KernelCare Blog

Back in the nineties and early noughties, enterprises didn’t have to juggle too many servers. The rise of cloud computing has changed all that. Technologies like virtualization and containers now mean that the typical infrastructure is composed of many servers, hosting many applications.

As always, a sharp increase in scale makes it hard to maintain visibility and control. With the proliferation of servers within enterprise infrastructures, apps have sprung up to help IT professionals cope. These are usually referred to as Configuration Management (CM) or Remote Execution (RE) tools. These tools enable a process called infrastructure as code (IaC), in which an IT environment is represented via a programming language, and the tool automates the actions necessary to match the environment to this state. This can include actions like installing software, adding users, or partitioning storage devices.

There are four big players in this space: Puppet, Ansible, Chef, and SaltStack. Here’s a deep-dive into Puppet, the most popular option, which can be used for KernelCare mass deployment.

Read More

In the last week of June 2019, a new type of malware emerged, dubbed “Silex.” Reminiscent of the BrickerBot malware of 2017, Silex went after IoT devices, and killed the operating systems of thousands of devices in a matter of hours. Silex was able to infect any system running a Linux distribution, and chiefly damaged smart thermostats, lights, and sensors. How is Silex able to wreak such havoc? Learn more in our blog.

Read More

A majority of embedded systems constitute internet-connected Things. Most of these embedded systems use ARM chips and device architectures, and run on an operating system based on the Linux kernel. IoT appliances and devices are wise to use Linux. It allows for multiple suppliers of software, development and support; it has a stable kernel; and it facilitates the ability to modify and redistribute the source code. However, an IoT device running on Linux is as just as susceptible to vulnerabilities as any other Linux system. Learn more in our blog.

Read More

Linux Torvalds is the creator and original developer of the Linux kernel. So when he has something to say about the future of software and cybersecurity, it’s wise to listen. Recently, at the KubeCon + CloudNative + Open Source Summit China in Shanghai, Torvalds warned of forthcoming challenges in the world of managing software. At the root of these challenges, he said, are two hardware issues that are causing DevOps teams major headaches. Learn more in our blog.

 

Read More

SysAdmins will usually rationalise their delays in kernel patching with the argument that most patches are minor, correcting small, unthreatening flaws. They will point out that most kernel vulnerabilities are no big deal, that they aren’t any sort of invitation to malicious hackers.

But here’s the point: Now and again, a kernel vulnerability comes along which is truly terrifying.

Read More

SOC 2 is an audit framework that gives organisations a trusted way to verify their controls for protecting, securing and utilizing data. One of the key criterion for SOC 2 certification is Privacy. SOC 2 regulations state that, in order to obtain a Privacy certification, a company must operate in such a way that “personal information is collected, used, retained, disclosed, and disposed” in line with the company’s standards and goals. SOC 2 is deeply concerned with systems. Here’s where KernelCare is important. 

 

Read More

The furore around Zombieload obscured the fact that there are two other MDS-related side channel attacks on the loose. All are weaknesses in Intel x86 microprocessors, and all are worrying. One of these other two is RIDL, short for “Rogue In-Flight Data Load.” RIDL can be exploited by attackers to leak data from the vulnerable CPU’s internal buffers (chunks of allocated memory used to store and load data). These leakages can include such critical information as passwords and personal data. 

 

Read More