The KernelCare team strives to help make sure you never miss a critical patch. In October, we worked to provide you with simple instructions on how live patching of Linux kernels and shared libraries can help you protect your business and grow it steadily.
Month: October 2020
Case Study: University of Zagreb eliminated downtime with KernelCare
Educational institutions are being hacked on a regular basis, and this trend shows no signs of improvement: over half (54%) of UK universities reported a data breach to the regulator in the past 12 months, with an average of two reports each. For educational institutions, the implications of any data theft are huge: reputational, legal, economic and operational. It may affect potential funding, as well as cause a loss of future student fees and associated income.
Continue reading “Case Study: University of Zagreb eliminated downtime with KernelCare”
8 Tools to Keep Linux Servers Secure
Keeping Linux servers updated and patched isn’t the job of just one tool. You need several tools to ensure your servers are configured properly and aren’t a target for the latest exploits. Checking one server could be done manually, but when you’re responsible for hundreds of critical servers, you need tools to audit current server functionality, update software, set configurations, and perform any other actions required during maintenance. The following list of tools is a breakdown of the best software that will help administrators be proactive in Linux server management, configuration management, updates and patching.
Strategies for Managing End-of-Life Operating System
The end of life (EOL) for software means that the software has reached the end of its predefined support period and will be retired. Beyond this date, the software will no longer receive feature enhancements, maintenance, or security updates. You may continue using the software past its end-of-life date, but any future exploits puts your business at risk. If there are security vulnerabilities, your system and data could be stolen and sold on darknet markets. Without security updates, your system will become vulnerable to hacking attacks, but migrating from the EOL OS to the newer version is connected with a huge workload for administrators.
Continue reading “Strategies for Managing End-of-Life Operating System”
Behind the Scenes at KernelCare: How We Test Patches Before Release
Testing is essential for any software update including patches, but it’s even more essential when changes are made to critical infrastructure that powers revenue-impacting services. Release of security updates that are not thoroughly tested may result in kernel crashes, operating system reboots, system- or service-level failures – some of these aftermaths are critical and some just unpleasant, but all of them can hurt your business and service-level agreements. KernelCare has a strict testing process every patch must go through before it’s deployed to production, and this article details how we ensure customer infrastructure reliability and uptime after patch deployments.
Continue reading “Behind the Scenes at KernelCare: How We Test Patches Before Release”
Linux Server Security Best Practices in 2020
Whether your system is running in a local office or remotely in a data center, security is vital to any environment. Unfortunately, there are often considerable security concerns associated with Linux servers. More and more systems become compromised on a daily basis. And vast amounts of users are unaware that proactive server security measures are required to thwart exposure. It is essential to comply with best practices for Linux security to protect your servers from vulnerabilities and threats.
Continue reading “Linux Server Security Best Practices in 2020”
A Guide to Memory Vulnerabilities in the Linux Kernel
Most cyber-attacks are financially motivated, so attackers constantly come up with new ways to breach data. While the amount and sophistication of such attacks are constantly increasing, most of them are based on memory-corruption vulnerabilities—a problem that has been persisting over the last four decades. To better fight against cyber-attackers, administrators who understand memory corruption can leverage this knowledge to proactively defend infrastructure. This guide will provide administrators with information to help them better understand memory corruption and the aftermath should an attacker exploit the vulnerability.
Continue reading “A Guide to Memory Vulnerabilities in the Linux Kernel”
Tools for Meeting and Maintaining SOC 2 Compliance
Meeting System and Organization Controls (SOC) 2 compliance is more than just a simple process implemented once to pass an audit. Permanent procedural changes are tedious and time-consuming but are necessary to ensure that the organization can pass a SOC 2 audit. It’s more than simply supplying a paper trail to a CPA. You must have the right controls and tools in place to maintain compliance permanently or risk violating compliance standards. Losing SOC 2 compliance isn’t an option for most organizations, but the right tools will keep you compliant and help facilitate continual compliance in future audits.
Continue reading “Tools for Meeting and Maintaining SOC 2 Compliance”
Rebootless Patches for ‘BleedingTooth’ are on the Way
Google security researchers recently found a flaw in the way the Linux kernel’s Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in range could use this flaw to crash a targeted system causing a denial-of-service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. All Linux distributions are affected, but the exploit is only possible if you have devices connected via Bluetooth to your infrastructure.
Continue reading “Rebootless Patches for ‘BleedingTooth’ are on the Way”
Rebootless Patches for ‘BleedingTooth’ are on the Way
Google security researchers recently found a flaw in the way the Linux kernel’s Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in range could use this flaw to crash a targeted system causing a denial-of-service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. All Linux distributions are affected, but the exploit is only possible if you have devices connected via Bluetooth to your infrastructure.
Continue reading “Rebootless Patches for ‘BleedingTooth’ are on the Way”