2008 reinstall update 3170455. Microsoft recommends that customers running other supported versions of Windows install the appropriate update. See Microsoft Knowledge Base Article 3170005 (https://support.microsoft.com/en-us/help/3170005) for more information.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or sets up a rogue print server on a target network. […]

  • MS16-OCT - Microsoft Security Bulletin Summary for October 2016 - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V3.0 (September 12, 2017): For MS16-123, revised the Windows Operating System and Components affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3376. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for October 2016. […]

  • MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 4.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V4.0 (September 12, 2017): Revised the Microsoft Windows affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-0165. Consumers running Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. […]

  • MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems and Internet Explorer 11 installed on Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3326. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Internet Explorer on Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability. Customers who are running other versions of Windows 10 and who have installed the June cumulative updates do not need to take any further action.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • MS16-149 - Important: Security Update for Microsoft Windows (3205655) - Version: 1.1
    on 23 agosto 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V1.1 (August 23, 2017): Corrected the Updates Replaced for security update 3196726 to None. This is an informational change only. Customers who have already successfully installed the update do not need to take any further action.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application. […]

  • August 2017 security update release
    by MSRC Team on 8 agosto 2017 at 5:02 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide. &nbs […]

  • MS17-MAR - Microsoft Security Bulletin Summary for March 2017 - Version: 4.0
    on 8 agosto 2017 at 5:00 pm

    Revision Note: V4.0 (August 8, 2017): For MS17-007, to comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerabilitySummary: This bulletin summary lists security bulletins released for March 2017 […]

  • MS17-007 - Critical: Cumulative Security Update for Microsoft Edge (4013071) - Version: 2.0
    on 8 agosto 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (August 8, 2017): To comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
    on 8 agosto 2017 at 5:00 pm

    Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This advisory also provides guidance on what developers and individuals can do to ensure that their applications hosting the WebBrowser Control are properly secured. […]

  • The MSRC 2017 list of “Top 100” security researchers
    by MSRC Team on 7 agosto 2017 at 6:36 pm

    Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at BlackHat North America, the Microsoft Security Response Center highlights contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft. This list... […]

  • Announcing the Windows Bounty Program
    by MSRC Team on 26 luglio 2017 at 5:01 pm

    Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities. We built in mitigations and defenses such as DEP, ASLR, CFG,... […]

  • July 2017 security update release
    by MSRC Team on 11 luglio 2017 at 5:30 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide. MSRC team […]

  • MS16-SEP - Microsoft Security Bulletin Summary for September 2016 - Version: 2.0
    on 11 luglio 2017 at 5:00 pm

    Revision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for September 2016. […]

  • MS16-111 - Important: Security Update for Windows Kernel (3186973) - Version: 2.0
    on 11 luglio 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system. […]

  • 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
    on 27 giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. […]

  • 4025685 - Guidance related to June 2017 security update release - Version: 1.0
    on 13 giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today. […]

  • 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
    on 12 maggio 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. […]

Linux (Community’s Center for Security)
  • RedHat: RHSA-2018-0116:01 Important: rh-eclipse46-jackson-databind security
    on 23 gennaio 2018 at 5:53 am

    LinuxSecurity.com: An update for rh-eclipse46-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, […]

  • Ubuntu 3542-2: Linux kernel (Trusty HWE) vulnerabilities
    on 23 gennaio 2018 at 1:36 am

    LinuxSecurity.com: Several security issues were addressed in the Linux kernel. […]

  • Ubuntu 3541-2: Linux kernel (HWE) vulnerabilities
    on 23 gennaio 2018 at 1:35 am

    LinuxSecurity.com: Several security issues were addressed in the Linux kernel. […]

  • Ubuntu 3540-2: Linux kernel (Xenial HWE) vulnerabilities
    on 23 gennaio 2018 at 1:35 am

    LinuxSecurity.com: Several security issues were addressed in the Linux kernel. […]

  • Ubuntu 3542-1: Linux kernel vulnerabilities
    on 23 gennaio 2018 at 1:33 am

    LinuxSecurity.com: Several security issues were addressed in the Linux kernel. […]

  • Ubuntu 3541-1: Linux kernel vulnerabilities
    on 23 gennaio 2018 at 1:32 am

    LinuxSecurity.com: Several security issues were addressed in the Linux kernel. […]

  • Ubuntu 3540-1: Linux kernel vulnerabilities
    on 23 gennaio 2018 at 1:31 am

    LinuxSecurity.com: Several security issues were addressed in the Linux kernel. […]

  • Debian: DSA-4094-1: smarty3 security update
    on 22 gennaio 2018 at 10:48 pm

    LinuxSecurity.com: It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. […]

  • RedHat: RHSA-2018-0115:01 Important: java-1.6.0-sun security update
    on 22 gennaio 2018 at 8:42 pm

    LinuxSecurity.com: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, […]

  • Ubuntu 3539-1: GIMP vulnerabilities
    on 22 gennaio 2018 at 6:16 pm

    LinuxSecurity.com: Several security issues were fixed in GIMP. […]

  • CentOS: CESA-2018-0102: Important CentOS 7 bind
    on 22 gennaio 2018 at 2:33 pm

    LinuxSecurity.com: Upstream details at : https://access.redhat.com/errata/RHSA-2018:0102 […]

