The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities catalog by adding seven more Linux-related vulnerabilities. Interestingly, some of these vulnerabilities aren’t fresh threats; one even traces back to 2010. Despite their age, these vulnerabilities are still being actively exploited, causing significant concerns for federal enterprises. Among the new entries… Continue reading CISA’s KEV additions: Linux under threat?
At Vulcan Cyber, we spend a lot of time researching vulnerabilities and making the community aware of them, especially through Vulcan Remedy Cloud, our popular free resource where we share expert-curated vulnerability solutions. This makes us very aware of emerging trends and what direction the threat environment seems to be moving in. Overall, the most… Continue reading Linux vulnerability trends (July 2022)
First Officer’s log, Terrestrial date, 202200713. Officer of the Deck reporting. In spite of the ship being in port for a major conference, we were able to continue with our duty to log the mission. As expected, the conference brought specialists in from other crews to share insights, techniques, and comradery, along with some friendly… Continue reading Linux vulnerability, ransomware, hidden threats: first officer’s log – week 4
Every year, MITRE adds thousands of new entries to their Common Vulnerabilities and Exposures (CVE) list. With only a few exceptions, the number of vulnerabilities posted to the list has gone up almost every year, with over four thousand posted already in 2022. That’s not to say that all CVEs are going to lead to… Continue reading The most common CVEs (and how to fix them)
Linux users had cause for concern recently when a 12-year-old vulnerability was discovered in the system tool Polkit. CVE-2021-4034 – also known as PwnKit – gives attackers root privileges on machines running most major distributions of the operating system. The PwnKit vulnerability was first discovered by Qualys in November and disclosed more recently after being… Continue reading CVE-2021-4034 – how to fix the PwnKit vulnerability
Continuous integration and continuous delivery and/or deployment (CI/CD) has become a staple within the modern software development landscape, and it is now extending into patch management. The importance of your environment’s security cannot be overstated, nor can the difficulty of maintaining that security. The question then becomes: What exactly is CI/CD and how can you… Continue reading Integrate CI Tools with VM for Risk Remediation
Patching has become particularly challenging in the new cloud and hybrid-cloud environments— especially across Windows and Linux—despite the many methods and technologies for this. What are the differences between patching in Windows and Linux, and how does this all fit into the modern cloud infrastructure? Do these new environment paradigms facilitate or complicate patch management?
The team responsible for sudo, a popular Linux command-line tool, published a new security alert under CVE-2019-14287. It has a high CVSS score of 8.8, and Vulcan Cyber’s threat intel has found it to be exploitable. This would result in it posing a high-to-critical risk in most environments.
Amazon released the EC2 Run Command in 2015 as the first step to extend a bridge back to datacenter, enterprise, and traditional operations environments. Then in 2016, AWS released its patch management solution under the EC2 Systems Manager. Now, all datacenter-style management tools fall under the AWS Systems Manager.
So, it’s time to patch again. Kind of like getting your flu shots – you know it’s good for you, but nobody likes doing it. Let’s do a quick analysis of the challenges that patching poses to your environment, and some of our recommended coping mechanisms