Redhat users under threat from 'security update'
Linux maker Red Hat is warning users about an email that pretends to be an official security advisory but is actually a phishing-type scam that contains links to malicious code. The fake email appears to have been sent from security@redhat.com and was first spotted on Friday evening with a subject line: "RedHat: Buffer Overflow in 'ls' and 'mkdir'".
The email contains instructions on how to load and install a 'patch', which Red Hat warns is likely to contain malicious code. Red Hat said its official security messages are sent from secalert@redhat.com and are digitally signed.
According to the company's website: "All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified".