If you've ever used Linux, you’ve probably heard about SELinux or Security-enhanced Linux. For a very long time, my interaction with it was just restricted to: Like many other security solutions, SELinux can sometimes be annoying, and understanding even the basic concepts can change our bigger enemy to our best friend.
Linux and Windows are a study in contrasts—the former operating system is open and users can easily copy and modify the code at will, while the latter is closed and proprietary. However, Windows is no longer the only game in town; increasingly, both are used in enterprises, which makes securing them a tall task. While many tools exist for organizations to manage vulnerabilities in their software, they tend to be OS-specific.
Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.
AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
None of us want to look into a production audit system, as this most likely happens after a security breach or a security incident. Over the years, people have come up with many ideas to see what applications are doing. Almost all databases keep event logs to prevent data loss. Systems such as Kubernetes generate events for every action, and applications that probably run in your production also implement some structured logging for the same reason. But what can we do if all of that is not enough?
Digital infrastructure is constantly evolving, forcing security professionals to strengthen security operations at an accelerated pace to mitigate risks. With that said, organizations increasingly realize how essential API security is to their information security strategy, and are evaluating solutions that are being touted as potential tools to secure APIs. Recently, eBPF (an evolution of Berkeley Packet Filter) has been a topic of discussion as a method for collecting data on APIs.