  • CentOS: CESA-2018-0101: Important CentOS 6 bind
    on 22 gennaio 2018 at 2:11 pm

    LinuxSecurity.com: Upstream details at : https://access.redhat.com/errata/RHSA-2018:0101 […]

  • Salted Hash Ep 15: The state of security now and the not too distant future
    on 22 gennaio 2018 at 10:39 am

    LinuxSecurity.com: This week, Salted Hash is joined by Rob Lee, faculty fellow at the SANS Technology Institute, to talk about preventable IT security and the state of the industry as 2018 gets underway. […]

  • Famous cryptographers' tombstone cryptogram decrypted
    on 22 gennaio 2018 at 10:38 am

    LinuxSecurity.com: William and Elizebeth Friedman were a husband-and-wife team who were amongst the very first US government cryptographers. Their careers started just before the US entered World War One in 1917, and continued through and beyond World War Two. […]

  • Meltdown/Spectre week three: World still knee-deep in something nasty
    on 22 gennaio 2018 at 10:37 am

    LinuxSecurity.com: It is now almost three weeks since The Register revealed the chip design flaws that Google later confirmed and the world still awaits certainty about what it will take to get over the silicon slip-ups. […]

  • Rogue Chrome, Firefox Extensions Hijack Browsers; Prevent Easy Removal
    on 19 gennaio 2018 at 11:29 am

    LinuxSecurity.com: Any malware that hijacks your browser to serve up ads or to redirect you to random websites can be annoying. Even more so are extensions that take control of your browser and prevent you from landing on pages that can help you get rid of them. […]

  • Mozilla mandates that new Firefox features rely on encrypted connections
    on 19 gennaio 2018 at 11:28 am

    LinuxSecurity.com: Mozilla this week decreed that future web-facing features of Firefox must meet an under-development standard that requires all browser-to-server-and-back traffic be encrypted. […]

  • Man Admits to Directing DDoS Attacks Across the US
    on 18 gennaio 2018 at 10:43 am

    LinuxSecurity.com: New Mexico man pleads guilty to directing cyberattacks against his prior employers, business competitors, and law enforcement agencies. […]

  • The first lawsuits to save net neutrality have been filed
    on 17 gennaio 2018 at 10:29 am

    LinuxSecurity.com: The first lawsuits to overturn the Federal Communications Commission's rollback of Obama-era net neutrality rules have been filed. Attorneys general from 22 states filed a lawsuit on Tuesday to block the repeal of the rules. Mozilla, maker of the Firefox browser, also said it has filed a suit against the FCC, and several public interest groups have filed petitions in court. […]

  • BIND comes apart thanks to ancient denial-of-service vuln
    on 17 gennaio 2018 at 10:04 am

    LinuxSecurity.com: Back in 2000, a bug crept into the Internet Systems Corporation's BIND server, and it lay unnoticed until now. The result: if you're running a vulnerable version of BIND and using DNSSEC, you need to patch the server against a denial-of-service vulnerability. […]

  • Firefox locks down its future with HTTPS 'secure contexts'
    on 17 gennaio 2018 at 10:03 am

    LinuxSecurity.com: Mozilla's embrace of HTTPS, the secure form of HTTP, has ratcheted up a notch with the news that Firefox developers must start using a web security design called 'secure contexts' "effective immediately." […]

  • Four Malicious Google Chrome Extensions Affect 500K Users
    on 17 gennaio 2018 at 10:02 am

    LinuxSecurity.com: The ICEBRG Security Research team discovered four malicious Google Chrome extensions during a routine investigation of anomalous traffic. More than 500,000 users, including workstations in major businesses around the world, have been affected. […]

  • Mental Models & Security: Thinking Like a Hacker
    on 16 gennaio 2018 at 10:53 am

    LinuxSecurity.com: In the world of information security, people are often told to "think like a hacker." The problem is, if you think of a hacker within a very narrow definition (e.g., someone who only breaks Web applications), it leads to a counterproductive way of thinking and conducting business. […]

  • Android security: This newly discovered snooping tool has remarkable spying abilities
    on 16 gennaio 2018 at 10:51 am

    LinuxSecurity.com: A newly-uncovered form of Android spyware is one of the most advanced targeted surveillance tools ever seen on mobile devices, coming equipped with spying features never previously seen active in the wild. […]

  • Social Engineering Methods for Penetration Testing
    on 21 ottobre 2016 at 10:18 am

    LinuxSecurity.com: Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited. […]

  • Putting Infosec Principles into Practice
    on 23 settembre 2016 at 10:53 am

    LinuxSecurity.com: When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly. […]

  • Installing an Apache Web Server with TLS
    on 22 agosto 2016 at 3:30 pm

    LinuxSecurity.com: One of the powerful things that Linux on servers allows you to do is to create scalable web applications with little to no software costs. Apache HTTPD, commonly referred to as just Apache, is the number one web server software in the world. […]

  • Essential tools for hardening and securing Unix based Environments
    on 26 maggio 2015 at 7:34 pm

    LinuxSecurity.com: System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services. […]

  • Securing a Linux Web Server
    on 28 aprile 2015 at 11:26 am

    LinuxSecurity.com: With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place. […]

  • Peter Smith Releases Linux Network Security Online
    on 6 gennaio 2014 at 6:28 pm

    LinuxSecurity.com: Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online." […]