Snyk recently partnered with the Linux Foundation to produce a report focusing on the state of security in the open source software (OSS) space. The report was based on 550+ survey responses and 15 interviews with OSS maintenance and cybersecurity experts. Following the report’s publication, experts from Snyk held a webinar with the Linux Foundation to discuss some of the key insights.
As organizations increasingly move to hybrid cloud environments to increase agility, scale and competitive advantage, adversaries are correspondingly looking to exploit these environments.
The Linux process model, available within Elastic, allows users to write very targeted alerting rules and gain deeper insight into exactly what is happening on their Linux servers and desktops. In this blog, we will provide background on the Linux process model, a key aspect of how Linux workloads are represented.
In recent days, several security vendors have published blogs about the Linux-based exploitation (CVE-2022-0847), also known as Dirty Pipe. The Elastic Security Research team is sharing the first detailed research to help organizations find and alert on the exploitation with Elastic Security products. We are releasing this research so that users can defend themselves, since very little information has been shared on the actual detection of exploitation attempts.
The new serious Linux Kernel vulnerability dubbed ‘Dirty Pipe’, due to its similarity to the 2016 high severity and easy to exploit DirtyCow vulnerability, was originally disclosed on March 7th by Max Kellermann. Kellermann found the bug accidently while researching corrupted log files on a log server.
The situation with Dirty Pipe is rapidly evolving. We will update the information in this blog as it is released publicly. On March 7, 2022, Max Kellermann publicly disclosed a vulnerability in the Linux kernel, later named Dirty Pipe, which allows underprivileged processes to write to arbitrary readable files, leading to privilege escalation. This vulnerability affects kernel versions starting from 5.8.