Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

4 ways to leverage existing kernel security features to set up process monitoring

The large attack surface of Kubernetes’ default pod provisioning is susceptible to critical security vulnerabilities, some of which include malicious exploits and container breakouts. I believe one of the most effective workload runtime security measures to prevent such exploits is layer-by-layer process monitoring within the container. It may sound like a daunting task that requires additional resources, but in reality, it is actually quite the opposite.

Find threats: Cloud credential theft on Linux endpoints

The Sumo Logic Threat Labs team previously outlined the risks associated with unprotected cloud credentials found on Windows endpoints. This article builds on that work by providing detection and hunting guidance in the context of endpoints that run the Linux operating system. Although workloads that support business functionality are increasingly moving to the cloud, these workloads are often managed through an endpoint that is often found on premises.

Introducing SSH command controls and advanced PEDM capabilities for Linux in PAM360

PAM360 is ManageEngine’s comprehensive privileged access management (PAM) solution designed for enterprises to protect sensitive, privileged identities from internal and external threats. With the principle of least privilege enshrined across the product, PAM360’s privilege elevation and delegation management (PEDM) capabilities help enterprises eliminate standing privileges and provide granular privileged access in a restricted, time-based manner.

The Linux Kernel and the Cursed Driver

NTFS is a filesystem developed by Microsoft that was introduced in 1993. Since then, it has become the primary filesystem for Windows. In recent years, the need for an NTFS implementation for macOS and Linux has risen, and as a result, new NTFS drivers for those operating systems have been developed. This blog post presents some information about the NTFS driver for Linux and shows a bug we found in one of the filesystem’s features.

CVE-2023-0210

KSMBD, as defined by the kernel documentation1, is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network. It was introduced in kernel version ‘v5.15-rc1’ so it’s still relatively new. Most distributions do not have KSMBD compiled into the kernel or enabled by default. Recently, another vulnerability (ZDI-22-16902) was discovered in KSMBD, which allowed for unauthenticated remote code execution in the kernel context.

SELinux, Dragons and Other Scary Things

If you've ever used Linux, you’ve probably heard about SELinux or Security-enhanced Linux. For a very long time, my interaction with it was just restricted to: Like many other security solutions, SELinux can sometimes be annoying, and understanding even the basic concepts can change our bigger enemy to our best friend.

5 Tips for Linux Server Hardening

Linux servers have been in use for specific uses for a long time. One ought to be conscious that a new Linux server’s degree of protection is exceptionally low by default configuration. This is in order to permit as much functionality and competency as feasible while installing it. Consequently, it’s essential to carry out fundamental hardening procedures prior to installing the server in a production environment.