ClickCease Linux & Open Source News | TuxCare
Google uncovers severe security flaws in Samsung’s Exynos chips

Google uncovers severe security flaws in Samsung’s Exynos chips

Google’s Project Zero has discovered 18 zero-day vulnerabilities in Samsung’s Exynos chips, which attackers could use to completely compromise a phone without the user’s knowledge....

New Variant of IceFire Ransomware Discovered in Linux

New Variant of IceFire Ransomware Discovered in Linux

A new variant of IceFire ransomware has been discovered that targets Linux systems. In the past, it has been found to target Windows only. This...

Cybersecurity

The Importance of Cybersecurity Training for Public Sector Organizations

Cybersecurity threats are ever present and government organizations face unique challenges in securing the sensitive information of citizens. As workers with limited technology training become...

ReliaQuest detects security incident caused by QBot banking trojan

ReliaQuest detects security incident caused by QBot banking trojan

ReliaQuest has discovered a security incident caused by the QBot banking trojan in a client’s environment. A threat actor gained access to the network via...

New Ultimatum of Docker can Impact Open-source Projects

New Ultimatum of Docker can Impact Open-source Projects

Docker is a popular open-source containerization platform that helps to create, deploy, and manage applications in a containerized environment. Recently, concerns have been raised in...

patching

Ambivalent about Patching? Here’s All the Evidence in One Place

Sometimes getting 101’s right comes down to how seriously you take the issue – whether it’s given the right level of priority. Take health 101’s:...

Offensive Security unveils Kali Linux 2023.1

Offensive Security unveils Kali Linux 2023.1

Offensive Security has announced the release of Kali Linux 2023.1, marking the 10th anniversary of the project. The latest version of the distribution includes a...

Linux Networking Drivers Development Affected by Sanctions

Linux Kernel Networking Drivers Development Affected by Russian Sanctions

The sanctions imposed on the Russian government and its defense industry have caused some interesting issues in the open-source community. The conflict between Russia and...

IoT in Manufacturing

The Benefits of IoT in Manufacturing Facilities and How to Secure It

IoT in manufacturing and production industries enables higher levels of automation, data collection, and efficiency, so it’s no surprise that IoT empowers manufacturers tremendously.  In...

Adobe Acrobat Sign used to distribute malware

Adobe Acrobat Sign used to distribute malware

Cybercriminals have found a new way to distribute info-stealing malware to unsuspecting users by abusing Adobe Acrobat Sign, a popular online document signing service. Avast...

New Ubuntu Desktop with Flatpak Preinstalled

New Ubuntu Desktop with Flatpak Preinstalled

A new Ubuntu Desktop is in development that provides the usual Ubuntu experience with the addition of Flatpak preinstalled. Since Canonical announced it to not...

Red Team

What Red Teams can teach us

“No plan survives contact with the enemy” is one of the truisms of conflict. It’s somewhat (un)surprising how accurately this describes the cybersecurity posture of...

Btrfs files the short form for "B-Tree File System," is a Linux kernel-based, state-of-the-art file system

Btrfs File System: An overview

Btrfs, the short form for “B-Tree File System,” is a Linux kernel-based, state-of-the-art file system that seeks to replace the current standard ext4 file system...

Cyber hygiene in Healthcare

Maintaining Cyber Hygiene in the Healthcare Sector

Reaching an acceptable level of cyber hygiene is a challenge for all healthcare providers, hospitals, and pharmaceutical companies. Many security breaches occur with legacy systems...

Icefire ransomware targets Linux enterprise systems

Icefire ransomware targets Linux enterprise systems

Cybersecurity researchers from SentinelLabs discovered a new variant of the Icefire ransomware, with a specific focus on Linux enterprise systems. SentinelLabs was the first to...

Vanilla OS 2.0 Adopts Debian Sid, Moves Away from Ubuntu

Vanilla OS 2.0 Adopts Debian Sid, Moves Away from Ubuntu

Vanilla OS 2.0 had been using Ubuntu from its early development stages, but now it is all set to shift to Debian Sid. Vanilla OS...

CI/CD

Everything You Need to Know about CI/CD Tools

The core reason why organizations utilize CI/CD is that they’re supremely beneficial for system administration, live patching, or patch management, as well as testing code...

Former TikTok worker says company’s data protection plan flawed

Former TikTok employee claims company’s data protection plan is flawed

A former TikTok risk manager has met with congressional investigators to express his concerns that the company’s plan for protecting user data in the United...

At least one open-source vulnerability found in 84% of code bases

At least one open-source vulnerability found in 84% of code bases

In the current scenario where almost all software uses open-source code, at least one known open-source vulnerability was detected in 84% of them. The researchers...

Heartbleed

Why your servers can still suffer from (a) Heartbleed – and what to do

It’s been about a decade since the discovery of Heartbleed, a dangerous OpenSSL exploit that affected millions of systems – and a vulnerability that made...

Palo Alto’s Unit 42 discovers new GoBruteforcer malware

Palo Alto’s Unit 42 discovers new GoBruteforcer malware

Palo Alto Networks’ Unit42 researchers have discovered a new GoBruteforcer malware that targets phpMyAdmin, MySQL, FTP, and Postgres. The newly discovered Golang-based botnet malware seeks...

Critical Kernel Vulnerabilities Lead to System Crash

Critical Kernel Vulnerabilities Lead to System Crash

Several critical vulnerabilities were detected in the Linux kernel that could cause a denial of service (DoS), possibly execute arbitrary code, and leak sensitive information....

Buffer overflow attacks

Identify, mitigate & prevent buffer overflow attacks on your systems

Buffer overflow vulnerabilities are still a common route by which cyber criminals get illegal access to computer systems. It’s a growing problem too as there...

Attacker targets security researchers with spear-phishing attacks

Attacker targets security researchers with spear-phishing attacks

According to cybersecurity firm Mandiant, a North Korean espionage group known as UNC2970 has been carrying out spear-phishing attacks against media and technology organizations in...

First Linux Kernel 6.3 Release Candidate Announced

First Linux Kernel 6.3 Release Candidate Announced

Linux Torvalds announced the first release candidate for Linux Kernel 6.3 on March 14, 2023. This kernel release candidate officially starts the testing phase for...

exploit

Reduced Time to Exploit Is a Threat – What You Can Do

We need an opportunity to achieve our cybersecurity goals. The tighter this window, the harder it becomes to do our cybersecurity jobs. Recent reports stating...

TuxCare

TuxCare KernelCare Enterprise Wins Gold in 2023 Cybersecurity Excellence Awards

PALO ALTO, Calif. – March 21, 2023 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it received top honors in this...

Malware targets SonicWall SMA 100 Series appliances

Malware targets SonicWall SMA 100 Series appliances

Mandiant researchers have discovered a malware campaign that targets SonicWall SMA 100 Series appliances and is thought to have originated in China. The malware was...

How To Recover Lost And Deleted Data In Linux As A Consequence Of Unpatched Software.

How To Recover Lost And Deleted Data In Linux As A Consequence Of Unpatched Software

You don’t need to be a Linux mastermind to recover lost and deleted data in Linux. With the right know-how, you can recover both, and...

Two buffer overflow vulnerabilities in the Trusted Platform Module (TPM) 2.0 specification could allow attackers gain access to vital data.

Two buffer overflow vulnerabilities uncovered in TPM 2.0

Two buffer overflow vulnerabilities in the Trusted Platform Module (TPM) 2.0 specification could allow attackers to access or replace sensitive data such as cryptographic keys....

Latest Ubuntu Linux Kernel Security Updates Address 17 Vulnerabilities

Latest Ubuntu Linux Kernel Security Updates Address 17 Vulnerabilities

Canonical has released new Linux kernel security updates that address 17 vulnerabilities affecting Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS systems running Linux...

Lucky Mouse has created a Linux version of the malware called SysUpdate, increasing its ability to attack devices that use the OS.

Lucky Mouse creates Linux version of SysUpdate malware

Lucky Mouse, a cyber threat group, has created a Linux version of the malware called SysUpdate, increasing its ability to attack devices that use the...

CISA Releases Decider Tool To Assist ATT&CK Mapping

CISA Releases Decider Tool To Assist ATT&CK Mapping

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a free and open-source tool called Decider to assist defenders in mapping adversary behavior to...

patch management

Everything You Need To Know About Patch Management Best Practices

It’s crucial for organizations to adopt patch management best practices to keep their systems as secure as possible. I’ll be walking you through the importance...

Brave launches AI summarizer to bolster search results

Brave launches AI summarizer to bolster search results

Brave Search now includes Summarizer, an AI-powered tool that provides a summarized answer to an inputted question before the rest of the search results. It...

flatpak by default

Ubuntu Flavors to Stop Including Flatpak by Default

Recently, Canonical announced that all Ubuntu Flavors would not include Flatpak by default. Flatpak was introduced to Ubuntu several years ago with the goal of...

attack

Remote code execution attack: what it is, how to protect your systems

Cybercriminals use a range of strategies to target vulnerable systems – and remote code execution (RCE) attacks are one of the most common strategies. Indeed,...

FBI, CISA and HHS warns of Royal ransomware gang attacks

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a new ransomware gang known as Royal ransomware. The ransomware...

700+ Malicious Open-Source Packages Discovered in npm and PyPI

700+ Malicious Open-Source Packages Discovered in npm and PyPI

Security researchers have discovered 700+ malicious open-source packages in npm and PyPI. npm and PyPI are among the most widely used software repositories globally by...

Linux Kernel

Bad Reasons to Update Your Linux Kernel

Freshen up with something new and improved – if it’s as simple as applying a software update…. well, why not? That’s a tempting argument to...

Biden to hold companies responsible for poor cybersecurity

Biden to hold companies responsible for poor cybersecurity

In an effort to shift the burden of defending U.S. cyberspace away from small organizations and individuals, the Biden Administration is pushing for new regulations...

AI Cybersecurity

AI and the Cybersecurity Landscape

There have been countless articles posted about the new AI chat bots in the past few months, and, since those bots became available to the...

Trellix uncovers new privilege escalation bug on MacOS and iOS

Trellix uncovers new privilege escalation bug on MacOS and iOS

The Trellix Advanced Research Center (TARC) has discovered a new type of privilege escalation bug on MacOS and iOS. These bugs could potentially allow attackers...

Elektrobit launches EB corbos Linux built on Ubuntu for automotive

Elektrobit launches EB corbos Linux built on Ubuntu for automotive

Elektrobit and Canonical announced the partnership on October 27, 2022, to lead the path toward a new era of software-defined vehicles. After some months of...

end of life

The Risks of Running an End Of Life OS – And How To Manage It

It’s impossible to avoid change in technology – by definition, technology always moves forward. And that’s generally great news, but keeping up with the changes...

Microsoft recently issued a new security advisory urging Exchange Server administrators to remove certain antivirus software exclusions

Microsoft urges Exchange Admins to remove some antivirus exclusions

Microsoft recently issued a new security advisory urging Exchange Server administrators to remove certain antivirus software exclusions that could expose systems to attacks. According to...

KDE releases Plasma 5.27 and GNOME 44 enters beta

KDE releases Plasma 5.27 and GNOME 44 enters beta

KDE Plasma is a popular desktop environment that allows users to interact with their computers through a graphical interface. It is widely used on Linux-based...

patching Infrastructure

State Actors May Be Targeting Your Infrastructure: Is Your Patching Up to Scratch?

Infrastructure is at the core of any business – whether it’s a pipeline for liquids, a data center, or the development process you’ve taken years...

Google patches RCE bug

Google patches RCE bug

Google has uncovered a critical Remote Code Execution (RCE) vulnerability in Chrome that could allow attackers to take control of affected systems. Users who are...

Real-time Ubuntu 22.04 LTS is now generally available

Real-time Ubuntu 22.04 LTS is now generally available

Real-time Ubuntu offers secure and reliable solutions for time-sensitive workloads in modern enterprises. By including real-time computing support, Canonical showcases its dedication to providing the...

Unpatched flaws in Fortinet and Zoho products exploited by attackers

Unpatched flaws in Fortinet and Zoho products exploited by attackers

Cybercriminals are exploiting unpatched vulnerabilities in Fortinet and Zoho products, leaving many organizations vulnerable. According to a Check Point Research report, attackers have been exploiting...

