Linux-based operating systems have a reputation for their high-security level. That’s one of the reasons why the market share for Linux has been growing. The most commonly used operating systems such as Windows are often affected by targeted attacks in the form of ransomware infections, spyware, as well as worms, and malware.As a result, many personal, as well as enterprise users, are turning to Linux-based operating systems such as the Ubuntu-based Linux OS for security purposes. While Linux based systems are not targeted as frequently as other popular operating systems, they are not completely foolproof. There are plenty of risks and vulnerabilities for all types of Linux devices which put your privacy as well as your identity at risk. Here are a few tips to enhance your Linux security:Installing a VPNDownloading a Virtual Private Network (VPN) helps protect your internet traffic from prying eyes. That includes malicious attackers who may be in control of various routing equipment between you and the resource you are trying to access. A VPN also prevents your Internet Service Provider (ISP) from logging your internet activity and keeps your Wi-Fi provider from peeking into your business. You can also use a VPN to access restricted content on YouTube, Netflix, Hulu, etc. Choosing a good VPN for Linux will provide the most security and highest performance when you are going about your business. A VPN allows you to hide your computer’s IP and location to prevent the logging of metadata and browsing activity by your ISP. Moreover, you will be able to bypass internet censorship and firewalls. You don’t have to worry about your online privacy and security.Keep Your System Up to DateKeeping your operating system up to date is one of the most effective ways to protect your devices no matter what operating system you are using. However, this seemingly obvious task is also easy to neglect, especially if you don’t understand the importance of keeping your system updated. In addition to your operating system, keep your applications such as video players, PDF readers, and web browsers up to date. Most Linux-based operating systems make it extremely easy for users to keep their systems up to date. Ubuntu, for instance, installs security updates automatically by default. Go to System Settings > Software & Updates > Updates to double-check. Make sure that all the important updates are turned on. This ensures that there are no vulnerabilities that hackers can exploit to create a way into your system. Enable Your FirewallThe role of a firewall is to block access to insecure services on your computer. A few years ago, it was considered extremely risky to access the internet without a firewall. Today, some operating systems such as Linux-based Ubuntu don’t have a firewall enabled by default. That’s because Ubuntu does not have internet-based services running on a standard installation thus rendering a firewall unnecessary. Broadband routers include a firewall by default, though. When it comes to Ubuntu, all it takes to compromise your security is to install something that’s vulnerable or to accidentally mess with the configuration. If that happens, you will find yourself in need of a firewall. Luckily, it’s easy to install a firewall on Linux. The Linux kernel has a firewall functionality by default, and all you need to do is add a graphical front end. Ubuntu systems have a command-line utility known as UFW. It is installed, but not enabled. You can use this utility to start the firewall and block all incoming connections. Use Antivirus SoftwareWindows is the most common operating system. As a result, most malware out there is generally designed for Windows systems and won’t be activated on your Linux devices. For that reason, some consider anti-virus completely unnecessary for Linux-based systems. However, what most Linux users don’t know is that there is more sophisticated malware designed to attack Linux OS. The likelihood of such an attack is low, though. However, there are arguments that the number of malware and viruses targeting Linux is on the rise. Once you are attacked by them, you have no way of defending yourself. It’s always a good idea to stay protected even against the least expected attacks. After all, feeling safe just because the risk of a breach is low means that the attacker is already one step ahead of you. Use Linux antivirus just to be safe. There are many of them out there, find one that provides the best protection for your situation. Encrypt Your Drive (Full Disk Encryption)The newer versions of Linux distribution will ask you whether you want to encrypt your drive during the installation process. Always make sure that you choose to encrypt your drive when you install Xubuntu, Kubuntu, BackTrack, or any other type of Linux distribution to protect your data. Your data remains 100 percent safe if it is encrypted, whether you are using a hard drive or an SSD drive. Only you will be able to access the contents of the drive once you have chosen to encrypt it. Upon login, you will be required to enter your password to decrypt the drive. The ability to encrypt your drive comes in pretty handy when you are using a mobile device or laptop. As long as your drive is encrypted, nobody will be able to access your important data even if your laptop gets stolen. In addition to full-disk encryption, Linux also allows users to encrypt their home directory and create a fully protected system. Don’t Run as Root for Everything One of the most notable differences between Windows and Linux is that standard user accounts can’t destroy the integrity of the system when running