In a recent development, cybersecurity researchers have identified a new Linux variant of the notorious Play ransomware, also known as Balloonfly and PlayCrypt. This variant specifically targets VMware ESXi environments, signaling a strategic expansion by the threat actors behind it. Trend Micro's report published on Friday highlights the potential for a broader victim pool and more effective ransom negotiations as a result of this evolution.

What is eBPF and how can it be used within the Kubernetes environment? In the dynamic world of container orchestration, where speed and adaptability are a must, eBPF, short for Extended Berkeley Packet Filter, has changed how developers interact with kernels within Kubernetes environments. At its core, eBPF crosses traditional boundaries, offering a programmable and secure in-kernel execution environment that empowers developers to use custom code without the need for modifications to the kernel itself.

Today, most organizations and individuals use Linux and the Linux kernel with a “one-size-fits-all” approach. This differs from how Linux was used in the past–for example, 20 years ago, many users would compile their kernel and modify it to fit their specific needs, architectures and use cases. This is no longer the case, as one-size-fits-all has become good enough. But, like anything in life, “good enough” is not the best you can get.

This is a Bulletproof Tech Talk article: original research from our red team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. This blog looks at obfuscating Linux Symbols using dl_iterate_phdr with callbacks. It represents original security research from the Bulletproof Red Team.

If you want to make Google tongue-tied, search for ‘MDM for Linux.’

Jump to Tutorial Ubuntu, a popular Linux distribution, is known for its robust security features. There is always space for improvement once you install a fresh operating system, so in this article, we will guide you through the advanced techniques and features to enhance the security of the latest Ubuntu 24.04 version. There are multiple layers of security that Ubuntu offers out of the box, but we can implement additional steps that can further protect your system from threats.

eBPF is one of the most widely used technologies in today’s computing ecosystem, starting from the cloud sector up to routing and tracing in companies like Cloudflare. Many companies are basing and transforming their core products to use eBPF as an alternative to kernel modules because of all the benefits it offers both on the business side and technological side. Since this shift is gaining a lot of momentum I wanted to shed some light on eBPF.

This is a Bulletproof Tech Talk article: research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. In the complex landscape of Active Directory, ensuring secure and appropriate access is a constant challenge. Recently another "ESC" technique has been released which is known as ESC13.

Security-Enhanced Linux (SELinux), initially known for its perceived complexity in configuration and maintenance, has evolved into an indispensable security architecture across most Linux distributions. It empowers administrators to finely control the actions permitted to individual users, processes, and system daemons, thereby bolstering defense against potential security breaches.

Jump to Tutorial As of June 30, 2024, CentOS 7 will reach its end of life (EOL). That means it will no longer receive updates, bug fixes, critical security patches, or any new features. It is very important to migrate to a supported operating system to maintain the functionality and security of your systems. AlmaLinux is a reliable alternative to CentoOS. It’s a community-driven enterprise distribution that is binary compatible with Red Hat Enterprise Linux (RHEL).