Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
April 1, 2022
Welcome to the March instalment of our monthly news round-up, bought to you by TuxCare. We’re honoured to be the Enterprise Linux industry’s trusted maintenance service provider. Our innovative live patching solutions help maximize system uptime while keeping them secure, reducing your maintenance workload, and minimizing system disruption.
In challenging times, it is ever more essential to keep systems secure. Unfortunately, the trend for record numbers of CVEs continues with no signs of disclosure rates slowing. So in this latest monthly overview, we’ll begin as usual with a round-up of the latest CVEs that the TuxCare Team has patched for you. We’ll also bring you the latest news, advice, and valuable tips to keep your systems safe.
This month saw the disclosure of the critical vulnerability CVE-2022-0847, known as “Dirty Pipes”, which affects Linux kernels starting from version 5.8 upwards. This code flaw allows an unprivileged user to overwrite read-only files, including SUID files. An attacker’s exploitation of this vulnerability can compromise confidentiality, integrity, and availability of affected systems. KernelCare Enterprise team has addressed this vulnerability, and you can find more information about it in this TuxCare blog post.
The TuxCare team’s Enterprise Linux Security podcast continues to offer comprehensive topical explanations for the latest hot topics and foundational concepts. Co-hosted by Learn Linux TV’s Jay LaCroix and TuxCare’s very own Joao Correia, four exciting new episodes are available this month.
In the twentieth episode, Joao and Jay discuss the concept of cloud governance and its importance for managing migration to the cloud environment to ensure a smooth transition and make sure the benefits outweigh the risks. You can view the video here: Enterprise Linux Security Episode 20 – Cloud Governance – YouTube
In the twenty-first episode, Joao and Jay discuss the recent “Dirty Pipe” vulnerability and Nvidia’s recent breach. You can view the video here: Enterprise Linux Security Episode 21 – Dirty Pipe & Nvidia’s Breach – YouTube
In the twenty-second episode, Joao and Jay discuss the foundational concepts surrounding how TLS certificates work and offer practical and invaluable advice and recommendations for implementing certificate-based encryption. You can view the video here: Enterprise Linux Security Episode 22 – Certificates – YouTube
In the twenty-third episode, Joao and Jay discuss five critical myths around cyber security that need to be challenged in light of the rapid changes required by industry to keep pace this the threat landscape. You can view the video here: Enterprise Linux Security Episode 23 – Busting 5 IT Security Myths – YouTube
These enthralling and enlightening video podcasts are essential viewing for anyone involved in managing Linux-based enterprise systems.
Last month we reported that CVE records were again broken in 2021, with 28,695 new vulnerabilities disclosed. Unfortunately, this year is set to continue the trend of an ever more challenging threat landscape for businesses. It’s reached the stage where threat management has become an overwhelming task for some companies. System Admins typically bear the brunt of the workload to manage patches, monitoring system security and undertaking post-incident remediation work.
The risk of businesses becoming overwhelmed by the effort required is real and will simplify the attackers’ tasks. The solution is to look at automation wherever possible to reduce the load on the IT team. You can read more about this here: Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools (thehackernews.com). A live patching tool such as KernelCare Enterprise can offer an automatic, non-disruptive solution to this vulnerability management problem.
Here at TuxCare, we ensure that threat management will not become an overwhelming overhead for your resources thanks to our automation tools, providing reassurance that threat management is under control.
Customer experience is a recognized essential component for businesses. Still, it is often not treated with equal importance as technological or security objectives as its harder to define and often comes into conflict with more tangible technology objectives. Addressing this weakness has seen a trend for creating a Chief Experience Officer (CXO) role in businesses to meet the challenges. You can read more about this subject in the following article written by for Forbes Magazine Igor Seletskiy, CEO of TuxCare: Why CXOs Have Become Influential Members Of The C-Suite (forbes.com)
TuxCare in collaboration with Ponemon presents the 2nd edition of The State of Enterprise Linux Security Management Report. One of the new findings shows that over 56% of organizations take more than four weeks to deploy patches for known important or critical vulnerabilities. That comes unexpected for an industry where vulnerability awareness is a foundational process. Check out the report for more findings here.
Stay updated with the latest news and announcements from TuxCare.com