Linux. When running Linux, you can only do that when using the system administrator. You will have to use the root account for certain administrative tasks, but it’s important that you keep these tasks separate from regular desktop management and day-to-day monotony. You will be required to enter your password for all administration tasks when you are not running root. A lot of users find the unending password requests tedious and resort to using root for everything. That’s a mistake. Do not be tempted to run as root for everything as it compromises the security of your device. There’s a high probability of making a mistake that ends up destroying the integrity of your system if you spend a lot of time as root. Disable USB MountWhen dealing with someone who can physically tamper with your computer, disabling the USB mount is a crucial method you can use to ensure higher security. The only downside is that you will have to find another method of transferring data safely once you disable the USB mount on your Linux device. However, the existence of sophisticated malware that activates automatically once the pen drive is inserted into your computer makes it worth it. Use Strong PasswordsLast but not least, use strong passwords to secure your device. We have been advised, time and again, to use strong passwords to protect our personal data. Still, most of us don’t give passwords enough attention. Your password is the key to your entire online identity, not just a simple barrier to your desktop. A password needs to be strong and unique. Use a combination of upper- and lower-case letters, numbers, symbols, and other characters to create strong passwords for your Linux devices and online accounts. Linux is one of the most secure operating systems out there. Running on only about 2 percent of desktop computers in the world, Linux doesn’t attract much attention from cybercriminals. But being part of a small minority doesn’t guarantee security. Linux malware exists and Linux devices get hacked, stolen, or lost. Use these tips to keep your Linux computer protected at all times.Writer’s bio:Jack is an accomplished cybersecurity expert with years of experience under his belt at TechWarn, a trusted digital agency to world-class cybersecurity companies. A passionate digital safety advocate himself, Jack frequently contributes to tech blogs and digital media sharing expert insights on cybersecurity and privacy tools. 

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there has still been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone.
News, platforms, and features aside, it would not be a Kali release if there was not a number of changes to our packages – both new tools and upgrades to existing ones.
If you want to see what is new for yourself download a new image or upgrade if you already have a Kali Linux installation.The summary of the changelog since the 2023.3 release from August is:Cloud ARM64 MarketplacesStarting from Kali 2023.4, we will now be offering both Kali Linux AMD64 and ARM64 on Amazon AWS and Microsoft Azure marketplaces.The advantage that ARM64 brings to the table is more options and flexibility in instance offerings, which leads to improved price-to-performance ratio.
The draw back is, even though Kali Linux has always treated ARM a first class citizen, not every package has an ARM64 offering – most do and we are working on improving this every day!
Try setting up a lab in the cloud and performing your own benchmarks to compare performances.Amazon AWS:Microsoft Azure:If you need some help using Kali Linux in the cloud, be sure to check our documentation.
Otherwise, if you want to see how we generate these images, see our cloud build-scripts.Vagrant Hyper-V SupportWith our recent work with adding support to our VM build-scripts to create Microsoft Hyper-V virtual machines, we have kept on going down the rabbit hole of development. Our Vagrant offering now includes a Hyper-V environment!If you are not too familiar with Vagrant, think of it as a command-line interface for VMware, VirtualBox, and now Hyper-V.At a higher level, in the same way that Docker uses Dockerfile, Vagrant uses Vagrantfile.
These files go on to define how to create the virtual machine and further provisions, such as which operating system to use, CPU, RAM, storage, networking, and also any scripts or commands that the VM should execute to further install and configure.That means our our Vagrant offering has support for:Hyper-VQEMUVirtualBoxVMwareIf this is something you like the sound of, we have further reading on our documentation:We also have our vagrant build-scripts public if you want to see how it is done.Raspberry Pi 5If you have been lucky enough to get your hands on the newest Raspberry Pi, Kali Linux can now be used on a Raspberry Pi 5!We have created a new dedicated image which can either be downloaded direct, or automated using Raspberry Pi Imager.You can build the image yourself if you wish to tinker and customize any aspect of it, such as changing the default desktop environment, packages, settings etc.Please note, Nexmon support is not yet working with the in-built Wi-Fi (so no monitor mode or frame injection without an external card).You can keep an eye on progress by checking our documentation about it. Please keep in mind that while the image is now available for use, we would consider it to be in a BETA state. For the time being, the image is for ARM64 architecture, hopefully additional flavors will come later.We want to give a huge shout-out as there were a lot of volunteers from the community who were willing to test and report issues with the image.
