Tag: Red Hat Security

There are a million ways for awful things to happen to your data and accounts. For example, someone could accidentally commit their AWS access keys publicly to GitHub, and attackers quickly run up $100,000 in charges mining cryptocurrency on expensive…

Read more →

Ravie Lakshmanan’s recent article CISA warns of active exploitation of ‘PwnKit’ Linux vulnerability in the wild articulates the vulnerability in Polkit (CVE-2021-4034) and recommends “to mitigate any potential risk of exposure to cyberattacks… that organizations prioritize timely remediation of the…

Read more →

The IT industry not only looked very different 20 years ago, product security looked very different as well. Open source software wasn’t mainstream and the majority of vendors had full control and secrecy over their product code. This article has…

Read more →

What are container image vulnerabilities? This article has been indexed from Red Hat Security Read the original article: Scanning container image vulnerabilities with Clair

Read more →

Red Hat Enterprise Linux 9 (RHEL 9) ships with OpenSSL 3.0, a core operating system (OS) library that has been in the making for quite a while. This was a long and involved process for a variety of reasons. This article…

Read more →

Red Hat Enterprise Linux 9 (RHEL 9) is the latest version of Red Hat’s flagship operating system, released at the Red Hat Summit in May 2022. New capabilities added to RHEL 9 help simplify how organizations manage security and compliance…

Read more →

This article has been indexed from Red Hat Security Red Hat Product Security is pleased to announce that a new security metadata offering, the Common Security Advisory Framework (CSAF), is now available in beta form. CSAF 2.0 is the successor…

Read more →

This article has been indexed from Red Hat Security Traditionally, when looking at a virtio device and its corresponding virtio driver, we assume the device is trusted by the driver. We do, however, need to protect the virtio device from…

Read more →

This article has been indexed from Red Hat Security What is post-quantum cryptography? A new type of computer is being developed that can break many of our existing cryptographic algorithms. As a result, we need to develop new algorithms that…

Read more →

This article has been indexed from Red Hat Security Organizations across the globe continue to focus on managing security and risk compliance as the threat landscape evolves. Funding for IT security remains the top priority for many enterprises, as reported…

Read more →

This article has been indexed from Red Hat Security What are Kubernetes Operators? Read the original article: Kubernetes Operators: good security practices

Read more →

This article has been indexed from Red Hat Security Fedora 36 and Red Hat Enterprise Linux 9 (RHEL 9) are out, and both ship with OpenSSL 3 that has tighter security defaults and a brand new “provider” architecture. Read the…

Read more →

This article has been indexed from Red Hat Security Security considerations are even more important today than they were in the past. Every day we discover new vulnerabilities that impact our computer systems, and every day our computer systems become…

Read more →

This article has been indexed from Red Hat Security As a Technical Account Manager (TAM) one of the best parts of the job is the regular contact with our customers, talking to them frequently and helping them solve interesting problems.…

Read more →

This article has been indexed from Red Hat Security In an earlier blog I walked you through the process of using the Red Hat Enterprise Linux (RHEL) and Red Hat Insights Compliance service to: Create compliance policies Read the original…

Read more →

This article has been indexed from Red Hat Security Automation can help increase efficiency, save time and improve consistency, which is why Red Hat Enterprise Linux (RHEL) includes features that help automate many tasks. RHEL System Roles are a collection…

Read more →

This article has been indexed from Red Hat Security Kubernetes is the de facto standard when it comes to container orchestration and management at scale, but adoption is only one piece of Kubernetes strategy. Security plays a huge role in…

Read more →

This article has been indexed from Red Hat Security Red Hat is excited to announce that Red Hat Advanced Cluster Security for Kubernetes is now available as an open source project: StackRox. Read the original article: Red Hat releases open…

Read more →

This article has been indexed from Red Hat Security Kubernetes is the de facto standard when it comes to container orchestration and management at scale, but adoption is only one piece of Kubernetes strategy. Security plays a huge role in…

Read more →

This article has been indexed from Red Hat Security Red Hat is excited to announce that Red Hat Advanced Cluster Security for Kubernetes is now available as an open source project: StackRox. Read the original article: Red Hat releases open…

Read more →

This article has been indexed from Red Hat Security Are your edge computing systems secure? A simple question with a potentially complicated answer. This is because many engineering teams combine Red Hat Enterprise Linux with decoupled applications thanks to containerization…

Read more →

This article has been indexed from Red Hat Security After extensive testing on RHEL 8.2, 8.4, 8.6 and 9 using the SAP HANA validation test suite, Red Hat’s engineering team concluded that SELinux can run in Enforcing mode with minimal…

Read more →

This article has been indexed from Red Hat Security Supply chain disruptions, intellectual property theft and the rising cost of data breaches are among the top reasons for a drastic increase in global focus on cybersecurity compliance.  Read the original…

Read more →

This article has been indexed from Red Hat Security A recent survey provides insight into how 5G networks may evolve as operators and the wider mobile ecosystem continue to invest in 5G technology. This article discusses some of the findings…

Read more →

This article has been indexed from Red Hat Security Many organizations are apprehensive about the security of edge deployments. As data becomes more and more valuable, security threats create increasingly serious concerns. No organization wants to be in the news…

Read more →

This article has been indexed from Red Hat Security How do you determine if your Red Hat Enterprise Linux (RHEL) infrastructure is compliant with security standards? This post will walk through how Red Hat Insights can help you apply security…

Read more →

This article has been indexed from Red Hat Security No matter where you are in your hybrid cloud journey, security is a primary concern. In this post, we’ll look at tips and products that can help with deploying a security-focused…

