Linux Boot Security: Understanding Microsoft's Secure Boot Key Changes
Secure Boot compatibility is changing, and Linux users should start preparing now. Learn how Microsoft's key transition may affect Linux distributions and what actions you can take to avoid future boot issues.
🔗 https://www.linuxteck.com/secure-boot-linux-key-expires/
#Linux #SecureBoot #LinuxSecurity #UEFI #OpenSource #linuxteck
⚠️ Arch Linux AUR hit by major ongoing malware campaign
Since around June 11, attackers have been systematically adopting orphaned packages and injecting malicious code into 1,500+ AUR packages across several waves.
The malware often sneaks in via suspicious dependencies (npm / bun packages like atomic-lockfile or js-digest) that download a Rust-based infostealer targeting SSH keys, GitHub tokens, browser data, and more. Some attempts are now using code obfuscation to hide what they’re doing. In a few cases it even tries to deploy an eBPF rootkit if run as root.
Arch developers have been actively reverting the malicious changes, banning compromised accounts, and pausing new package adoptions while they clean it up. Official Arch repos remain safe this is isolated to the user-maintained AUR.
If you use AUR packages:
Carefully review PKGBUILDs before building anything new
Check your installed AUR packages (pacman -Qm) and be extra cautious with anything updated recently
Consider rotating SSH keys and tokens if you’ve built any suspicious packages
Community tools and detection scripts are helping spot the bad ones
Classic reminder that the AUR is powerful but community-driven always review before you build.
Stay safe, Linux friends.
PSA for anyone auditing Linux fleets: getent passwd is NOT the same as cat /etc/passwd when LDAP or SSSD is configured. Your audit scripts will miss every centrally-managed account if you only parse the local file.
Also, useradd's default shell comes from /etc/default/useradd -- on many distros that's /bin/bash. If you're creating service accounts without --shell /usr/sbin/nologin, you're handing out interactive shells.
#LinuxSecurity #SysAdmin #BashScripting #Security #DevSecOps #InfoSec
Patches for CVE-2026-46243 (CIFSwitch), a local privilege escalation vulnerability in the Linux kernel's CIFS subsystem, have been built for Rocky Linux 8, 9, and 10. Our hot fix security repository has been updated.
If you're running any supported Rocky Linux release, update now:
sudo dnf --enablerepo=security update
#RockyLinux #OpenSource #Linux #LinuxSecurity #CVE #EnterpriseLinux
⚠️ تحذير لمستخدمي لينكس: ثغرة CVE‑2024‑XXXXX في مكتبة libc تسمح بسرقة مفاتيح SSH والوصول الكامل إلى الخوادم.
🔑 أهم ما يجب فعله الآن
- حدّث جميع التوزيعات إلى الإصدار المصحّح.
- فعّل المصادقة الثنائية وقلل أذونات ملفات المفاتيح.
- راقب سجلات الدخول للأنشطة غير العادية.
Learn why Linux Kernel developers want to deprecate AF_ALG features, and the security concerns driving the decision.
Full story here: https://ostechnix.com/linux-kernel-7-2-deprecates-af_alg/
#AF_ALG #LinuxCryptoSubsystem #Linuxkernel #Linuxsecurity #EricBiggers #LinuxkernelHardening #Opensource
KDE Linux rimuove Zen Kernel, AUR e moduli non sicuri, rafforzando sicurezza e coerenza del suo sistema immutabile basato su Flatpak.
#KDELinux #KDE #LinuxSecurity #ImmutableOS #Flatpak #Linux
https://www.linuxeasy.org/kde-linux-zen-kernel-aur/?utm_source=mastodon&utm_medium=jetpack_social
A critical local privilege escalation (LPE) vulnerability, dubbed CIFSwitch, has been uncovered in the Linux kernel's CIFS subsystem—and it's been there for 19 years! Discovered by Asim Viladi Oglu Manizada at SpaceX, this flaw allows unprivileged local users to gain root privileges on many Linux distributions. This discovery highlights the persistent challenge of finding deeply embedded…
#cybersecurity #cifswitch #linuxsecurity
🤖 This post was AI-generated.
LinuxTeck
SudoAptChat
Michael Brazda
Think
Rocky Linux 
Global Feed
OSTechNix
Linux Easy
Daniel Marsh