Linux Kernel 6.2 is Now Available

Linux Kernel 6.2 is Now Available: Check Out What’s New

Linux 6.2 is the major kernel update of the year 2023 with some new exciting features. It undergoes a range of updates and improvements, such...

Attackers uses pirated software to deliver malware onto Macs

Attackers uses pirated software to deliver malware onto Macs

Cybercriminals are now delivering stealthy malware onto Macs using pirated versions of the video editing software Final Cut Pro. This is a concerning trend because...

patching

Which Matters More: Perimeter Security or (Live) Patching?

If you have limited resources, what should you do first: make your systems more tamper proof by patching where and when you can, or ensure...

Miral malware targets Linux servers and IoT devices

Mirai malware targets Linux servers and IoT devices

Unit 42 researchers discovered “Mirai v3g4”, a new variant of the Mirai botnet that targets 13 unpatched vulnerabilities in Internet of Things (IoT) devices. The...

Proxmox VE

What is Proxmox VE – and Why You Should Live Patch It

Proxmox VE is an open-source platform for server virtualization that offers robust capabilities for managing both KVM (Kernel-based Virtual Machine) hypervisors and Linux Containers (LXC)....

CISA warns of zero-day exploits of Windows and iOS bugs

CISA warns of zero-day exploits of Windows and iOS bugs

Threat actors are actively exploiting two zero-day vulnerabilities in Windows and iOS, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The first flaw,...

Arch64

Stack unwinding in AArch64 processors: what is it and how it works

KernelCare Enterprise’s Linux kernel live patching software has supported ARMv8 (AArch64) in addition to x86_64 (Intel IA32/AMD AMD64) for some time now. However, to get...

Group-IB uncovers SideWinder APT plot to steal Crypto

Group-IB uncovers SideWinder APT plot to steal Crypto

Group-IB recently discovered a new phishing campaign believed to be the work of the notorious Chinese state-sponsored hacking group, Sidewinder. The attacks, which began in...

QEMU

Understanding, Using, and Patching QEMU

No matter which tech stack you depend on, you can be sure it’s composed of plenty of building blocks – lots of moving parts stacked...

RCE vulnerability found in ClamAV Open Source antivirus software

RCE vulnerability found in ClamAV open-source antivirus software

A critical Remote Code Execution (RCE) vulnerability in a popular software library used by a wide range of applications has been discovered by researchers. The...

Denial of Service

Fighting Denial-of-Service at the Source

Denial of Service (DoS) attacks are a special type of cybersecurity threat. The attacker does not need to hack your systems or find a gap...

New Modicon PLC vulnerabilities uncovered by researchers

New Modicon PLC vulnerabilities uncovered by researchers

Forescout researchers discovered two new vulnerabilities in Schneider Electric’s Modicon programmable logic controllers (PLCs), which could allow for authentication bypass and remote code execution. The...

API live patch

Automating Your Live Patch Management with APIs

KernelCare Enterprise enables organizations to rapidly patch Linux kernel and critical userspace library vulnerabilities on enterprise Linux environments without requiring kernel restarts or system downtime....

A new phishing campaign dubbed "NewsPenguin" has been targeting Pakistan's military-industrial complex for months.

NewsPenguin phishing attack targets maritime and military secrets

According to Blackberry researchers, a new phishing campaign dubbed “NewsPenguin” has been targeting Pakistan’s military-industrial complex for months, using an advanced malware tool to steal...

Live patching

Why You Should Include Live Patching in Your IT Services Workflow

Managed services providers (MSPs) face several challenges that can affect their ability to deliver high-quality service. Keeping up with rapidly evolving technology is one challenge...

Microsoft to retire Support Diagnostic Tool MSDT in 2025

Microsoft to retire Support Diagnostic Tool MSDT in 2025

Microsoft has announced that its support diagnostic tool, MSDT, will be phased out by 2025. The Windows Diagnostic Data Viewer (DDV) application will replace the...

KernalCare Enterprise Vulnerabilities

New OpenSSL Vulnerabilities Addressed by KernelCare Enterprise

Patches for recently discovered OpenSSL vulnerabilities are already available through TuxCare’s KernelCare Enterprise, which, for some distributions, we’ve released before the vendor-supplied updates have been...

Dota 2 high severity flaw exploited in game mode

Dota 2 high severity flaw exploited in game mode

A game mode in Dota 2 exploited a high-severity vulnerability, allowing attackers to remotely execute code on the targeted system. The flaw was discovered in...

downtime

Minimizing Database Downtime

Keeping databases patched with the latest security updates is essential for organizations to protect their data. Unpatched database systems can lead to exploits against core...

New phishing campaign uses screenshot to deliver malware

New phishing campaign uses screenshot to deliver malware

Proofpoint Threat Research researchers have discovered a new phishing campaign that employs screenshots to deliver malware payload to unsuspecting victims. The attacker sends an email...

AlmaLinux

An Update on AlmaLinux Since Its Launch (and Introducing AlmaCare)

TuxCare was there with you right at the start of the CentOS crisis, just as Red Hat suddenly pulled the rug from one of the...

New obfuscated malware targets sensitive data

New obfuscated malware targets sensitive data

Researchers have discovered a new type of obfuscated malware that is specifically designed to steal sensitive data from victims’ computers. Malware is distributed through phishing...

CentOS-8

CentOS-8 is End of Life. What Comes Next?

With Centos-8 EOL, open-source communities of enterprise users and web hosts now face a great amount of risk. But, extended lifecycle support solutions can buy...

Firebrick Ostrich uses open-source tactics to launch cyberattacks

Firebrick Ostrich uses open-source tactics to launch cyberattacks

Abnormal Security discovered a new business email attack threat actor known as “Firebrick Ostrich” performing Business email compromise (BEC) on a near-industrial scale. It also...

W4SP Stealer

W4SP Stealer: Why Discord Malware Could Already Be in Your Python Code

We first reported on W4SP Stealer in November in response to widespread news of a new Python supply chain attack. Unfortunately, as it so often...

Unpatched QNAP storage devices exposed to ransomware

Unpatched QNAP storage devices exposed to ransomware

Censys, a security firm, has warned that up to 29,000 network storage devices manufactured by Taiwan-based QNAP are vulnerable to easily executed SQL injection attacks,...

SDLC

How Live Patching Can Help Secure The SDLC

Agile methodologies, cloud computing, and automation tools allow software development teams to work faster and more efficiently. They emphasize fast iteration and continuous delivery, enabling...

Lazarus launches attacks on medical and energy industries

Lazarus launches attacks on medical and energy industries

A Lazarus Group cyberattack is targeting the medical research and energy industries, and their supply chain partners, through exploiting known vulnerabilities found in unpatched Zimbra...

live patching

Explaining the Value of Live Patching To Non-Technical Stakeholders

Ever been in a position where you needed to validate an important technical purchase to a group of executives who just didn’t understand what value...

Atlassian resolves critical security vulnerability 

Atlassian resolves critical security vulnerability 

Atlassian has addressed a serious security vulnerability in its Jira Service Management Server and Data Center that could have allowed an attacker to impersonate another...

compliance

The Dilemmas of FIPS 140-3 Compliance

FIPS 140-3 is a standard issued by the National Institute of Standards and Technology (NIST) that aims to provide a consistent and secure method for...

ESXiArgs ransomware targets unpatched VMware ESXi servers

ESXiArgs ransomware targets unpatched VMware ESXi servers

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) have warned of a new ransomware attack named ESXiArgs that is targeting VMware ESXi...

patch deployment

Musings About Patch Deployment Time

Organizations will often try to patch their systems “on time” in order to be secure from new threats. In this context, “on time” will mean...

Threat actors targets Bitwarden via Google Ads

Threat actors targets Bitwarden via Google Ads

Threat actors are targeting Bitwarden through Google ads phishing campaigns in order to steal users’ password vault credentials. A spoof version of Bitwarden was expertly...

Linux Lifecycle

Long Live the Distro: The Benefits of a Longer Linux Lifecycle

In the world of Linux distributions, or “distros,” the lifecycle of a distribution refers to the period during which the distribution receives security updates and...

KillNet threat group uses DDoS against German agencies

Killnet threat group uses DDoS against German agencies

DDoS attacks on German airports, banks, and government agencies have been blamed on Killnet, a self-proclaimed Russian hacktivist group. DDoS is a distributed denial-of-service (DDoS)...

TuxCare

TuxCare Launches AlmaCare to Provide Unique Support Services and Compliance Capabilities for AlmaLinux OS

PALO ALTO, Calif. – February 8, 2023 – TuxCare,, a division of CloudLinux Inc, the main sponsoring company of the AlmaLinux OS Project, today announced...

Treliix fixes 62,000 open-source projects vulnerable to a 15-year-old flaw

Treliix fixes 62,000 open-source projects vulnerable to a 15-year-old flaw

According to the Trellix research team, they patched nearly 62,000 open-source projects that were vulnerable to a 15-year-old path traversal vulnerability in the Python programming...

vulnerability

Cloud Patching Can Prevent A Vulnerability From Being Exploited In The Future

There is one vulnerability exploited every 2 hours and attackers can cause significant disruption, downtime, and revenue loss. Before divulging into the cloud patching know-how,...

Researchers uncovers PlugX malware infection process

Researchers uncovers PlugX malware infection process

Palo Alto Networks Unit 42 security researchers investigated a PlugX malware variant that can hide malicious files on removable USB devices and then infect the...

Researchers release exploit for Microsoft critical bug

Researchers release exploit for Microsoft critical bug

Akamai researchers have published a proof-of-concept (PoC) for a vulnerability in a Microsoft tool that enables the Windows application development interface to deal with cryptography....

TuxCare

TuxCare KernelCare Enterprise Integrated with orcharhino Data Center Lifecycle Management Solution

PALO ALTO, Calif. – February 3, 2023 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced that its KernelCare Enterprise Live Patching...

EmojiDeploy bug allows RCE in Microsoft Azure services

EmojiDeploy bug allows RCE in Microsoft Azure services

Ermetic researchers discovered EmojiDeploy, a cross-site request forgery (CSRF) bug in Microsoft Azure services that could allow attackers to remotely execute code on affected systems....

Patched Fortinet flaw still being exploited by Chinese hackers

Patched Fortinet flaw still being exploited by Chinese hackers

Chinese hackers were discovered using a recently discovered flaw in Fortinet’s FortiOS software as a zero-day vulnerability to distribute malware. CVE-2022-42475 (CVSS score of 9.8)...

Kaspersky reports Wroba.o to Google for DNS hijacking

Kaspersky reports Wroba.o to Google for DNS hijacking

Kaspersky has discovered a new malicious app known as Wroba.o that uses DNS hijacking to steal victims’ personal and financial information. The app, discovered in...

New hook malware for Android discovered by researchers 

New Hook malware for Android discovered by researchers 

ThreatFabric cybersecurity researchers have discovered a new type of Android malware known as ‘Hook.’ Hackers can use the malware to gain remote control of an...

End of life

Strategies for Managing End-of-Life Operating System

End-of-life software is just a fact of our fast-paced technology life. Tech teams know that they need to manage the software lifecycle. Teams also know...

How GPT models can be used to create Polymorphic malware

How GPT models can be used to create Polymorphic malware

According to CyberArk researchers, GPT-based models like ChatGPT can be used to create polymorphic malware because they can generate large amounts of unique and varied...

Kpatch

Developer Tutorial: Live patching Debian 10 Linux kernel with Kpatch

Live patching is a method of updating a Linux kernel without restarting the kernel – and therefore without the need to reboot the machine. Live...

Attackers actively exploit Unpatched Control Web Panel

Attackers actively exploit Unpatched Control Web Panel

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in unpatched versions of the Control Web Panel, a popular free, closed-source web-hosting interface. The vulnerability...

standards

Which Cybersecurity Compliance Standards Apply to Financial Services Organizations?

Regulations and standards guide companies toward a consistent cybersecurity response. Even if it sets just a minimal baseline, rulebooks still serve as an improvement on...

Attackers distribute malware via malicious JARs and Polyglot Files

Attackers distribute malware via malicious JARs and Polyglot Files

Deep Instinct researchers reported that RATs like StrRAT and Ratty were used in a 2022 campaign via polyglot and JAR files. Both threats appear to...

cybersecurity

Cybersecurity Up in the Air

On a fictional tv show that started airing last year, a spy fell out of grace by forgetting some classified intelligence papers on a public...

CircleCI partners AWS to revoke keys affected by security incident

CircleCI partners AWS to identify and revoke keys affected by a security incident

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with Amazon Web Services to notify customers who have AWS tokens that may have been impacted...

live patching

How Live Patching Helps You Achieve Five Nines

Anyone that’s committed to a five-nines mandate will dread the idea of a cybersecurity breach. It’s a fast way to lose service continuity and it...

Cisco warns of authentication bypass vulnerabilities in routers

Cisco warns of authentication bypass vulnerabilities in routers

A remote attacker could exploit multiple vulnerabilities in four Cisco small business routers to bypass authentication or execute arbitrary commands on an affected device. The...

kernel

How to Apply Linux Kernel Security Patches: 3 Different Ways (2023)

Linux kernel updates are a fact of life. They are as dull as taxes and about as fun as going to the dentist. But sysadmins...

IceID malware infiltrates Active Directory Domain

IceID malware infiltrates Active Directory Domain

In a notable IcedID malware attack, the assailant impacted the Active Directory domain of the victim in less than 24 hours, transiting from initial infection...

Linux Patch

The Ultimate Guide to Linux Patch Management

System administrators that work in enterprise environments know that patching is practically a full-time job. Consider the effort involved in patching just one system: a...

Bitdefender releases decryptor for MegaCortex ransomware

Bitdefender releases decryptor for MegaCortex ransomware

Bitdefender experts have created a universal decryptor for victims of the MegaCortex ransomware family. MegaCortex has been in use since at least January 2019, and...

OEM Partner Program

TuxCare Unveils OEM Partner Program for Best-in-Class Vulnerability Patching

PALO ALTO, Calif. – January 19, 2023 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced the launch of its TuxCare OEM...

Cybernews researchers use ChatGPT to hack website

Cybernews researchers use ChatGPT to hack website

The Cybernews research team observed that the AI-powered chatbot ChatGPT can provide step-by-step directions on how to hack websites. When the researchers asked the AI...

universities

Modernizing Vulnerability Management at Higher Education Institutions

Colleges and universities are heavily targeted by cybercriminals that seek to exploit vulnerabilities and trick staff members to infect systems with malware, spyware, and ransomware....

Zoho patches high-severity SQL injection flaw

Zoho patches high-severity SQL injection flaw

Zoho says it has patched several ManageEngine products for a newly disclosed high-severity SQL injection flaw. CVE-2022-47523 is a SQL injection (SQLi) vulnerability in ManageEngine...

TuxCare

Think You Can’t Afford Consistent Patching? Try TuxCare Instead

Look, everyone knows that it’s a tough act. Thousands of CVEs are added to the list every month – all in the context of a...

Qualcomm, Lenovo issues numerous patches to address flaws

Qualcomm, Lenovo issues numerous patches to address security flaws

Qualcomm and Lenovo have issued patches to address a number of security flaws in their chipsets, some of which could result in data leakage and...

Government cybersecurity

Common Government Cybersecurity Standards – And What to Do to Comply

The public sector, including state and federal agencies, are at just as much risk of cyberattacks as the private sector. Yet, in terms of technology...

Dridex malware targets Mac users

Dridex malware targets Mac users

Dridex, a Windows-focused banking trojan that has since expanded its capabilities to include information theft and botnet capabilities, is now targeting Macs via email attachments...

Flaw allow attackers to bypass Kyverno Signature verification

High severity flaw allow attackers to bypass Kyverno Signature verification

According to ARMO researchers, The Kyverno admission controller for container images has a high-severity security vulnerability. Using a malicious image repository or MITM proxy, the...

PCI DSS

Tips for Meeting PCI DSS Patching Requirements

Hackers frequently target payment card industry (PCI) data. To help protect against this, compliance regimes like the PCI Data Security Standard (PCI DSS) were put...

GodFather Android banking malware steals bank details

GodFather Android banking malware steals bank details

Researchers at Cyble Research & Intelligence Labs (CRIL) have discovered GodFather malware, a new version of the Android banking Trojan. This malware has infiltrated over...

cybersecurity insurance

Cybersecurity Insurance’s Usefulness Questioned Yet Again

Cybersecurity insurance policies are considered by many to be a last resort safety net that, when things go wrong in a terrible way, provides at...

CISA warns of TIBCO software’s JasperReports vulnerabilities

CISA warns of TIBCO software’s JasperReports vulnerabilities

The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two-year-old security flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9),...

ICS/ OT security

What Does the Florida Water Supply Incident Tell Us About ICS/OT security?

It’s the making of a horror film: a cyberattack that tampers with the water supply of a city and poisons the residents. It nearly happened...

MasquerAds: the malware campaign defrauding Google Ads

MasquerAds: The malware campaign defrauding Google Ads

According to a Guardio Labs report, “MasquerAds” malware targets organizations, GPUs, and Crypto Wallets by using the Google Ads platform to spread malware to users...

cybersecurity defense trends

Top Cybersecurity Defense Trends For 2023

As expected, 2022 was a tough year for cybersecurity, with one headline-grabbing cyberattack after another – and there are no signs that 2023 will go...

Linux backdoor malware infects WordPress-powered websites

Linux backdoor malware infects WordPress-powered websites

Dr. Web has discovered Linux.BackDoor.WordPressExploit.1, a website hacking tool based on the WordPress CMS. It takes advantage of 30 vulnerabilities in various plugins and themes...

MSSPs

How MSSPs Can Shake Up Their Patching Approach

To meet organizational requirements, compliance mandates, and regulatory requirements, Managed Security Service Providers (MSSPs) have a vulnerability patching approach available to them that they may...

Vice Society

Vice Society using custom ransomware with new encryption algorithms

SentinelOne researchers discovered that the Vice Society group has released PolyVice, a custom ransomware that employs a reliable encryption scheme based on the NTRUEncrypt and...

live patching

Automation of Live Patching through Python Scripts

As one of the most popular scripting languages for a variety of applications, Python also offers incredibly valuable functionality when it comes to automated live...

Okta records theft of source code repositories

Okta records theft of source code repositories

Okta has revealed that a malicious users hacked and replicated its source code repositories on GitHub earlier this month, after previously reporting a compromise carried...

compliance

Live Patching Your Way to Compliance

The National Institute of Standards and Technology (NIST) advised organizations, including healthcare, federal/state government, and financial services providers, to deploy software updates through enterprise patch...

Microsoft explains Zerobot Malware’s new features

Microsoft explains Zerobot malware’s new features

According to Microsoft, Zerobot, a one-of-a-kind botnet written in Go and distributed via IoT and web application vulnerabilities, has added new features and infection mechanisms....

bugs

The Bugs Behind the Vulnerabilities Part 3

This is part three of our five-part blog series exploring the code bugs that lead to the vulnerabilities showing up every day. In this part,...

Vulnerabilities found in Ghost Newsletter system

Vulnerabilities found in Ghost Newsletter system

According to Cisco Talos, two vulnerabilities in the Ghost CMS newsletter subscription system, CVE-2022-41654, and CVE-2022-41697, exist in the newsletter subscription functionality of Ghost Foundation...

Worried About CX Scores? Get Easy Wins with Live Patching

Retention rates, NPS, customer score… if you work in the IT department of a telecoms company or any client-facing team, you’ll know all about the...

Xfinity accounts breached despite 2FA

Xfinity accounts breached despite 2FA

In an extensive two-factor authentication bypass campaign, multiple Comcast Xfinity email accounts were hacked, and the disrupted accounts were used to reset passwords for other...

Third-Party application

How Can Third-Party Application Patching Minimize Risks?

Did you know that 75% of cybersecurity threats occur due to the vulnerabilities present in third-party applications? In this blog, we’ll be discussing how patch...

DevOps

Patching for DevOps and Agile Made Easy

Understanding the relationship between development operations (DevOps) and the agile software development (Scrum) framework is critical for organizations to create a secure, rapid application development...

Eufy under fire for camera upload scandal

Eufy under fire for camera upload scandal

Eufy, an Anker security camera brand, has been under fire for quite some time due to security concerns about uploaded footage, which it recently admitted....

Linux Kernel

New Linux Kernel Functionality Equals New Attack Surface

The Linux Kernel has grown in scope and functionality over the years. New schedulers, new drivers, new filesystems, new communication protocols, new security holes… oh,...

Attackers distribute QBot malware using HTML smuggling

Attackers distribute QBot malware using HTML smuggling

Talos researchers recently uncovered a phishing campaign that uses Scalable Vector Graphics (SVG) images embedded in HTML email attachments to distribute QBot malware. Basically, when...

NIST

What We Know So Far About the NIST Cybersecurity Framework 2.0

Frameworks are an effective tool in cybersecurity because of the complexity of cybersecurity challenges and because so many organizations have so little structure to their...

Google launches free vulnerability scanner

Google launches free vulnerability scanner for open-source developers

Google has launched OSV-Scanner, a free tool for open-source developers to easily access vulnerability information. It is said to include an interface to the OSV...

VMware patches three critical vulnerabilities

VMware patches three vulnerabilities during December Patch Tuesday

VMware has released patches for a number of vulnerabilities, including a virtual machine escape flaw, CVE-2022-31705, which was exploited during the GeekPwn 2022 hacking challenge,...

APT5 exploits unauthenticated remote code execution flaw

APT5 exploits unauthenticated remote code execution flaw

The U.S. National Security Agency has warned that a Chinese state-sponsored group is exploiting an unauthenticated remote code execution flaw (CVE-2022-27518) to compromise Citrix Application...

Supply chain vulnerabilities put server ecosystem at risk

Supply chain vulnerabilities put server ecosystem at risk

Eclypsium Research has identified and reported three vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. This is used by AMD, Ampere, Asrock,...

Retbleed vulneranility

An update on “Retbleed” work (Updated Dec 21, 2022)

As part of developing and testing new patches, the KernelCare team has reevaluated the impact of the Retbleed patches. We have serious concerns that the...

APT37 spread malware using Internet Explorer zero-day

APT37 spread malware to South Korea using internet explorer zero-day

Google’s Threat Analysis Group discovered APT37, also known as Scarcruft or Reaper, a North Korean-linked hacking group, exploiting a zero-day vulnerability in Internet Explorer’s JScript...

TuxCare

TuxCare Debuts Extended Lifecycle Support Service for CentOS 7

PALO ALTO, Calif. – December 21, 2022 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it now offers a new CentOS...

Patching

Why Live Patching Is a Game-Changing Cybersecurity Tool

Patching to protect systems against security vulnerabilities is at the top of the SecOps agenda. However, despite the focus on patching, it’s something that has...

Drokbk malware allegedly target American local government

Drokbk malware allegedly target American local government

According to Secureworks Counter Threat Unit researchers, the Drokbk malware has been targeting the networks of several local governments in the United States since February....

cybersecurity

6 Cybersecurity Principles to Avoid Infrastructure Catastrophe

Critical infrastructure is at the core of a functional society, supplying key utilities such as water, energy, and transport to the nation. It makes infrastructure...

ThreatFabric researchers have discovered the Zombinder service, which allows cybercriminals to easily embed malware into legitimate apps.

Zombinder malware imitates original apps to steal data

ThreatFabric researchers have discovered the Zombinder service, which allows cybercriminals to easily embed malware into legitimate apps and steal data while also wreaking havoc on...

MSP remote access tool sent via MuddyWater phishing campaign

MSP remote access tool sent via MuddyWater phishing campaign

Deep Instincts researchers have uncovered a hacker group known as MuddyWater, which has been linked to Iran’s Ministry of Intelligence and Security and typically engages...

Eufy denies claims that its cameras can be live streamed without encryption.

