December 2020 - TuxCare

Monthly KernelCare Update – December 2020

KernelCare Update - december 2020We have finally wrapped up 2020! This past month has been intense and we’ve done our best to address all the news and changes that can potentially make your sysadmin’s life easier. We’ve included a quick recap video of our December highlights, but you can keep reading for more details.

Continue reading “Monthly KernelCare Update – December 2020”

KernelCare Patches for Cross-layer Attack Have Been Released

KernelCare Patches for Cross-layer Attack Have Been Released

A new vulnerability (CVE-2020-16166) in pseudo random number generator (PRNG) was found by Amit Klein, vice president of security research at SafeBreach and a security researcher at Israel’s Bar-Ilan University.

The vulnerability opens the door to Cross-Layer Attacks, a new hacking technique that raises a risk of DNS cache poisoning and that can enable the unauthorized identification and tracking of Linux and Android devices.

KernelCare patches for Debian 10, Debian 8, Oracle Linux UEK 5 and 6, Ubuntu 18.04, 20.04 are already available. Patches for RHEL 8 & Oracle Linux UEK 4 will be released early next week. Continue reading “KernelCare Patches for Cross-layer Attack Have Been Released”

Meet The IoT Cybersecurity Improvement Act Terms With KernelCare

Meet The IoT Cybersecurity Improvement Act Requirements With KernelCareLast week, the US Congress officially signed a bipartisan law, The Internet of Things Cybersecurity Improvement Act of 2020, or the IoT Cybersecurity Improvement Act of 2020. Sponsored by Reps. Will Hurd (R-Tex) and Robin Kelly (D-Ill), the law was made to establish that the government purchases only secure devices and closes existing vulnerabilities. The legislation mostly affects U.S. federal government applications, vendor partners, equipment manufacturers and stakeholders that deal with the federal government. However, this law has the potential to have ripple effects that extend beyond security safeguards for government entities, with those in the private industry and consumers more than likely also benefiting from new connected device standards.

Continue reading “Meet The IoT Cybersecurity Improvement Act Terms With KernelCare”

Amazon Kernel Live Patching: Overview of Live Patching for Enterprise

Amazon Kernel Live PatchingWe know that frequently updating Linux kernels is critical to the safety of cloud environments – kernels are, after all, a cybersecurity blind spot. But updating kernels is time-consuming and often requires a server restart which can disrupt services.

Continue reading “Amazon Kernel Live Patching: Overview of Live Patching for Enterprise”

Keeping Your Medical Device Security Compliant with Live Patching

Keeping Your Medical Device Security Compliant with Live PatchingToday, the security of medical devices is becoming extremely important to assure customers and patients who interact with your devices that their health and personal information is taken seriously. Globally, regulators are increasingly requiring and verifying that devices are as secure as possible before and after product release. To continually address cybersecurity risks to keep patients safe and better protect public health, medical device manufacturers must comply with federal regulations. 

Continue reading “Keeping Your Medical Device Security Compliant with Live Patching”

Open-sourced & Community-driven RHEL Fork by CloudLinux OS Creators

RHEL Fork by CloudLinux OSCentOS is a fork of Red Hat Enterprise Linux (RHEL) and undoubtedly a popular choice to deploy on production servers because of its rock-solid stability and compatibility. But, now with CentOS Stream, Red Hat just killed CentOS as we know it. And as expected, people started to fork Red Hat to give a viable community-based alternative to RHEL.

As we already maintain CloudLinux OS, we plan to release a free, open-sourced, community-driven, 1:1 binary compatible fork of RHEL® 8 (and future releases) in the Q1 of 2021. We will create a separate, totally free operating system (OS) that is fully binary compatible with RHEL® 8 (and future versions). We will sponsor the development & maintenance of such OS and work on establishing a community around this OS, with the governing board from members of the community. 

Continue reading “Open-sourced & Community-driven RHEL Fork by CloudLinux OS Creators”

KernelCare+ Patches For CVE-2020-1971 Are Here

KernelCare+ Patches For CVE-2020-1971Big news from the OpenSSL team – they issued the fix for a new CVE-2020-1971 that causes servers’ disruptions via x509v3 certificate fields. The good news is that it cannot result in data theft; however, it has the ability to shut down your servers and paralyse the company’s operation flows. OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support, have not been checked and with high probability will not be addressed by the vendor.

Right now, the KernelCare Team is doing a delicate work of porting the vendor’s 1.1.1 patches to v.1.1.0 and enriching it with the live patching technology. The rebootless patches for both supported and unsupported versions of OpenSSL will be delivered in 24 hours for CentOS6, and 7 with the patches for the rest supported distributions released later this week.

Continue reading “KernelCare+ Patches For CVE-2020-1971 Are Here”

The IoT Surge And Live Patching At The Edge

The IoT surge and live patching at the edge

The Internet of Things (IoT) has been adopted by an increasing number of enterprises recently, and it has become an essential part of edge computing. IoT projects are being added to the enterprise because they can bring value to the business by adding an intelligence and automation capability in situations where it wasn’t available before. However, with the amount of personal or sensitive data being stored at the edge, you could be at risk for a data breach through devices in your network that are unpatched for long periods of time – if ever. 

Continue reading “The IoT Surge And Live Patching At The Edge”

Securing ARM-based Linux IoT Devices Requires Live-Patching the Kernel

ARM-based Linux IoT Devices Requires Live-Patching the Kernel

The IoT is an integral part of many network infrastructures and a feature of everyday life for consumers. On the enterprise level, there are smart buildings, public utilities, and smart factories that rely upon online connectivity to operate smoothly via a network of physical nodes. Companies invest trillions of dollars in IoT tech to develop the most cutting-edge technologies and meet future economic challenges.

Continue reading “Securing ARM-based Linux IoT Devices Requires Live-Patching the Kernel”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching