Every month, the KernelCare team strives to help you never miss a critical patch. This September, we worked extremely hard to swiftly release CVE–2020-14386 patches for your Proxmox 5 & 6 and Ubuntu 16.04 as well as for newer versions. There are also several new useful guides and articles that can help boost the security of your servers in seconds. Sounds like something you can benefit from? Keep on reading for more details!
Continue reading “Monthly KernelCare Update – September 2020”
.jpg)
CVE-2020-14386 is a new kernel vulnerability that can be exploited to gain root privileges from unprivileged processes. It corrupts the memory in kernels newer than 4.6 on various Linux distributions, including:
Continue reading “Patch CVE-2020-14386 Without Reboot With KernelCare”
To help administrators manage hundreds of servers with open-source libraries, KernelCare released UChecker – a scanner that checks network Linux servers and detects out-of-date libraries both on disk and in memory. KernelCare’s open-source scanner will find false negatives by correctly reporting vulnerable libraries running in memory that could be reported as updated by other scanners.
Continue reading “Find Unpatched Libraries In Memory With UChecker by KernelCare”
.jpg)
Rebooting servers hurts you and your customers. It’s often done during off-peak hours (usually at night) when servers process fewer transactions, but even rebooting at this time costs thousands in downtime. One server reboot can take from several minutes to over an hour depending on the configuration, and it can take additional time for services to synchronize. As a matter of fact, 25% of organizations report that downtime costs them between $300,000 and $400,000 for every hour servers are unavailable. Downtime is avoidable and reboots due to patching can be completely eliminated.
Continue reading “5 Ways to Reduce Server Downtime (And 1 Way To Eliminate It)”
The dreaded false positive exhaustion experienced by analysts brings with it numerous issues. Analysts begin ignoring reports, reviewing a false positive takes time and money, and incident response and threat hunting are affected. Scanning vendors continuously improve their procedures to better prevent false positives, but they still continue to have an impact on IT operations. The impact of false positives can be severe when benign reports create exhaustive overhead for your analysts. Worse yet, explaining to auditors why some items were marked can be tricky.
Continue reading “Vulnerability Scan Reports: Tired of Marking False Positives?”
Within any IT organization, there exist processes so routine and well-established that they become practically a given—with little concern for whether such processes and practices could be improved upon. Time is money, and it’s difficult to teach an old dog new tricks, especially if the dog doesn’t see any pressing reason to change its ways—or any risks involved with deciding not to.
When it comes to kernel patching, it seems that the current widespread philosophy is “if it ain’t broke, don’t fix it”. A background activity carried out by SysAdmins without much thought, kernel patching generally isn’t even on the radar of those responsible for organizational security and compliance. However, this is a potentially ruinous oversight, as the current standard approach to kernel patching exposes servers to malicious intent by threat actors on multiple attack vectors.
Continue reading “The Ultimate Guide to Updating Linux Kernel”
Administrators responsible for patching Linux know that it’s practically a full-time job in a large enterprise environment. To patch just one system, the administrator must identify that a patch is available, download it, and then deploy it to the system. In an enterprise environment, there could be hundreds of servers to manage, so the job of patch management becomes an all-day responsibility with the added risk of reboot fails after installation. Instead of manual updates, administrators can free up time and organize patches using automation tools.
Continue reading “The Ultimate Guide to Linux Patch Management”