Eufy’s camera streams URLs offers hackers easy brute-force option

Eufy denies claims that its cameras can be live streamed without encryption. Eufy stated that it does not upload identifiable footage to the cloud from...

A number of digital certificates used by vendors such as Samsung, LG, and MediaTek have been discovered to be compromised.

Android users at risk over compromised digital vendor certificates

A number of digital certificates used by vendors such as Samsung, LG, and MediaTek have been discovered to be compromised in order to stamp approval...

Rocky Linux

TuxCare Expands KernelCare Live Patching Services to Include Rocky Linux

PALO ALTO, Calif. – December 14, 2022 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, announced it expanded its award-winning KernelCare Enterprise live...

Vedere Labs researchers recently discovered three new security flaws in a long list of flaws collectively tracked as OT:ICEFALL.

Trio of new flaws exploited to target automated industrial controllers

Vedere Labs researchers recently discovered three new security flaws in a long list of flaws collectively tracked as OT:ICEFALL. The flaws are said to affect...

MySQL high availability

Ensuring Uptime with MySQL High Availability

MySQL high availability allows companies to run databases that meet higher uptime requirements and zero data loss tolerance, which are highly sought-after goals that every...

Wiz security researchers discovered Hell's Keychain, a first-of-its-kind cloud service provider supply-chain vulnerability.

IBM Cloud Supply Chain Vulnerability Demonstrates New Threat Class

Wiz security researchers discovered Hell’s Keychain, a first-of-its-kind cloud service provider supply-chain vulnerability, in IBM Cloud Databases for PostgreSQL. This occurred while researchers were conducting...

it experts

Why IT Experts Should Reconsider Doing Things the Same Old Way

“We are in the process of digging ourselves into an anachronism by preserving practices that have no rational basis beyond their historical roots in an...

New Redis Backdoor Malware found to be exploited by hackers using Redigo

New Go-based malware target vulnerable Redis servers

Aqua Nautilus, a cloud security firm, discovered new Go-based malware that targets Redis (remote dictionary server), an open source in-memory database and cache. The attack...

Bahamut deploys fake VPN apps to steal users data

Bahamut deploys fake VPN apps to steal users data

ESET researchers discovered an ongoing campaign by the Bahamut APT group, a notorious cyber-mercenary group that has been active since 2016, that targets Android users...

digital twin deployments

How to Reduce Risk in Digital Twin Deployments

A digital twin (DT) is a virtualized representation of an actual device, and is often used in relation to operational technology (OT), industrial control system...

Windows Server updates causes LSASS memory leaks

Windows Server updates causes LSASS memory leaks

A memory leak bug on Local Security Authority Subsystem Service (LSASS), a service that allows users to manage local security, user logins, and permissions, is...

Docker hub images

1,650 malicious Docker Hub images found posing securely threats

After discovering malicious behaviors in 1,652 of 250,000 unverified Linux images publicly available on Docker Hub, security researchers have warned developers of the risks of...

Security flaws in arm´s mali GPU driver

Arm’s Mali GPU driver flaws remain unpatched on Android devices

Despite fixes released by the chipmaker, a set of five medium-severity security flaws in Arm’s Mali GPU driver have remained unpatched on Android devices such...

Live patching integration into CI/CO pipelines

Live Patching Integration into CI/CD Pipelines

Continuous integration (CI) refers to testing code changes before deployment to production. Continuous delivery (CD) is where code changes are automatically deployed to production systems...

RansomExx malware offers new features to bypass detection.

RansomExx malware offers new features to bypass detection

The APT group DefrayX has launched a new version of its RansomExx malware known as RansomExx2, a variant for Linux rewritten in the Rust programming...

Gartner IIoT

What is the Gartner IIoT Framework?

When it comes to the Industrial Internet of Things (IIoT), the legacy Purdue model no longer provides adequate levels of security projection – as newer...

DuckDuckGo launches beta version of App Tracking Protection tool

DuckDuckGo launches beta version of App Tracking Protection tool

DuckDuckGo, a privacy-focused search engine, has added an App Tracking Protection tool to its Android app, allowing users to see what personal data trackers are...

Which Linux Distro is Best for Embedded Development?

If your organization deploys IoT solutions, you know that development of embedded systems is a bit different from standard desktop development. Linux’s low cost is...

Microsoft release updates to fix Kerberos sign-in failures

Microsoft issues update to fix Kerberos sign-in failures

A few days after Microsoft acknowledged problems with Kerberos authentication that affected Windows Servers with the Domain Controller role, causing domain user sign and Remote...

Publicly exposed Amazon cloud service expose user data

Publicly exposed Amazon cloud service expose user data

Thousands of databases hosted on Amazon Web Services Relational Database Service (RDS) have been discovered to be leaking personally identifiable information, potentially providing a gold...

Attackers leverage malicious python packages to spread W4SP Stealer

Attackers leverage malicious python packages to spread W4SP Stealer

Security researchers from Checkmarx have uncovered an ongoing supply chain attack that involves spreading the malware identified as W4SP Stealer. W4SP Stealer is a discord...

faces of Patching

The Many Faces of Patching

Keeping your systems up to date can be done in many different ways, each with its own pros and cons. Some so-called “patching” methods are...

Hackers exploit DLL hijacking flaw to distribute QBot malware

Hackers exploit DLL hijacking flaw to distribute QBot malware

Attackers are using phishing tactics to spread QBot, a Windows malware that started as a banking trojan but evolved into a full-featured malware dropper. According...

Operational Technology

Why Are Operational Technology Devices No Longer Isolated?

Gone are the days of Operational Technology (OT) being distinctly separated from IT. With the need of constant monitoring and tracking of the physical assets,...

Apple patch iOS and macOS RCE vulnerabilities

Apple patch iOS and macOS RCE vulnerabilities

Apple has released security updates for iOS, iPadOS, and macOS Ventura to fix two remote code execution (RCE) vulnerabilities that allow remote or Internet attackers...

cybersecurity automation risks

What are the Risks of Cybersecurity Automation?

Cybersecurity professionals need to be aware of new threats and take action immediately so that we can minimize the risk of future incidents occurring. Much...

Worok, the malware that hides in PNG image files

Worok, the malware that hides in PNG image files

Worok malware makes the rounds by deploying multi-level malware designed to steal data and compromise high-profile victims such as government entities in the Middle East,...

what is Linux Kernel

What is Linux Kernel Live Patching?

Breakthroughs don’t often happen in cybersecurity, but when one does, it can be a real magic bullet.  Linux kernel live patching, which is the ability...

IceXLoader malware targets home and corporate users

IceXLoader malware targets home and corporate users

IceXLoader, an updated version of a malware loader, is suspected of infecting thousands of personal and enterprise Windows machines around the world. IceXLoader is a...

Patching instead of upgrading legacy OT Devices

Patching Instead of Upgrading Legacy OT Devices?

Operational technology (OT) is equipment and computer software used for analyzing utility control processes for critical infrastructure, while Industrial Control System (ICS) assets are the...

Hackers exploit security flaw in Google Pixel lock screen

Hackers exploit security flaw in Google Pixel lock screen

A security researcher, David Schütz has received a $70,000 bug bounty after he accidentally discovered a Google Pixel lock-screen bypass hack that solved a serious...

Securing the Linux Kernel Hiding Inside Your OT Hosts

Securing the Linux Kernel Hiding Inside Your OT Hosts

Operational Technology (OT) and Industrial Control Systems (ICS) technologies help ensure safety by monitoring and controlling critical operations. OT includes Supervisory Controls And Data Acquisition...

Microsoft patches Windows 0-day vulnerabilities

Microsoft patches Windows 0-day vulnerabilities

Microsoft has fixed six actively exploited Windows vulnerabilities and 68 vulnerabilities in its November 2022 Patch Tuesday. Eleven of the 68 vulnerabilities fixed are classified...

Live Patching vs Virtual Patching

Live Patching vs Virtual Patching

There are many different ways to improve upon traditional patching, so it’s easy to get confused about how each patching approach works. In the past,...

OpenSSL "critical" vulnerability is less serious than expected.

OpenSSL vulnerability feared as “critical” is less serious than expected

The long-awaited OpenSSL bug fixes to fix a critical severity security hole are available now. New OpenSSL patches have reduced the severity of the bug...

Researchers uncover 29 malicious PyPI packages targeting developers

Researchers uncover 29 malicious PyPI packages targeting developers

Threat actors are distributing malicious Python packages to the popular Python Package Index (PyPI) service, using authentic-sounding file names, and hidden imports to deceive developers...

RomCom RAT operators disguise malware as legitimate programs

RomCom RAT operators disguise malware as legitimate programs

RomCom, a threat actor, is said to be conducting a series of new attack campaigns using the brand power of SolarWinds, KeePass and PDF Technologies....

Cisco release security updates to fix severe vulnerabilities

Cisco release security updates to fix severe vulnerabilities

Cisco has released security updates to address two vulnerabilities that are classified as “high”: CVE-2022-20961 and CVE-2022-20956. The vulnerabilities affect the Cisco Identity Services Engine...

The-Bugs-Behind-the-Vulnerabilities

The Bugs Behind the Vulnerabilities Part 2

We continue to look at the code issues that cause the vulnerabilities impacting the IT world. In this installment of our five-part blog series exploring...

Researchers uncover similar tools between FIN7 and Black Basta

Researchers uncover similar tools between FIN7 and Black Basta ransomware

According to security researchers from SentinelOne, the relatively new ransomware gang called Black Basta shares tooling and possibly personnel with the notorious FIN7 hacking group....

Ksplice vs KernelCare

Ksplice vs KernelCare Enterprise: Live Patching Comparison

Not all Linux live patching solutions are created equal. In fact, many live patching solutions are quite limited. Oracle’s Ksplice is an example of a...

Researchers discover GitHub repositories with fake PoC exploits

Researchers discover thousands of GitHub repositories with fake PoC exploits

Researchers from the Leiden Institute of Advanced Computer Science have discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for vulnerabilities and...

Cisa Warns

CISA Warns of New Malware Exploiting Known Kernel Vulnerabilities

Last year, CISA created a list of vulnerabilities being actively exploited and a list of applications directly affected by those vulnerabilities. Over time, the list...

Cranefly hackers exploit Microsoft IIS to deploy malware

Cranefly hackers exploit Microsoft IIS to deploy malware

Microsoft Internet Information Services (IIS), a web server that enables hosting of websites and web applications, is being exploited by the Cranefly hacking group to...

Embedded Linux:: A Quick Beginner’s Guide

Embedded Linux: A Quick Beginner’s Guide

What Is an Embedded System?   Before diving into embedded Linux, let’s first discuss what it’s used for: embedded systems. There are embedded systems in everything:...

Enterprises Reassessing the Cloud vs On-Premises

Enterprises Reassessing the Cloud vs On-Premises

The cloud has never been about reducing costs.  In fact, even staunch cloud advocates admit it – crunching the numbers just doesn’t make sense financially...

Hackers target organizations with CIop ransomware

Hackers use Clop ransomware to target organizations infected with Raspberry Robin worm

A hacker group that is identified simply as DEV-0950 is using CIop ransomware to encrypt the network of organizations that were previously infected with the...

potential critical bugs in OpenSSL

Experts warn of potential critical bugs in OpenSSL

Major operating system vendors, software publishers, email providers and technology companies that integrate OpenSSL into their products have been asked to prepare for a possible...

Researchers uncover "high-severity" GitHub vulnerability

Researchers uncover “high-severity” GitHub vulnerability

Researchers from the Checkmarx Supply Chain Security team have discovered a “high-severity” vulnerability in GitHub. Using a technique known as Repo jacking, attackers could take...

Hackers exploit critical flaw in VMware Workspace One Access

Hackers exploit critical flaw in VMware Workspace One Access

Researchers from the cybersecurity company Fortinet have uncovered a malicious campaign in which attackers exploit a critical vulnerability in the VMware Workspace One Access to...

Automated patch management with live patching for CIS Controls compliance

Automated patch management with live patching for CIS Controls compliance

The CIS Critical Security Controls, known widely as CIS Controls, are a series of actionable cybersecurity recommendations designed to prevent common and not-so-common attacks against...

