Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Linux

CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape

This week, Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0185 and is rated as a High (7.8) severity. The flaw occurs in the Filesystem Context system when handling legacy parameters. An attacker can leverage this flaw to cause a DDoS, escape container environments, and elevate privileges.

Introducing Teleport Access Plane for Linux and Windows Hosts

We are excited to welcome Windows hosts to the Teleport Access Plane. For the past 5 years we’ve helped refine our Access Plane for Linux hosts, providing short-lived certificate-based access, RBAC and developer-friendly access to resources. As we’ve rolled Teleport to larger organizations, we found that people wanted the same convenience and security of Teleport but for Windows hosts.

A kernel of truth: Linux isn't as foolproof as we may have thought

A world without Linux is hard to imagine. Every Google search we run is accomplished on Linux-based servers. Behind the Kindle we enjoy reading, to the social media sites we spend scrolling away every day sits the Linux kernel. Would you believe your ears if I tell you the world’s top 500 supercomputers run on Linux? No wonder Linux has permeated into every aspect of the digital age, not to mention its steadily growing enterprise user base.

How to detect security threats in your systems' Linux processes

Almost all tasks within a Linux system, whether it’s an application, system daemon, or certain types of user activity, are executed by one or more processes . This means that monitoring processes is key to detecting potentially malicious activity in your systems, such as the creation of unexpected web shells or other utilities.

How to mitigate CVE-2021-33909 Sequoia with Falco - Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

Preventing Data Exfiltration with eBPF

To keep your business secure, it is important not only to keep the hackers from getting in but also to keep your data from getting out. Even if a malicious actor gains access to the server, for example via an SSH session, it is vital to keep the data from being exfiltrated to an unauthorized location, such as IP addresses not under your organization’s control. In considering a solution to protect against data exfiltration, it is critical to note that one policy does not fit all.

REvil's new Linux version

The ransomware-as-a-service (RaaS) operation behind REvil have become one of the most prolific and successful threat groups since the ransomware first appeared in May 2019. REvil has been primarily used to target Windows systems. However, new samples have been identified targeting Linux systems. AT&T Alien Labs™ is closely monitoring the ransomware landscape and has already identified four of these samples in the wild during the last month, after receiving a tip from MalwareHuntingTeam.

Beyond the network: Next Generation Security and Observability with eBPF - Shaun Crampton, Tigera

Learn how eBPF will bring a richer picture of what's going on in your cluster, without changing your applications. With eBPF we can safely collect information from deep within your applications, wherever they interact with the kernel. For example, collecting detailed socket statistics to root-cause network issues, or pinpointing the precise binary inside a container that made a particular request for your audit trail. This allows for insights into the behavior (and security) of the system that previously would have needed every process to be (manually) instrumented.

CVE-2021-31440: Kubernetes container escape using eBPF

In a recent post by ZDI, researchers found an out-of-bounds access flaw (CVE-2021-31440) in the Linux kernel’s (5.11.15) implementation of the eBPF code verifier: an incorrect register bounds calculation occurs while checking unsigned 32-bit instructions in an eBPF program. The flaw can be leveraged to escalate privileges and execute arbitrary code in the context of the kernel.