KernelCare Blog

The Grave Danger of Kernel Vulnerabilities – and the Importance of Kernel Patching

Jul 26, 2019 8:55:30 AM / by KernelCare Team

0 Comments

Read More

How KernelCare Helps You Meet SOC 2's Privacy Requirements

Jul 24, 2019 6:57:13 AM / by KernelCare Team

0 Comments



SOC 2 is an audit framework that gives organisations a trusted way to verify their controls for protecting, securing and utilizing data. Increasingly, cloud computing companies that want to attract business need to demonstrate SOC 2 certification. (If you’ve never heard of SOC 2 and want the full lowdown, check out our whitepaper here.)

Read More

RIDL – Another MDS Attack that Live Patching Would Have Saved You From

Jul 18, 2019 1:34:44 PM / by KernelCare Team

0 Comments



Everyone has heard of Zombieload. Recently made known to the public, Zombieload is a Microarchitectural Data Sampling (MDS) attack that can reveal private data by breaking the privacy borders between apps. A lot of people were (rightfully) worried about Zombieload, and in the middle of May it was big news. 

Read More

Some Under-the-Hood Improvements in KernelCare Package Setup Logic

Jul 17, 2019 4:16:48 PM / by Inessa Atmachian posted in KernelCare

0 Comments

One day, we received a report from our client that he faced 403 Forbidden error during KernelCare package setup. We started to investigate the issue and found that we need to improve KernelCare package setup logic.

Read More

How KernelCare Helps You Meet SOC 2's Security Requirements

Jul 16, 2019 1:03:32 PM / by KernelCare Team

0 Comments

 

Read More

Fallout – the MDS Side Channel Attack That Isn't Zombieload

Jul 12, 2019 9:02:13 AM / by KernelCare Team

0 Comments



Everyone has heard of Zombieload. Recently made known to the public, Zombieload is a Microarchitectural Data Sampling (MDS) attack that reveals private data by breaking the privacy borders that exist between apps. Zombieload targets the load, store, and line fill buffers, used by the CPU for fast reads/writes of internal data. In mid-May, the discovery of Zombieload was big news.

But: Zombieload isn’t the only MDS-related side channel attack that you should be worried about. There are actually three such threats, all constituting weaknesses in Intel x86 microprocessors that leak data across protection boundaries that are architecturally supposed to be secure.

Fallout is another hardware vulnerability of this kind. It exploits a weakness in Intel CPUs to cause leakages in store buffers, which are used by the processor’s pipeline to hold data.

Read More

Which Linux Distro is Best for Embedded Development?

Jul 9, 2019 11:37:18 AM / by KernelCare Team

0 Comments



Compared to proprietary embedded operating systems, Linux is low cost; it allows for multiple suppliers of software, development and support; it has a stable kernel; and it facilitates the ability to read, modify and redistribute the source code. For these reasons and more, Linux has become the go-to option for embedded systems. 

Read More

KernelCare: On Becoming SOC 2 ® Compliant

Jul 8, 2019 10:24:15 AM / by Alexandra Mitroshkina posted in soc2, compliance

0 Comments

At KernelCare, we've known about SOC 2 for some time. We've had customers tell us that our Linux kernel live patching product helped them with their compliance certification efforts. Although KernelCare doesn't handle customer data, we thought we should follow the good example set by our SOC 2-certified customers and become compliant. We would get to know our customers' use-cases better, and improve as a company.

So, I'm excited, and a little nervous, to share with you the start of our own SOC 2 compliance journey. I will share more as we progress.

Read More

What is Meant By Embedded Linux?

Jul 4, 2019 3:33:04 PM / by KernelCare Team

0 Comments

An embedded system is a small computer that lives within a larger structure that isn’t itself a computer. It is a bundle of computing hardware and software, designed for a specific function, that lives within a larger physical system. Rooted in a microprocessor or microcontroller, embedded systems are controlled by a real-time operating system, run on a limited amount of power and memory, and range widely in size and UI complexity. Embedded systems are all around us, existing within a vast array of consumer, industrial, medical, and military technologies.

Read More

The Need to Reboot is Delaying Your Kernel Patching – And this Delay is Making You Insecure and Noncompliant

Jul 2, 2019 1:55:20 PM / by KernelCare Team

0 Comments

Kernel patching is a never-ending job. Why? Because Linux is king of the OSes. But it is very, very complicated. The master branch of the Linux kernel git repository contains more than 20,000,000 lines of human-written code. This complexity makes vulnerabilities inevitable. There are hundreds every year, some of them very serious.

Read More