We have finally wrapped up 2020! This past month has been intense and we’ve done our best to address all the news and changes that can potentially make your sysadmin’s life easier. We’ve included a quick recap video of our December highlights, but you can keep reading for more details.
A new vulnerability (CVE-2020-16166) in pseudo random number generator (PRNG) was found by Amit Klein, vice president of security research at SafeBreach and a security researcher at Israel’s Bar-Ilan University.
The vulnerability opens the door to Cross-Layer Attacks, a new hacking technique that raises a risk of DNS cache poisoning and that can enable the unauthorized identification and tracking of Linux and Android devices.
KernelCare patches for Debian 10, Debian 8, Oracle Linux UEK 5 and 6, Ubuntu 18.04, 20.04 are already available. Patches for RHEL 8 & Oracle Linux UEK 4 will be released early next week. Continue reading “KernelCare Patches for Cross-layer Attack Have Been Released”
Last week, the US Congress officially signed a bipartisan law, The Internet of Things Cybersecurity Improvement Act of 2020, or the IoT Cybersecurity Improvement Act of 2020. Sponsored by Reps. Will Hurd (R-Tex) and Robin Kelly (D-Ill), the law was made to establish that the government purchases only secure devices and closes existing vulnerabilities. The legislation mostly affects U.S. federal government applications, vendor partners, equipment manufacturers and stakeholders that deal with the federal government. However, this law has the potential to have ripple effects that extend beyond security safeguards for government entities, with those in the private industry and consumers more than likely also benefiting from new connected device standards.
We know that frequently updating Linux kernels is critical to the safety of cloud environments – kernels are, after all, a cybersecurity blind spot. But updating kernels is time-consuming and often requires a server restart which can disrupt services.
Today, the security of medical devices is becoming extremely important to assure customers and patients who interact with your devices that their health and personal information is taken seriously. Globally, regulators are increasingly requiring and verifying that devices are as secure as possible before and after product release. To continually address cybersecurity risks to keep patients safe and better protect public health, medical device manufacturers must comply with federal regulations.
CentOS is a fork of Red Hat Enterprise Linux (RHEL) and undoubtedly a popular choice to deploy on production servers because of its rock-solid stability and compatibility. But, now with CentOS Stream, Red Hat just killed CentOS as we know it. And as expected, people started to fork Red Hat to give a viable community-based alternative to RHEL.
As we already maintain CloudLinux OS, we plan to release a free, open-sourced, community-driven, 1:1 binary compatible fork of RHEL® 8 (and future releases) in the Q1 of 2021. We will create a separate, totally free operating system (OS) that is fully binary compatible with RHEL® 8 (and future versions). We will sponsor the development & maintenance of such OS and work on establishing a community around this OS, with the governing board from members of the community.
Big news from the OpenSSL team – they issued the fix for a new CVE-2020-1971 that causes servers’ disruptions via x509v3 certificate fields. The good news is that it cannot result in data theft; however, it has the ability to shut down your servers and paralyse the company’s operation flows. OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support, have not been checked and with high probability will not be addressed by the vendor.
Right now, the KernelCare Team is doing a delicate work of porting the vendor’s 1.1.1 patches to v.1.1.0 and enriching it with the live patching technology. The rebootless patches for both supported and unsupported versions of OpenSSL will be delivered in 24 hours for CentOS6, and 7 with the patches for the rest supported distributions released later this week.
The Internet of Things (IoT) has been adopted by an increasing number of enterprises recently, and it has become an essential part of edge computing. IoT projects are being added to the enterprise because they can bring value to the business by adding an intelligence and automation capability in situations where it wasn’t available before. However, with the amount of personal or sensitive data being stored at the edge, you could be at risk for a data breach through devices in your network that are unpatched for long periods of time – if ever.
Cloud provisioning has steadily replaced locally hosted servers. It’s simply much faster, and often cheaper, to fire up cloud-hosted Linux VMs to handle workloads and to scale in response to demand. Continue reading “Cloud Servers Need Updating Too”
The IoT is an integral part of many network infrastructures and a feature of everyday life for consumers. On the enterprise level, there are smart buildings, public utilities, and smart factories that rely upon online connectivity to operate smoothly via a network of physical nodes. Companies invest trillions of dollars in IoT tech to develop the most cutting-edge technologies and meet future economic challenges.