There was one person who really stood out, and this image would not be possible without BakaValen’s assistance, support, reporting of issues, and ideas.Additionally, David Bombal’s Raspberry Pi 5 Kali Linux install in 10 minutes came out to show off our initial work of Kali Linux on the Raspberry Pi 5.GNOME 45With GNOME 45 hot off the press, Kali Linux is now supporting it! And is looking pretty in the process!For people who opt to use GNOME as their desktop environment, GNOME 45 is now here! If you do not read their changelog, below is a quick summary mixed with some of our tweaks:Full-height sidebars in many updated appsHighly improved speed of search in nautilus file managerUnfortunately the update for nautilus was not ready for this release, but it will arrive as a later update soonImproved settings app (gnome-control-center)Updated color-schemes for gnome-text-editorUpdated themes for shell, libadwaita, gtk-3 and gtk-4Updated gnome-shell extensionsShell updates, including a new workspace indicator, replacing the previous “Activities” buttonIt is also possible to scroll your mouse wheel while hovering over the indicator to switch between workspacesInternal InfrastructureWe are still undergoing big changes with our infrastructure, and as always, it is taking longer than planned! The wait has been worth it, and long standing items are getting fixed or replaced!Enters MirrorbitsOne of the projects which is now complete is the migration of our “mirror redirector”. This is our biggest user-facing service, as without this, all default Kali installations would not be able to use apt (aka http.kali.org), or being able to download Kali image (cdimage.kali.org). This service sits in-front of our mirrors (archive*.kali.org), community mirrors and Cloudflare (kali.download). It is responsible for redirecting every request to its nearest mirror, based on a few factors such as geographic location, mirror speed, and mirror “freshness”.Since Kali was launched back in March 2013, until November 2023 we had been using MirrorBrain. Unfortunately, the project has been unmaintained since 2015, and so after 10 years in production, it was really time to say good-bye. Today, we are now using Mirrorbits.The first thing we can say is that, with Mirrorbits, we find ourselves lucky: this is a rock-solid piece of software, built on modern tech (Go and Redis), initially released 10 years ago, and running in production for just as long. It was initially developed by Ludovic Fauvet from VideoLAN in order to distribute the VLC media player. And over these years, it has been adopted by a growing number of FOSS projects such as GNOME, Jenkins, Lineage OS, and many others.As it happens, our use-case of Mirrorbits is different to what it was originally created for: distributing VLC, or in other words, a rather small set of static files. Kali Linux being a complete Linux distribution, it means that we distribute a huge number of files (at times there can be millions of files in our repo). Being a rolling distribution means that Mirrorbits must cope with fast-changing metadata in the repository. We also need to distribute Kali over both HTTP and HTTPS, which was not well supported.Thus, the transition to Mirrorbits was not trivial, it did not work “out-of-the-box” for us, and we had to rework some pieces here and there, and basically hammer at it until it does the job. But it was well worth it, and in the end our modifications were clean enough that we could submit it all upstream. We really hope that all of this work will be accepted, thus making it easier for Linux distributions in general to use Mirrorbits going forward. Oh, and we have created and are maintaining the Debian package!Much more could be written on the topic, and we plan a longer blog post dedicated to it. But for now, enough’s been said.It would not be a Kali release if there were not any new tools added! A quick run down of what has been added (to the network repositories):cabby – TAXII client implementationcti-taxii-client – TAXII 2 client libraryenum4linux-ng – Next generation version of enum4linux with additional features (a Windows/Samba enumeration tool)exiflooter – Finds geolocation on all image URLs and directoriesh8mail – Email OSINT & Password breach hunting toolHavoc – Modern and malleable post-exploitation command and control frameworkOpenTAXII – TAXII server implementationPassDetective – Scans shell command history to detect mistakenly written passwords, API keys, and secretsPortspoof – All 65535 TCP ports