Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Linux

sysdig

CVE-2023-0210

Content KSMBD, as defined by the kernel documentation1, is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network. It was introduced in kernel version ‘v5.15-rc1’ so it’s still relatively new. Most distributions do not have KSMBD compiled into the kernel or enabled by default. Recently, another vulnerability (ZDI-22-16902) was discovered in KSMBD, which allowed for unauthenticated remote code execution in the kernel context.

teleport

SELinux, Dragons and Other Scary Things

If you've ever used Linux, you’ve probably heard about SELinux or Security-enhanced Linux. For a very long time, my interaction with it was just restricted to: Like many other security solutions, SELinux can sometimes be annoying, and understanding even the basic concepts can change our bigger enemy to our best friend.

CalCom

5 Tips for Linux Server Hardening

Linux servers have been in use for specific uses for a long time. One ought to be conscious that a new Linux server’s degree of protection is exceptionally low by default configuration. This is in order to permit as much functionality and competency as feasible while installing it. Consequently, it’s essential to carry out fundamental hardening procedures prior to installing the server in a production environment.

rezilion

What Do You Need to Secure a Blended Windows-Linux Environment?

Linux and Windows are a study in contrasts—the former operating system is open and users can easily copy and modify the code at will, while the latter is closed and proprietary. However, Windows is no longer the only game in town; increasingly, both are used in enterprises, which makes securing them a tall task. While many tools exist for organizations to manage vulnerabilities in their software, they tend to be OS-specific.

elastic

A look under the hood at eBPF: A new way to monitor and secure your platforms

In this post, I want to scratch at the surface of a very interesting technology that Elastic’s Universal Profiler and Security solution both use called eBPF and explain why it is a critically important technology for modern observability. I’ll talk a little bit about how it works and how it can be used to create powerful monitoring solutions — and dream up ways eBPF could be used in the future for observability use cases.

Sponsored Post

Linux security: How the third-most-used OS in the world has become the number one target of cyberattacks

If we were to ask a bunch of people to choose a computer, they would most likely go with a Windows or Mac machine. The possibility of them choosing a Linux machine is slim. This is directly reflected in recent desktop adoption trends as well. Linux accounts for only 2.14% of all desktop operating systems (OSs) while its counterparts, Windows and Mac, occupy about 75.23% and 15.86% respectively.
netwrix

Joining Linux Hosts to an Active Directory Domain with realmd and SSSD

Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.

alienvault

Shikitega - New stealthy malware targeting Linux

AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.

teleport

What You Need to Know About Linux Auditing

None of us want to look into a production audit system, as this most likely happens after a security breach or a security incident. Over the years, people have come up with many ideas to see what applications are doing. Almost all databases keep event logs to prevent data loss. Systems such as Kubernetes generate events for every action, and applications that probably run in your production also implement some structured logging for the same reason. But what can we do if all of that is not enough?