ZDNet

Linux kernel source code repositories get better security

Immediately after the 2011 break-in, the Linux Foundation began "mandating a fairly strict authentication policy for those developers who commit directly to the git repositories housing the Linux ...
ZDNet

Linux Foundation's trust scorecards aim to battle rising open-source security threats

Open-source code has become a malware vector. For example, by the closest of shaves, an open-source developer discovered that Jia Tan, a chief programmer and maintainer of the Linux xz data ...
PC World

Ubuntu, ownCloud, and a hidden dark side of Linux software repositories

The version of ownCloud in Ubuntu’s Universe repositories is old and full of “multiple critical security vulnerabilities.” It’s no secret. The ownCloud project itself asked Ubuntu to remove it so ...
Bleeping Computer

Kali Linux warns of update failures after losing repo signing key

Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. The announcement comes after OffSec lost the old repo signing ...
Ars Technica

Backdoor found in widely used Linux utility targets encrypted SSH connections

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. Because the backdoor was discovered ...
Bleeping Computer

Arch Linux pulls AUR packages that installed Chaos RAT malware

Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR), which were used to install the CHAOS remote access trojan (RAT) on Linux devices. The packages were named ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...