are always open & emulates servicesRaven – Lightweight HTTP file upload serviceReconSpider – Most Advanced Open Source Intelligence (OSINT) Frameworkrling – RLI Next Gen (Rling), a faster multi-threaded, feature rich alternative to rliSigma-Cli – List and convert Sigma rules into query languagessn0int – Semi-automatic OSINT framework and package managerSPIRE – SPIFFE Runtime Environment is a toolchain of APIs for establishing trust between software systemsThere have also been numerous packages updates and new libraries as well. We also bump the Kali kernel to 6.5.0!There have been multiple tools submitted from the community, ready to be merged into Kali:For more information about this, please see our blog post from previous release.MiscellaneousBelow are a few other things which have been updated in Kali, which we are calling out which do not have as much detail on:Kali NetHunter UpdatesWe have seen a few things from the community worth calling out:Kali ARM UpdatesThere are not a lot of changes to the ARM images this release, aside from the previously mentioned Raspberry Pi 5 support. However, they are no less important.The Raspberry Pi Zero W image now properly starts up into the command line interface instead of launching X.Accessing network configuration remotely now properly works again.eyewitness is now available for ARM64 platform.Kali Website UpdatesWe have recently created a Frequently Asked Questions with answers that we commonly keep seeing crop up.Our Kali documentation has had various updates to existing pages as well as new pages:We also want to say a little thank you to following for their work on the sites:These are people from the public who have helped Kali and the team for the last release. And we want to praise them for their work (we like to give credit where due!):AI Program – Helped testing base imagesBakaValen – Helped with testing, troubleshooting and offering ideas with the Raspberry Pi 5 imageDavid Bombal – Helped with testing the Raspberry Pi 5 imageSalty_ – Helped with testing base imagesX0RW3LL – Helped with testing base imagesAnyone can help out, anyone can get involved!New Kali MirrorsWe have some new mirrors! Those are:If you have the disk space and bandwidth, we always welcome new mirrors.Kali Team Discord ChatOnce the Kali release is over, we have been doing an hour long voice chat with a number of Kali team members. This is where anyone can ask questions to us about Kali or the information security industry as a whole.The next session will be held slightly differently to our previous ones, later in the day, on the Friday that is coming up, and on OffSec’s Discord – Friday, 8th December 2023 18:00 -> 19:00 UTC/+0 GMT (Discord link & iCalendar invite).Please note, there will not be a recording of this – its live only.Get Kali Linux 2023.4Fresh Images:
So what are you waiting for? Go and grab Kali already!Seasoned Kali Linux users are already aware of this, but for the ones who are not, we do also have weekly builds that you can use as well. If you cannot wait for our next release next quarter to get the latest packages or bug fixes you can download these images instead.
Just know that these are automated builds that we do not QA like we do our standard point release images. We also welcome any bug reports about those images too!!Existing Installs:
If you already have an existing Kali Linux installation, remember you can always do a quick update:┌──(kali㉿kali)-[~]
└─$ echo “deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware” | sudo tee /etc/apt/sources.list
[…]

┌──(kali㉿kali)-[~]
└─$ sudo apt update && sudo apt -y full-upgrade
[…]

┌──(kali㉿kali)-[~]
└─$ cp -vrbi /etc/skel/. ~/
[…]

┌──(kali㉿kali)-[~]
└─$ [ -f /var/run/reboot-required ] && sudo reboot -f
You should now be on Kali Linux 2023.4!
We can do a quick check by doing:┌──(kali㉿kali)-[~]
└─$ grep VERSION /etc/os-release
VERSION=”2023.4″
VERSION_ID=”2023.4″
VERSION_CODENAME=”kali-rolling”

┌──(kali㉿kali)-[~]
└─$ uname -v
#1 SMP PREEMPT_DYNAMIC Debian 6.5.6-1kali1 (2023-10-09)

┌──(kali㉿kali)-[~]
└─$ uname -r
6.5.0-kali3-amd64
NOTE: The output of uname -r may be different depending on the system architecture.As always, should you discover any issues with Kali, please search then submit a report on our bug tracker. We will never be able to fix what we do not know is broken! And social networks are not bug trackers!Want to keep up-to-date? Easy!
We have a RSS feeds and newsletter of our blog to help you. Our social networks are in the footer of this page!