Netflix has a new hit on its hands. They’ve discovered new Linux kernel vulnerabilities and describe how a properly formed TCP network packet can cause the kernel to panic or slow down. There are three kinds. Two affect Linux kernels. (The other is for FreeBSD so won’t be described further.) All are dangerous because they can be executed remotely.
If anyone tells you that they know how to secure linux, but they fail to mention live patching – don’t listen to them. Keeping servers automatically up to date is key to keeping them safe. In the complex security question of how to secure Linux, patching live, in real-time, is the missing link.
You've just installed a kernel update, and now you need to carry out a Linux reboot. Except guess what? You don’t. Word is only just starting to get out, but times have changed, and rebooting is a thing of the past. This is a very positive development: because rebooting to patch is a hassle, companies frequently delay it for as long as they can – with damaging consequences.
A Linux kernel update is not to be taken lightly—change means risk. Whatever reasons you think you might have, there is really only one that matters. Igor Seletskiy, CEO of CloudLinux, tells you what it is in this blog post.
Linux kernel updates are a fact of life–as dull as taxes and only slightly less inconvenient than death. Newly discovered security vulnerabilities in the Linux kernel seem to appear with monotonous regularity. In most but not all cases, the patches needed to fix them follow swiftly after. There is work involved in installing the latest Linux kernel security patches, and danger if you delay–leave it too long and threat actors might take advantage of the period of vulnerability.
VMware has been a part of my working life for some time now. As a former Linux System Administrator, I've used it many times in different places. It's been one of my favorite ways to try out new operating systems (read: distro hopping) without having to buy more hardware.
Our KernelCare webinars on live patching technology and applications are growing in popularity.
So, we’re happy to tell you about another. As before, this one is in partnership with a technical architect from Amazon Web Services. And we’ve invited a prominent and established KernelCare customer from the insurance sector, Efinity.
KernelCare, the multiplatform Linux kernel live patching solution, now validated by VMware for customers of VMware Cloud on Amazon Web Services (AWS).
Vulnerabilities are becoming like celebrities, with freaky names and their own websites.
The latest ones to hit the scene are Zombieload, RIDL and Fallout, also known as Microarchitectural Data Sampling, (MDS for short), discovered by Intel and researched by academic departments at security-focused institutions around the world. These vulnerabilities are in the same vein as Spectre and Meltdown, being design flaws that reveal data. Zombieload is particularly worrying because it affects all Intel Core and Xeon CPUs manufactured since 2011.
Organizations use cloud services like AWS to be more agile and more profitable. This doesn’t stop them spending millions of dollars on cybersecurity, investing in network defense and end-point protection, hiring consultants, and purchasing threat intelligence reports.
But companies still get hacked, and still suffer data breaches and server compromises, often traceable to out-of-date software, either at the application level, or in the OS itself.