Critical flaw found in Aptos blockchain network

Critical flaw found in Aptos blockchain network

Researchers from Singapore-based Numen Cyber Labs have discovered and shared details on a vulnerability in the Move virtual machine responsible for powering the Aptos blockchain...

The real cost of firing a whole cybersecurity team

The real cost of firing a whole cybersecurity team

Content giant Patreon recently laid off its entire internal cybersecurity team. While it’s publicly known that five employees from the team were let go, the...

Venus ransomware exploit remote desktop service

Venus ransomware target publicly-exposed Remote Desktop services

A relatively new ransomware operation, identified as Venus is hacking into publicly exposed Remote Desktop services to encrypt Windows devices. According to researchers, Venus ransomware...

Fix-the-Weakest-Link-in-Cybersecurity

Is It Possible to Fix the Weakest Link in Cybersecurity?

The technology world is full of big promises, including in cybersecurity. Just think about it: how many times have you heard the promise of a...

Hackers drops CoinMiner and Quasar RAT using Emotet botnet

Hackers drops CoinMiner and Quasar RAT using Emotet botnet

Hackers are using the Emotet botnet to exploit password-protected archive files to drop CoinMiner and Quasar RAT on vulnerable devices. Based on one of the...

The Bugs Behind the Vulnerabilities - part 1

The Bugs Behind the Vulnerabilities – Part 1

It’s common to hear about new vulnerabilities and exploits, some of which even get fancy names of their own, but sometimes the details of how...

Hackers exploit new 'Text4Shell' vulnerability

Hackers exploit new ‘Text4Shell’ vulnerability

Wordfence, a WordPress security company, has uncovered attempts by hackers to exploit the new Text4Shell vulnerability. Tracked as CVE-2022-42889 the flaw was discovered in Apache...

Budworm hackers target U.S. organizations

Budworm hackers target U.S. organizations with new espionage attacks

Notorious cyber espionage group Budworm has launched deliberate attacks against a number of high-profile targets, including a U.S. state legislature, a Middle Eastern country and...

DDoS attack target Wynncraft Minecraft

Mirai botnet targets Wynncraft Minecraft with DDoS attack

Security company Cloudflare recently ended a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. The company announced the incident while pointing to...

Hackers discover a security flaw in Zimbra

Hackers compromise nearly 900 servers by exploiting a security flaw in Zimbra

Hackers are exploiting a vulnerability tracked as CVE-2022-41352 in the Zimbra Collaboration Suite (ZCS). Already, threat actors were able to hack into almost 900 servers....

Ducktail malware attack Facebook

New Ducktail malware targets Facebook accounts for data theft

Attackers are using a Windows malware called Ducktail to steal Facebook accounts, browsing data and crypto wallets. Ducktail is associated with Vietnamese hackers and relies...

Hackers hacks BNB

Hackers compromise Binance’s BNB smart chain (BSC) in $110 million hack

Hackers compromised Binance’s BNB Smart Chain (BSC) and stole an estimated USD 110 million. Hackers were able to get their hands on as much as...

Hackers impersonate zoom to steal

Attackers impersonate Zoom to steal Microsoft user data

A malicious campaign uncovered by security firm Armorblox shows that attackers manipulate Zoom to compromise Microsoft user data. In one of the incidents analyzed, more...

New Auth bypass flaw targets FortiGate and FortiProxy

New auth bypass bug targets FortiGate firewalls and FortiProxy web proxies

A Fortinet vulnerability in FortiGate firewalls and FortiProxy web proxies could allow a threat actor to perform unauthorized actions on vulnerable devices. The bug, a...

U.S. military contractor's network compromised, data stolen

U.S. military contractor’s enterprise network compromised, data stolen

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA have issued a joint report describing an intrusion into the network of...

Hackers compromise scam sites

Hackers compromise scam sites to redirect crypto transactions

According to Trend Micro researchers, a threat actor identified as ‘Water Labbu’ is hacking into cryptocurrency scam sites to inject malicious JavaScript with the aim...

Lazarus hackers exploit Dell

Lazarus hackers exploit Dell driver bug for BYOVD attacks

ESET researchers have uncovered the malicious activities of Lazarus, a North Korean hacking group that exploits a Dell hardware driver flaw for Bring Your Own...

LofyGan distributing trojanized NPM packages

LofyGang distributes 199 trojanized NPM packages to steal data

The software security company Checkmarx has uncovered the malicious activities of the threat actor LofyGang, which distributes trojanized and typosquatted packages on the NPM open...

Hackers exploit critical bitbucket

Hackers actively exploit critical Bitbucket server vulnerability in attacks, CISA warns

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Bitbucket Server RCE and two Microsoft Exchange zero-days to its list of exploited vulnerabilities....

After “Dirty Pipe”, Linux is Now Susceptible to “Dirty Creds”

After “Dirty Pipe”, Linux is Now Susceptible to “Dirty Creds”

While many were away enjoying some well-deserved R&R, security researchers, hackers wearing hats of all different colors, and intelligence agents from all over the world...

Why You Need to Embrace SecDevOps Sooner Rather Than Later

Why You Need to Embrace SecDevOps Sooner Rather Than Later

Sometimes organizations must embrace evolution in the way things are done, whether it’s because a new approach has become standard practice or because of some...

New chaos malware target multiple operating systems

Chaos malware targets multiple architectures

According to researchers from Lumen-based Black Lotus Lab, a new Chaos malware is targeting multiple architectures to spread DDoS, cryptocurrency miners, and install backdoors. The...

Malware campaign exploit Microsoft flaw

Malware campaign exploits Microsoft vulnerability to deploy Cobalt Strike

Cisco Talos researchers have uncovered a social engineering malware campaign that exploits a remote code execution flaw in Microsoft Office to apply a Cobalt Strike...

Microsoft Exchange zero-day flaws

Microsoft Exchange zero-day flaws expose 22,000 servers

Microsoft has announced that two critical vulnerabilities in its Exchange application are being exploited by attackers. The company also explained that more than 22,000 servers...

New Metador APT Target companies

New Metador APT takes aim at telecom companies, ISPs and universities

A new malware, identified as Metador, is being used by attackers to target telecommunications, internet service providers and universities on multiple continents, according to security...

Hackers compromise Github accounts

Hackers compromise GitHub accounts with fake CircleCI notification

GitHub warns that cyber attackers are compromising user accounts through a sophisticated phishing campaign. The malicious messages notify users that their CircleCI session has expired...

TuxCare Wins 2022 Merit Award for Technology

TuxCare Wins 2022 Merit Award for Technology

TuxCare is pleased to announce it was honored in this year’s inaugural Merit Awards for Technology. Recognized with a silver win in the information security...

New ramsomware tool employs

New ransomware tool uses unique tactics to corrupt data

Threat actors are now updating the data exfiltration tool Exmatter with a unique data corruption feature, which attackers could switch to perform ransomware attacks in...

Attackers exploit Sophos’ firewall code injection vulnerability

Sophos has warned that attackers are exploiting a critical code injection security vulnerability in the company’s Firewall product. The attackers are exploiting the flaw in...

Fargo ransomware target Microsoft

Hackers target Microsoft SQL servers with FARGO ransomware

Microsoft SQL servers are being targeted with FARGO ransomware according to AhbLab Security Emergency Response Center (ASEC) researchers. MS-SQL servers are considered database management systems...

webworm hackers use modified rats

Webworm hackers use Windows-based RATs for cyber espionage

A threat actor identified as Webworm is using Windows-based remote access trojans for cyber espionage. The Symantec Threat Hunter team identified cases where the attacker...

Bitdefender LockerGoga ransomware

Bitdefender free decryptor for LockerGoga ransomware will help victims recover files

Bitdefender has published a free decryptor, which is supposed to help LockerGoga ransomware victims to restore their files without having to pay a ransom. The...

Ransomware gang deploys payload

Quantum, BlackCat ransomware gangs breach organizations with Emotet botnet

According to security researchers from AdvIntel, ransomware gangs such as Quantum and BlackCat are now using the Emotet malware in attacks. Emotet started as a...

Rockstar Games confirms GTA 6 leak

Rockstar Games confirms GTA 6 leak

A hacker gained access to Rockstar Games’ internal servers and stole 3 GB worth of early GTA 6 footage, photo and source code for the...

Microsoft edge´s news feed exploited

Microsoft’s Edge news feed exploited to advance tech support scams

Security researchers at Malwarebytes have uncovered an ongoing malvertising campaign that injects ads into Microsoft’s Edge News Feed, redirecting potential victims to websites that promote...

ELS patching for Phyton

Business Value of ELS Patching for Python

Python has grown tremendously, and its impact has been remarkable. It has become one of the most popular programming languages among developers and researchers. Python...

Hackers exploit Oracle WebLogic Servers and Docker APIs

Hackers exploit Oracle WebLogic Servers and Docker APIs to mine Crypto

Cybersecurity company Trend Micro has uncovered a malware campaign in which threat actors exploit security vulnerabilities in the Oracle WebLogic Server to deliver cryptocurrency mining...

Cybersecurity: Supply chain attacks

Owner-initiated Cybersecurity Supply Chain Attacks

Supply chain attacks come in all forms and shapes. One example is taking over legitimate accounts to deploy malicious code into widely used libraries. Another...

US Seizes $30 million stolen from Lazarus hackers

U.S. Seizes $30 Million Worth of Crypto from Lazarus Hackers

Chainalysis, a U.S. company, said it had worked with the FBI to recover more than $30 million in cryptocurrency stolen from online video game maker...

KernelCare Enterprise Patches

Checking the Status of KernelCare Enterprise Patches

TuxCare’s KernelCare Enterprise provides live patches for various enterprise-grade Linux distributions. Preparing patches for each new CVE has to account for each of those distributions’...

New version Bumblebee

Bumblebee Malware Offers a new Infection Chain

A new version of the Bumblebee malware loader has been discovered by researchers. The new strain of malware offers a new chain of infection, including...

Hackers Actively Exploit WordPress Zero-day Flaw

Wordfence, a WordPress security company, has warned of a zero-day WordPress vulnerability that is now being exploited by attackers. The bug is in a WordPress...

Data exfil

Data Exfil: The New and Darker Version of Ransomware

Ransomware has become such a common threat over the last few years that companies anticipate coming face to face with an attack at some point....

Attackers use Watering Hole Attacks to Install ScanBox Keylogger

A China-based threat actor dubbed APT TA423 is carrying out waterhole attacks on domestic Australian organizations and offshore energy companies in the South China Sea...

New ‘GIFShell’ Attack Technique Exploits Microsoft Teams GIFs

A new ‘GIFShell” attack technique exploits bugs and vulnerabilities in Microsoft Teams to abuse legitimate Microsoft infrastructure, execute malicious files, execute commands, and exfiltrate data....

Prynt Stealer’s Backdoor Steals Data Stolen from Cyberattacks

A backdoor in information stealing malware, Prynt Stealer is used to steal data that is exfiltrated by other cyberattackers, according to Zscaler ThreatLabz researchers. Already,...

Common Python Applications That Are Vulnerable to Security Threats

Common Python Applications That Are Vulnerable to Security Threats

Python is a language that has experienced explosive growth since its release and is now used extensively across industries by developers with different experience levels....

Google Release Chrome Update to Fix New Zero-day Flaw

Google has released an emergency patch to fix a zero-day vulnerability exploited in the wild. Tracked as CVE-2022-3075, the zero-day flaw was discovered and reported...

Python Extended Lifecycle Support: A Deeper Look

Extended Lifecycle Support (ELS) for Python enables continued use of Python 2 applications, with timely security updates, without requiring any code refactoring or migration to...

New Ransomware hits Chile’s Windows and Linux servers

A ransomware attack that began on Thursday, August 25, involved Windows and Linux systems operated by the Chilean government agency, and the incident was verified...

Changes From Python 2 to 3 Making Code Refactoring Unavoidable

Being faced with the prospect of having to delve into old code to get it running against a new language version is one of the...

Cyberattacks Targeting Linux Users Skyrockets

Cybersecurity researchers at Trend Micro have identified a 75% leap year-over-year in the number of ransomware attacks targeting Linux users. Apart from ransomware groups, there...

