PAM360 is ManageEngine’s comprehensive privileged access management (PAM) solution designed for enterprises to protect sensitive, privileged identities from internal and external threats. With the principle of least privilege enshrined across the product, PAM360’s privilege elevation and delegation management (PEDM) capabilities help enterprises eliminate standing privileges and provide granular privileged access in a restricted, time-based manner.

NTFS is a filesystem developed by Microsoft that was introduced in 1993. Since then, it has become the primary filesystem for Windows. In recent years, the need for an NTFS implementation for macOS and Linux has risen, and as a result, new NTFS drivers for those operating systems have been developed. This blog post presents some information about the NTFS driver for Linux and shows a bug we found in one of the filesystem’s features.

KSMBD, as defined by the kernel documentation1, is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network. It was introduced in kernel version ‘v5.15-rc1’ so it’s still relatively new. Most distributions do not have KSMBD compiled into the kernel or enabled by default. Recently, another vulnerability (ZDI-22-16902) was discovered in KSMBD, which allowed for unauthenticated remote code execution in the kernel context.

If you've ever used Linux, you’ve probably heard about SELinux or Security-enhanced Linux. For a very long time, my interaction with it was just restricted to: Like many other security solutions, SELinux can sometimes be annoying, and understanding even the basic concepts can change our bigger enemy to our best friend.

Linux servers have been in use for specific uses for a long time. One ought to be conscious that a new Linux server’s degree of protection is exceptionally low by default configuration. This is in order to permit as much functionality and competency as feasible while installing it. Consequently, it’s essential to carry out fundamental hardening procedures prior to installing the server in a production environment.

In this post, I want to scratch at the surface of a very interesting technology that Elastic’s Universal Profiler and Security solution both use called eBPF and explain why it is a critically important technology for modern observability. I’ll talk a little bit about how it works and how it can be used to create powerful monitoring solutions — and dream up ways eBPF could be used in the future for observability use cases.

Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.

AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.