Samsung Breach Leaks U.S. Customer Data

Samsung has confirmed a cyberattack on the company which led to attackers accessing some vital information belonging to attackers. The company stated in its data...

Firefox 105 Offers New Features for Linux Users

Mozilla is promoting the upcoming Firefox 105 with amazing features and the new version is now available to the beta channel for public testing, early...

Linux Patch Triggers iGPU vs. dGPU Debate

Kai-Heng Feng released a patch on Tuesday that allows users’ laptops to switch their external monitor connections to be routed via a laptop’s discrete GPU...

Linux Distributions That Offers Fast Configuration of Openbox

Openbox is the default window manager in LXDE and LXQt and is used in various Linux distributions. Many consider Openbox to be a free, stackable...

Kubuntu Focus NX Mini Linux PC Unveiled With New Features

The Kubuntu Focus team has unveiled the new Kubuntu Focus NX Mini Linux PC, which will expand the Linux hardware offering to more users. Kubuntu...

Linux 6.1 Help Users Identify Faulty CPUs

Linux Kernel 6.1 one of the latest updates to the Linux operating system provides users with a new logging system that will enable them to...

Steps to Recover Lost and Deleted Data in Linux

Losing files can generally be a painful experience, especially when it comes to a lot of vital information and Linux users are not exempted. Often,...

The Safest Browsers for Linux Users

Security remains a top priority for Linux users worldwide. Apart from security, users are interested in browsers that can guarantee privacy. especially in a world...

Linux Malware Reach All-Time High In 2022

Although Linux is the most private and secure operating system, according to AtlasVPN, it has seen an increase in malware samples. The results showed that...

241 Npm and PyPI Packages Drops Linux Cryptominers

Researchers be have uncovered at least 241 malicious Npm and PyPI packages that drop cryptominers after infecting Linux machines. These malicious packages are largely typosquats...

New Linux 5.19 Kernel Offers Major Apple Silicon Support Upgrade

Linux Torvalds, the main developer of the Linux kernel used by the Linux distribution and other operating systems such as Android, has revealed the latest...

Researchers Share Roadmap for Strengthening Linux Defenses

BlackBerry threat researchers have shared common tactics and strategies to better protect Linux systems from cyberattacks. To create a viable way to security, researchers investigated...

Malicious PyPI package installs Crytominer on Linux Systems

A malicious PyPI package identified as secretslib is used by Monero cryptominer on Linux systems. The malicious package activity was uncovered by security researchers at...

Luckymouse Takes aim at Windows, Linux Systems via Mimi Chat App

According to an advisory published by Trend Micro, the Luckymouse threat actor is said to have compromised the cross-platform messaging app MiMi to install backdoors...

New Linux exploit “Dirty Cred” revealed

Zhenpeng Lin, a PhD student, and other researchers have uncovered a new Linux Kernel exploitation called Dirty Cred. The flaw tracked as CVE-2022-2588 was unveiled...

VPN On Linux: Pros And Cons of Using VPN on Linux

Linux is an operating system just like Windows, iOS and MacOS. Android is powered by Linux OS. Operating system is basically software that controls the...

The Ultimate Guide to Linux Kernel Live Patching Software

After the Equifax data breach, which highlighted the consequences of unpatched software, administrators have the delicate task of ensuring that the latest patches are applied...

PHP Extended Lifecycle Support integration with cPanel

PHP Extended Lifecycle Support and cPanel integration

PHP is used to power a vast number of websites on the Internet, some of which will be hosted side-by-side on the same system. When...

PHP Extended Lifecycle Support: A deeper look

PHP Extended Lifecycle Support: A deeper look

PHP Extended Lifecycle Support provides security updates and versions if you’re interested in maintaining compatibility with existing PHP code while remaining secure against the latest...

CISA Warns Of UnRAR Software Flaw For Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a path traversal bug in the UnRAR utility for Linux and Unix systems to its...

PHP ELS fixes hundreds of security issues at launch

If you’re reading this blog regularly, you’ll already know that unremedied security vulnerabilities open the door to cyberattacks. You’ll also know how tough it is...

Linux Malware ‘RapperBot’ Brute-forces SSH Servers

Threat hunters at Fortinet have uncovered a new botnet called “RapperBot.” The malware, which has been in use since mid-June 2022, has targeted Linux SSH...

Phishing Attacks On Social Media Users Are On The Rise

With more than 4 billion social media users around the world, cybercriminals are more inclined than ever to target these users to make money or...

Cybersecurity insurance and fine print: why you need to take another look

Catastrophic risks such as natural disasters and indeed cyberattacks require insurance. Insurers can afford large payouts when one insured party is hit – by pooling...

KernelCare Enterprise Changelog is live!

The TuxCare team has improved the accessibility of our KernelCare Enterprise changelog. It is easier to navigate and has now been updated to provide a...

IT Automation With Live Patching

In a symphony orchestra, instruments harmonize to create one pleasing sound. Similarly, enterprise IT procedures orchestrate to introduce new systems to production, monitoring, and maintenance...

KernelCare ePortal updated – version 1.37-1 is available

We are pleased to announce that a new updated ePortal version 1.37-1 is now...

KernelCare agent update – version 2.64-1 is available

We are pleased to announce that a new updated KernelCare agent version 2.64-1 is now...

KernelCare ePortal updated – version 1.36-1 is available

We are pleased to announce that a new updated ePortal version 1.36-1 is now...

ePortal can now be hosted on Ubuntu

ePortal can now be hosted on Ubuntu

IT environments are different everywhere you look. No two companies have precisely the same needs or requirements, so it follows that no two companies will...

KernelCare agent update – version 2.63-1 is available

We are pleased to announce that a new updated KernelCare agent version 2.63-1 is now...

KernelCare ePortal updated – version 1.35-1 is available

We are pleased to announce that a new updated ePortal version 1.35-1 is now...

KernelCare agent update – version 2.62-2 is available

We are pleased to announce that a new updated KernelCare agent version 2.62-2 is now...

KernelCare ePortal updated – version 1.34-1 is available

We are pleased to announce that a new updated ePortal version 1.34-1 is now...

Monthly TuxCare Update – March 2022

Welcome to the March instalment of our monthly news round-up, bought to you by TuxCare. We’re honoured to be the Enterprise Linux industry’s trusted maintenance...

Introducing the State of Enterprise Linux Security Report

As regulations around cyber security tighten and the risks increase, have you ever wondered how your company’s IT processes rank compared to others? Are you...

KernelCare ePortal updated – version 1.33-1 is available

We are pleased to announce that a new updated ePortal version 1.33-1 is now...

“Dirty Pipes” in the Kernel

A few years ago, a vulnerability dubbed “Dirty Cow” (CVE-2016-5195) was in the spotlight for a while. It was a trivially exploitable privilege escalation path...

Key points to consider during your 7 days of KernelCare Enterprise POV

Proof of value (POV) is a key step in the buying process. It allows tech teams to test a product or service to find out...

Securing confidential research data through TuxCare live patching

The University of Zagreb’s Croatian Academic and Research Network (CARNet) faced a significant threat: like other educational institutions, its networks were under constant attack from...

KernelCare ePortal updated – version 1.32-1 is available

We are pleased to announce that a new updated ePortal version 1.32-1 is now...

Monthly TuxCare Update – February 2022

Welcome to the February instalment of our monthly news round-up, bought to you by TuxCare. We’re proud to be a trusted maintenance service provider for...

KernelCare agent update – version 2.61-1 is available

We are pleased to announce that a new updated KernelCare agent version 2.61-1 is now...

Vulnerability in netfilter code allows local privilege escalation

Many high-level technologies in the IT industry, in fact most of them, are built on top of existing features. Containers are a prime example of...

ePortal storage optimization improvement

The TuxCare Team is always looking for new ways to improve the experience provided by our products. A pain point we identified was the amount...

Dangerous remotely exploitable vulnerability found in Samba

Samba, the widely used file sharing tool, has a well-established presence, especially in mixed system environments, where file shares have to be accessed from different...

KernelCare ePortal updated – version 1.31-1 is available

We are pleased to announce that a new updated ePortal version 1.31-1 is now...

KernelCare agent update – version 2.60-2 is available

We are pleased to announce that a new updated KernelCare agent version 2.60-2 is now...

Taking a look at the role of CXO at TuxCare – and why it matters

Delivering solutions in complex technology environments means balancing many competing priorities, both internal and external. There’s always a risk that the customer experience takes a...

Monthly TuxCare Update – January 2022

Welcome to the January instalment of our monthly news round-up, bought to you by TuxCare. Proud to be a trusted maintenance service provider for the...

Using CentOS 8 and worried about LUKS? Here’s how TuxCare can help

Death, taxes, and new CVEs… those are all things we can be very certain about in life. For users of CentOS 8, the inevitable has...

KernelCare ePortal updated – version 1.30-2 is available

We are pleased to announce that a new updated ePortal version 1.30-2 is now...

CentOS 8: Why extended support is better than rushed migration

Still using CentOS 8 even though it’s now unsupported, and in spite of the obvious risks? Well, in a way it’s understandable. Red Hat took...

PwnKit, or how 12-year-old code can give root to unprivileged users

It looks like IT teams have no respite. Following all the hassles caused by log4j (and its variants), there is a new high profile, high-risk...

When migrating to CentOS Stream makes sense (and when it does not)

Just over a year ago Red Hat announced that the company is changing gears on CentOS, dropping support for the stable release of CentOS that’s...

Vice Society’s custom ransomware uses encryption algorithms

Vice Society using custom ransomware with new encryption algorithms

SentinelOne researchers discovered that the Vice Society group has released PolyVice, a custom ransomware that employs a reliable encryption scheme based on the NTRUEncrypt and...

MTTP

Struggling with MTTP? Check Out Live Patching

In cybersecurity, metrics provide a way to measure cybersecurity performance and point to how successfully you’re defending your technology assets. Mean time to patch, or...

Monthly TuxCare Update – December 2021

Welcome to the December installment of our monthly news round-up, bought to you by TuxCare. We’re proud to be the Enterprise Linux industry’s trusted maintenance...

CentOS 6 ELS: vim package gradual rollout completed

A new updated vim package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: binutils package gradual rollout completed

A new updated binutils package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

Extended Lifecycle Support update for binutils covers 92 CVEs

GNU Binutils is one of the fundamental packages in a development environment – it includes several different tools for manipulating ELF files, object files, and...

CVE-2021-45078 identified by TuxCare’s Extended Lifecycle Support Team

While backporting fixes for the binutils package for older Linux distributions covered by Extended Lifecycle Support, the team identified a vulnerability in the way CVE-2018-12699...

UBUNTU 16.04 ELS: exim package released

A new updated exim package within Ubuntu 16.04 ELS is now available for download from our production...

KernelCare ePortal updated – version 1.29-1 is available

We are pleased to announce that a new updated ePortal version 1.29-1 is now...

CentOS 6 ELS: nss package gradual rollout completed

A new updated nss package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

How Ransomware can ruin Christmas for IT Teams

If you ask a sysadmin what annoys him or her the most about their job, chances are pretty high that you’ll get, in no particular...

OracleLinux 6 ELS: binutils package released

A new updated binutils package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: binutils package gradual rollout

A new updated binutils package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

UBUNTU 16.04 ELS: vim package released

A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: nss package released

A new updated nss package within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: vim package released

A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: vim package gradual rollout

A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

Linux Kernel CVE Data Analysis (updated)

If you’re interested in Linux security, kernel vulnerabilities or simply have some spare time to run some tests, this article is for you. In it,...

How(and why) a TuxCare team member contributes to open-source software

In some of our previous articles, we’ve covered the closely integrated relationship between open-source software – which is essentially free – and the commercial organizations...

OracleLinux 6 ELS: nss package released

A new updated nss package within OracleLinux OS 6 ELS is now available for download from our production...

UBUNTU 16.04 ELS: python3.5 package released

A new updated python3.5 package within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: openssh package released

A new updated openssh package within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: busybox package released

A new updated busybox package within Ubuntu 16.04 ELS is now available for download from our production...

CentOS 6 ELS: nss package gradual rollout

A new updated nss package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: vim package gradual rollout completed

A new updated vim package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: openldap package gradual rollout completed

A new updated openldap package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: binutils package gradual rollout completed

A new updated binutils package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

KernelCare ePortal updated – version 1.28-1 is available

We are pleased to announce that a new updated ePortal version 1.28-1 is now...

Monthly TuxCare Update – November 2021

Welcome to the November installment of our monthly news round-up, bought to you by TuxCare. We are the Enterprise Linux industry’s trusted maintenance services provider....

UBUNTU 16.04 ELS: kernel released

A new Ubuntu 16.04 kernel within ELS is now available for download from our production...

KernelCare agent update – version 2.59 available

We are pleased to announce that a new updated KernelCare agent version 2.59-1 is now...

CentOS 6 ELS: binutils package gradual rollout

A new updated binutils package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: binutils package released

A new updated binutils package within OracleLinux OS 6 ELS is now available for download from our production...

OracleLinux 6 ELS: openldap package released

A new updated openldap package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: openldap package gradual rollout

A new updated openldap package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

UBUNTU 16.04 ELS: vim package released

A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: vim package released

A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: vim package gradual rollout

A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: php package gradual rollout completed

A new updated php package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: vim package gradual rollout completed

A new updated vim package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: glibc package gradual rollout completed

A new updated glibc package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

Winter is Coming for CentOS 8

The server environment is complex and if you’re managing thousands of Linux servers, the last thing you want is for an operating system vendor to...

What does the critical CISA directive mean and how should you respond?

Let’s face it – everyone’s had just about enough. Exploits are everywhere, and it’s almost impossible to deal with the problem to a watertight degree....

CentOS 6 ELS: bind package gradual rollout completed

A new updated bind package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

KernelCare agent update – version 2.58-available

We are pleased to announce that a new updated KernelCare agent version 2.58-1 is now...

UBUNTU 16.04 ELS: vim package released

A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: vim package released

A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: vim package gradual rollout

A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: php package gradual rollout

A new updated php package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

UBUNTU 16.04 ELS: php7.0 package released

A new updated php7.0 package within Ubuntu 16.04 ELS is now available for download from our production...

Vulnerability in iconv identified by TuxCare Team (CVE-2021-43396)

Iconv is a library used to convert between different character encodings and is part of a core group of tools and libraries used to perform...

UBUNTU 16.04 ELS: glibc package released

A new updated glibc package within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: glibc package released

A new updated glibc package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: glibc package gradual rollout

A new updated glibc package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: bind package gradual rollout

A new updated bind package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: nginx package gradual rollout completed

A new updated nginx package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

OracleLinux 6 ELS: bind package released

A new updated bind package within OracleLinux OS 6 ELS is now available for download from our production...

UBUNTU 16.04 ELS: bind package released

A new updated bind package within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: mysql package released

A new updated mysql package within Ubuntu 16.04 ELS is now available for download from our production...

Monthly TuxCare Update – October 2021

Welcome to the next installment of our monthly news round-up, brought to you by TuxCare. We have developed live patching solutions that minimise maintenance workload...

Does Live Patching Slow Systems Down?

If you’re a systems administrator responsible for thousands of servers, even a small slowdown can cause serious technical problems for your enterprise, and cost it...

CentOS 6 ELS: gd package gradual rollout completed

A new updated gd package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

OracleLinux 6 ELS: nginx package released

A new updated nginx package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: nginx package gradual rollout

A new updated nginx package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

UBUNTU 16.04 ELS: nginx package released

A new updated nginx package within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: python3.5 package released

A new updated python3.5 package within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: mysql packages released

A new updated mysql package within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: systemd package released

A new updated systemd package within Ubuntu 16.04 ELS is now available for download from our production...

Multiple vulnerabilities affecting Ubuntu 20.04 HWE/AWS

TuxCare’s KernelCare team is preparing a large batch of patches for Ubuntu 20.04 HWE and AWS Hirsute variants, running the ubuntu-focal-hwe-5.11 and ubuntu-focal-aws-5.11 kernels. All...

KernelCare agent update – version 2.57-1available

We are pleased to announce that a new updated KernelCare agent version 2.57-1 is now...

CVE Dashboard update and new functionality

Some time ago, we announced the availability of the CVE Dashboard for the Extended Lifecycle Support service. It provides an up-to-date view of CVE information...

CentOS 6 ELS: httpd package gradual rollout completed

A new updated httpd package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

UBUNTU 16.04 ELS: binutils package released

A new updated binutils package within Ubuntu 16.04 ELS is now available for download from our production...

CentOS 6 ELS: gd package gradual rollout

A new updated gd package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

UBUNTU 16.04 ELS gd package released

A new updated gd package within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: gd package released

A new updated gd package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: dovecot package gradual rollout completed

A new updated dovecot package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

Find out how QEMUCare can reshape your maintenance operations

TuxCare has recently introduced QEMUCare, the live patching solution for when you need to deploy patches to a QEMU-based infrastructure, but the logistics around the...

Ubuntu 16.04 ELS: vim package released

A new updated vim package within Ubuntu 16.04 ELS is now available for download from our production...

CentOS 6 ELS: httpd package gradual rollout

A new updated httpd package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: vim package gradual rollout

A new updated vim package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: vim package released

A new updated vim package within OracleLinux OS 6 ELS is now available for download from our production...

OracleLinux 6 ELS: httpd package released

A new updated httpd package within OracleLinux OS 6 ELS is now available for download from our production...

Ubuntu 16.04 ELS: curl package released

A new updated curl package within Ubuntu 16.04 ELS is now available for download from our production...

Ubuntu 16.04 ELS: apache2 package released

A new updated apache2 package within Ubuntu 16.04 ELS is now available for download from our production...

Monthly TuxCare Update – September 2021

Welcome to our monthly news round-up, bought to you by TuxCare, the trusted maintenance services provider for the Enterprise Linux industry. Our services maximise system...

CentOS 6 ELS: dovecot package gradual rollout

A new updated dovecot package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: dovecot package released

A new updated dovecot package within OracleLinux OS 6 ELS is now available for download from our production...

KernelCare agent update – version 2.56-1 available

We are pleased to announce that a new updated KernelCare agent version 2.56-1 is now...

CentOS 6 ELS: httpd package gradual rollout completed

A new updated httpd package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

KernelCare agent update – version 2.55-2 available

We are pleased to announce that a new updated KernelCare agent version 2.55-2 is now...

CentOS 6 ELS: ntp package gradual rollout completed

A new updated ntp package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: openssl package gradual rollout completed

A new updated openssl package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: python package gradual rollout completed

A new updated python package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: binutils package with the fix for the CVE-2021-3487 gradual rollout completed

A new updated binutils package with the fix for the CVE-2021-3487 within CentOS 6 ELS has been rolled out to 100% and is now available for download...

How Let’s Encrypt certificate changes affect Live Patching Customers

The expiration of a root certificate in the Let’s Encrypt certification chain causes multiple issues, especially when coupled with older versions of OpenSSL like those...

ELS fix is available for Let’s Encrypt certificate changes

Let’s Encrypt is a practical way of obtaining certificates and implementing TLS encryption across a wide range of applications. Looking at the number of issued...

OracleLinux 6 ELS: ntp package released

A new updated ntp package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: ntp package gradual rollout

A new updated ntp package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: openssl package released

A new updated openssl package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: openssl package gradual rollout

A new updated openssl package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: httpd package released

A new updated httpd package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: httpd package gradual rollout

A new updated httpd package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: python package gradual rollout

A new updated python package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: python package released

A new updated python package within OracleLinux OS 6 ELS is now available for download from our production...

Ubuntu 16.04 ELS: binutils package with the fix for the CVE-2021-3487 released

A new updated binutils package with the fix for the CVE-2021-3487 within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: binutils package with the fix for the CVE-2021-3487 released

A new updated binutils package with the fix for the CVE-2021-3487 within OracleLinux OS 6 ELS is now available for download from our production repository....

CentOS 6 ELS: binutils package with the fix for the CVE-2021-3487 gradual rollout

A new updated binutils package with the fix for the CVE-2021-3487 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

The life and times of open source communities

Open-source code is at the core of many of the critical software solutions that large companies, governments, and even home users depend on. You would...

CentOS 6 ELS: kernel gradual rollout completed

A new CentOS 6 kernel within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout completed

A new updated openssl package with the fix for several CVEs within CentOS 6 ELS has been rolled out to 100% and is now available for download...

CentOS 6 ELS: microcode_ctl package with the fix for several CVEs gradual rollout completed

A new updated microcode_ctl package with the fix for several CVEs within CentOS 6 ELS has been rolled out to 100% and is now available for download...

CentOS 6 ELS: xterm package with the fix for the CVE-2021-27135 gradual rollout completed

A new updated xterm package with the fix for the CVE-2021-27135 within CentOS 6 ELS has been rolled out to 100% and is now available for download...

Fixing the security implications of open source technical debt

Major progress is usually made step by step – building capabilities, layer by layer. That’s the case for free and open-source (FOSS) software too, with...

KernelCare agent update – version 2.54-1 available

We are pleased to announce that a new updated KernelCare agent version 2.54-1 is now...

KernelCare ePortal updated – version 1.27-1 is available

We are pleased to announce that a new updated ePortal version 1.27-1 is now...

CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout

A new updated openssl package with the fix for several CVEs within CentOS 6 ELS has been scheduled for gradual rollout from our production...

Ubuntu 16.04 ELS: openssl package with the fix for the CVE-2021-3712 released

A new updated openssl package with the fix for the CVE-2021-3712 within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: openssl package with the fix for the CVE-2021-3712 and CVE-2021-23841 released

A new updated openssl package with the fix for the CVE-2021-3712 and CVE-2021-23841 within OracleLinux OS 6 ELS is now available for download from our production...

Ubuntu 16.04 ELS: intel-microcode package with the fix for several CVEs released

A new updated intel-microcode package with the fix for several CVEs within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: microcode_ctl package with the fix for several CVEs released

A new updated microcode_ctl package with the fix for several CVEs within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: kernel gradual rollout

A new CentOS 6 kernel within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: xterm package with the fix for the CVE-2021-27135 gradual rollout

A new updated xterm package with the fix for the CVE-2021-27135 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: curl package with the fix for the CVE-2021-22924 gradual rollout completed

A new updated curl package with the fix for the CVE-2021-22924 within CentOS 6 ELS has been rolled out to 100% and is now available for download...

Take part in the TuxCare QEMU/KVM survey & win a CCNA certification

Today TuxCare opens a survey on Patch Management of QEMU/KVM-based systems, which has a goal to create a better understanding of current practices and methodologies...

CentOS 6 ELS: microcode_ctl package with the fix for several CVEs gradual rollout

A new updated microcode_ctl package with the fix for several CVEs within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: squid package gradual rollout completed

A new updated squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 within CentOS 6 ELS has been rolled out to 100% and is now available...

CentOS 6 ELS: curl package with the fix for the CVE-2021-22924 gradual rollout

A new updated curl package with the fix for the CVE-2021-22924 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

Ubuntu 16.04 ELS: curl package with the fix for the CVE-2021-22924 released

A new updated curl package with the fix for the CVE-2021-22924 within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: curl package with the fix for the CVE-2021-22924 released

A new updated curl package with the fix for the CVE-2021-22924 within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: glibc and java-1.8.0-openjdk packages: gradual rollout completed

New updated glibc and java-1.8.0-openjdk packages within CentOS 6 ELS have been rolled out to 100% and are now available for download from our production...

Announcing QEMUCare – Live Patching for your virtualization hosts

The TuxCare Team is proud to announce QEMUCare, the live patching solution for your QEMU virtualization host systems. Now you can keep these systems updated...

Monthly TuxCare Update – August 2021

Here at TuxCare, we pride ourselves on being the trusted provider of maintenance services for the Enterprise Linux industry. Our services improve system administration manageability...

Announcing the launch of Extended Lifecycle Support for CentOS 8

The TuxCare Team is proud to announce that it is adding support for CentOS 8 under its Extended Lifecycle Support service. With this service, TuxCare...

What is binary compatibility, and what does it mean for Linux distributions?

Binary compatibility is one of those important tech concepts that hides in the background – but that is a critical element in making things work....

Tips for TuxCare’s KernelCare Enterprise integration with Qualys

Qualys provides visibility into the IT infrastructure, with comprehensive reporting on the state of systems and vulnerabilities that may be present in them. TuxCare’s KernelCare...

CentOS 6 ELS: squid34 package with the fix for several CVEs gradual rollout

A new updated squid34 package with the fix for several CVEs within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: squid34 package released

A new updated squid34 package with the fix for several CVEs within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: squid package has been scheduled for gradual rollout

A new updated squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 released

A new updated squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 within OracleLinux OS 6 ELS is now available for download from our production...

KernelCare agent update – version 2.53-2 available

We are pleased to announce that a new updated KernelCare agent version 2.53-2 is now...

Important OpenSSL vulnerabilities fixed by TuxCare CVE-2021-3711/3712

Few libraries are in widespread use as OpenSSL. It has a ubiquitous presence across hardware platforms and operating systems, userland applications and IoT. The chances...

UBUNTU 16.04 ELS: openjdk-9 package with the fix for the CVE-2021-2388 released

A new updated openjdk-9 package with the fix for the CVE-2021-2388 within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: openjdk-8 package with the fix for the CVE-2021-2388 released

A new updated openjdk-8 package with the fix for the CVE-2021-2388 within Ubuntu 16.04 ELS is now available for download from our production...

UBUNTU 16.04 ELS: glibc package with the fix for several CVEs released

A new updated glibc package with the fix for several CVEs within Ubuntu 16.04 ELS is now available for download from our production...

CentOS 6 ELS: squid package rollout completed

A new updated squid package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

The first batch of live patches for Rocky Linux are being delivered

As you may have seen, TuxCare’s Live Patching service, KernelCare Enterprise, now supports Rocky Linux. The first 5 CVEs fixed are already being delivered through...

CentOS 6 ELS: glibc and java-1.8.0-openjdk packages have been scheduled for gradual rollout

New updated glibc and java-1.8.0-openjdk packages within CentOS 6 ELS have been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: glibc and java-1.8.0-openjdk packages released

New updated glibc and java-1.8.0-openjdk packages within OracleLinux OS 6 ELS are now available for download from our production...

A Look at Centralized Identity Management

This is our second article in our “concepts you’re using without even knowing” series. This time, we’re discussing identity management, and specifically centralized identity management....

Where does risk management fit in with CISOs – why is it so important?

A growing threat landscape rapidly made the CISO role one of the most influential C-level positions. It’s no surprise that the remit of CISOs keeps...

OracleLinux 6 ELS: kernel v. 2.6.32-754.35.2 released

A new updated OracleLinus 6 kernel v.2.6.32-754.35.2 within OracleLinux 6 ELS is now available for download from our production...

TuxCare has added support for Rocky Linux

TuxCare services already cover over 40 Linux distributions commonly found in Enterprise environments. These range from CentOS to Debian, and over the years, the list...

TuxCare Team identifies CVE-2021-38604, a new vulnerability in glibc

The TuxCare Team is responsible for performing in-depth analyses of new CVEs. This is done for every new CVE that pops up, which affects, directly...

OracleLinux 6 ELS: squid package released

A new updated squid package within OracleLinux OS 6 ELS is now available for download from our production...

CentOS 6 ELS: squid package has been scheduled for gradual rollout

A new updated squid package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

CentOS 6 ELS: perl package with the fix for the CVE-2020-10878 and the CVE-2020-10543 gradual rollout completed

A new updated perl package within CentOS 6 ELS with the fix for the CVE-2020-10878 and the CVE-2020-10543 has been rolled out to 100% and is now...

CentOS 6 ELS: glibc package gradual rollout completed

A new updated glibc package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

UBUNTU 16.04 ELS with the fix for the CVE-2021-33909 released

An updated Ubuntu 16.04 ELS with the fix for the CVE-2021-33909 is now available for download from our production...

KernelCare agent update – version 2.52-1 available

We are pleased to announce that a new updated KernelCare agent version 2.52-1 is now...

Track the status of fixes for all CVEs with ELS’s new Dashboard

One request we often receive is about the status of a particular fix or if we are already working on a vulnerability that has just...

Track the status of fixes for all CVEs with ELS’s new Dashboard

One request we often receive is about the status of a particular fix or if we are already working on a vulnerability that has just...

CentOS 6 ELS: squid package with the fix for the CVE-2021-28651: gradual rollout completed

A new updated squid package with the fix for the CVE-2021-28651 within CentOS 6 ELS has been rolled out to 100% and is now available for download...

CentOS 6 ELS: curl package with the fix for the CVE-2021-22925: gradual rollout completed

A new updated curl package with the fix for the CVE-2021-22925 within CentOS 6 ELS has been rolled out to 100% and is now available for download...

CentOS 6 ELS: a new perl package with the fix for the CVE-2020-10543 was updated in the current rollout

A new updated perl package with the fix for the CVE-2020-10543 was updated in the current rollout within CentOS 6...

OracleLinux 6 ELS: perl package with the fix for the CVE-2020-10543 released

A new updated perl package with the fix for the CVE-2020-10543 within OracleLinux 6 ELS is now available for download from our production...

Monthly TuxCare Update – July 2021

We are a trusted partner to the Enterprise Linux industry when it comes to delivering maintenance services. Our goal is to improve the manageability of...

KernelCare agent update – version 2.51-1 available

We are pleased to announce that a new updated KernelCare agent version 2.51-1 is now...

CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 gradual rollout completed

A new updated CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 within CentOS 6 ELS has been rolled out to 100% and is now...

Happy Sysadmin Day from TuxCare!

The last Friday of July is System Administrator Appreciation Day. It’s the one day when Sysadmins like you who have been putting out users’ fires...

CentOS 6 ELS: perl package with the fix for the CVE-2020-10878 gradual rollout

A new updated perl package within CentOS 6 ELS with the fix for the CVE-2020-10878 has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: perl package with the fix for the CVE-2020-10878 released

A new updated perl package with the fix for the CVE-2020-10878 within OracleLinux 6 ELS is now available for download from our production...

CentOS 6 ELS: glibc package gradual rollout

A new updated glibc package within CentOS 6 ELS has been scheduled for gradual rollout from our production...

KernelCare agent update – version 2.50-1 available

We are pleased to announce that a new updated KernelCare agent version 2.50-1 is now...

Testing CVE-2021-22922 and CVE-2021-22923 / Extended Lifecycle Support

Continuing our trend of testing all the CVEs that come out that may affect the Linux distributions covered by our Extended Lifecycle Support, the team...

CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 gradual rollout

A new updated CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

Curl’s 20-year-old bug is resilient – back for another fix – CVE-2021-22925

Some weeks ago, CVE-2021-22898 was published. It affects curl/libcurl from version 7.7, dating from the 22nd of March 2001. It consisted of a flaw in...

Ubuntu 16.04 ELS: imagemagick package released

A new updated imagemagick package within Ubuntu 16.04 ELS is now available for download from our production...

Introducing OAuth2.0 Single Sign-On support for ePortal authentication

Having a centralised identity management system is the current best practice to consolidate and enforce secure login and authorisation policies over a wide range of...

OracleLinux 6 ELS: curl package with the fix for the CVE-2021-22925 released

A new updated curl package with the fix for the CVE-2021-22925 within OracleLinux 6 ELS is now available for download from our production...

Ubuntu 16.04 ELS: curl package with the fix for the CVE-2021-22925 released

A new updated curl package with the fix for the CVE-2021-22925 within Ubuntu 16.04 ELS is now available for download from our production...

CentOS 6 ELS: curl package with the fix for the CVE-2021-22925 gradual rollout

A new updated curl package with the fix for the CVE-2021-22925 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

Patches for CVE-2021-33909 are being delivered [UPDATE #3 27/07]

CVE-2021-33909 was disclosed on the 20th of July. It describes a vulnerability in the Linux filesystem layer that can lead to local privilege elevation when...

CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.6 gradual rollout

A new updated CentOS 6 kernel v.2.6.32-754.35.6 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

Ubuntu 16.04 ELS: systemd package with the fix for the CVE-2021-33910 released

A new updated systemd package with the fix for the CVE-2021-33910 within Ubuntu 16.04 ELS is now available for download from our production...

Ubuntu 16.04 ELS: squid package with the fix for the CVE-2021-28651 released

A new updated squid package with the fix for the CVE-2021-28651 within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: squid package with the fix for the CVE-2021-28651 released

A new updated squid package with the fix for the CVE-2021-28651 within OracleLinux 6 ELS is now available for download from our production...

CentOS 6 ELS: squid package with the fix for the CVE-2021-28651 gradual rollout

A new updated squid package with the fix for the CVE-2021-28651 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

Is the Ghost bug still haunting your servers?

Forgotten vulnerabilities can come back to haunt you. It’s just too easy to assume that you’ve patched or upgraded thoroughly enough so that a dangerous,...

KernelCare agent update – version 2.49-2 available

We are pleased to announce that a new updated KernelCare agent version 2.49-2 is now...

KernelCare ePortal updated – version1.26-1 is available

We are pleased to announce that a new updated ePortal version 1.26-1 is now...

What does the Ideal Vulnerability Management Tool Look Like?

Vulnerability management tools are a broad and wide category, but all have the same goal: helping organizations to minimize the risk posed by everyday IT...

CentOS 6 ELS: sudo package with the fix for the CVE-2021-23240 rollout completed

A new updated sudo package with the fix for the CVE-2021-23240 within CentOS 6 ELS has been rolled out from our production...

Spectre, Yet Again. Because We Know You Missed It…

Spectre and its cousin Meltdown have been with us since 2018, and one would think that we’ve heard everything there is to hear about these...

KernelCare agent update – version 2.48-1 available

We are pleased to announce that a new updated KernelCare agent version 2.48-1 is now...

Understanding MySQL High Availability: Good and Bad Reasons to Use It

We have updated this blog post due to high demand. Our new blog post can be found here: https://tuxcare.com/ensuring-uptime-with-mysql-high-availability/ The cost of downtime in the...

CentOS 6 ELS: sudo package with the fix for the CVE-2021-23240 gradual rollout

A new updated sudo package with the fix for the CVE-2021-23240 within CentOS 6 ELS has been scheduled for gradual rollout from our production...

OracleLinux 6 ELS: sudo package with the fix for the CVE-2021-23240 released

A new updated sudo package with the fix for the CVE-2021-23240 within OracleLinux 6 ELS is now available for download from our production...

Ubuntu 16.04 ELS: sudo package with the fix for the CVE-2021-23240 released

A new updated sudo package with the fix for the CVE-2021-23240 within Ubuntu 16.04 ELS is now available for download from our production...

CentOS 6 ELS: curl package with the fix for the CVE-2021-22898 gradual rollout completed

A new updated curl package with the fix for the CVE-2021-22898 within CentOS 6 ELS has been rolled out to 100% and is now available for download...

CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.5 gradual rollout completed

A new updated CentOS 6 kernel v.2.6.32-754.35.5 within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production...

Monthly TuxCare Update – June 2021

As a trusted partner for providing maintenance services to the Enterprise Linux industry, our goal is to make system administration more manageable. In this monthly...

A comprehensive guide to QEMU patching

When it comes to patching, thoroughness is a critical aspect – it takes just one unpatched service to open the doors to a damaging intrusion....

CentOS 6 ELS: hivex package with the fix for the CVE-2021-3504 rollout completed

A new updated hivex package with the fix for the CVE-2021-3504 within CentOS 6 ELS has been rolled out to 100% and is now available for download...

Ubuntu 16.04 ELS: curl package with the fix for the CVE-2021-22898 released

A new updated curl package with the fix for the CVE-2021-22898 within Ubuntu 16.04 ELS is now available for download from our production...

OracleLinux 6 ELS: curl package with the fix for the CVE-2021-22898 released

A new updated curl package with the fix for the CVE-2021-22898 within OracleLinux OS 6 ELS is now available for download from our production...