Read more →

This article has been indexed from Red Hat Security We surveyed nearly 1,300 IT decision makers at medium to large enterprises worldwide about the state of enterprise open source. Learn more about some of the key takeaways. Read the original…

Read more →

This article has been indexed from Red Hat Security Users are perhaps more vulnerable to cybersecurity attacks than ever before. The answer to this increased risk? A self-sovereign identity (SSI)—especially for the financial services sector. Learn more. Read the original…

Read more →

This article has been indexed from Red Hat Security Consuming enterprise open source through a vendor like Red Hat meets the goal of minimizing the risk of using software in general, while affording the many benefits that only open source…

Read more →

This article has been indexed from Red Hat Security Regulatory requirements and consumer privacy concerns drive financial institutions to consider more privacy-friendly policies and development considerations in the new world of open banking. What steps can software developers take to…

Read more →

This article has been indexed from Red Hat Security If you are using Red Hat Enterprise Linux (RHEL), you can use Red Hat Insights to find out what systems are exposed, and to what extent. See how to find and…

Read more →

This article has been indexed from Red Hat Security You can use a built-in tool to get update the kernel on RHEL systems with no downtime. That tool is live kernel patching (kpatch). Kpatch has been a part of our…

Read more →

This article has been indexed from Red Hat Security The Security Data and Pyxis APIs are powerful services that can be used to gather useful security-related information programmatically. In this post, get a look at how to collect security data…

Read more →

This article has been indexed from Red Hat Security The Security Data and Pyxis APIs are powerful services that can be used to gather useful security-related information programmatically. In this post, get a look at how to collect security data…

Read more →

This article has been indexed from Red Hat Security Red Hat Product Security is committed to providing tools and security data to help you better understand security threats. In this post, we cover how the Security Data API can be…

Read more →

This article has been indexed from Red Hat Security From its inception in 2001, the Product Security team has been focused on providing Red Hat’s customers value in a wide-variety of ways. Let’s take a look at how Product Security…

Read more →

This article has been indexed from Red Hat Security Protecting sensitive data is vital in healthcare due to the nature (and value) of personal health information. In this post, we outline some strategies for dealing with four high priority types…

Read more →

This article has been indexed from Red Hat Security From its inception in 2001, the Product Security team has been focused on providing Red Hat’s customers value in a wide-variety of ways. Let’s take a look at how Product Security…

Read more →

This article has been indexed from Red Hat Security A new U.S government directive requires federal agencies to patch known Common Vulnerabilities and Exposures (CVEs). Learn how Red Hat Insights can help you more easily triage and manage CVEs that…

Read more →

This article has been indexed from Red Hat Security Veeam recently released a new feature called Immutable Repository, which uses Linux as the backup target. In this post, we validate this setup by testing it with Red Hat Enterprise Linux.…

Read more →

This article has been indexed from Red Hat Security Maintaining security for Linux systems can be a complex task, especially as your number of servers and applications increases. In this post, we show you how to harden your Linux systems…

Read more →

This article has been indexed from Red Hat Security Sysadmins trying to keep watch over tens, hundreds, or thousands of systems need tools to help keep them in compliance with policies and security standards. In this post, we’ll look at…

Read more →

This article has been indexed from Red Hat Security Results from Red Hat’s annual Global Tech Outlook survey are in, and as in years past we explore what the data reveals about the current state of cloud and organizations’ cloud…

Read more →

This article has been indexed from Red Hat Security DSE wants to make sure that their DevSecOps vision is working across the company – to demonstrate, quantifiably, that the changes were having the desired effect. Let’s take a look at…

Read more →

This article has been indexed from Red Hat Security Liz Rice, Chief Open Source Officer at Isovalent, has a few thoughts on core DevSecOps technologies that can help address these concerns. She joins Red Hat Chief Technology Officer Chris Wright…

Read more →

This article has been indexed from Red Hat Security Host firewalls play a key role in a defense-in-depth strategy, and they often close gaps in critical network infrastructure. This post covers some potential scenarios where a host firewall could reduce…

Read more →

This article has been indexed from Red Hat Security Technologies come and go, but one concept has remained at the forefront of IT conversations for decades: Security. While security remains a perennial top priority for IT departments, what it means…

Read more →

This article has been indexed from Red Hat Security When it comes to adopting DevSecOps, organizations sometimes focus on overarching goals like improving business agility or digital transformation. Such a broad scope can make DevSecOps adoption difficult. Instead, companies might…

Read more →

This article has been indexed from Red Hat Security DevSecOps is an approach to software development and deployment that takes full advantage of the agility and responsiveness of DevOps, but also makes security a shared responsibility that is integrated into…

Read more →

This article has been indexed from Red Hat Security Runtime analysis consists of security methods to help maintain cluster security hygiene. These methods help you enforce policies, identify behavioral risk, and provide mitigation for running workloads. Read the original article:…

Read more →

This article has been indexed from Red Hat Security This is one story of how Red Hat Insights created a new recommendation to address a high impact vulnerability that might affect Red Hat customers. Red Hat Insights does this regularly…

Read more →

This article has been indexed from Red Hat Security This post explores implementing DevSecOps principles to improve Kubernetes security analysis and remediation across the full development life cycle. Read the original article: Applying DevSecOps practices to Kubernetes: security analysis and…

Read more →

This article has been indexed from Red Hat Security Network Bound Disk Encryption (NBDE) can help organizations improve security by removing barriers to disk encryption. In this post learn how to use NBDE System Roles to implement high availability and…

Read more →

This article has been indexed from Red Hat Security We’ve discussed ways for you to build a DevSecOps culture and start introducing DevSecOps practices to your development workflows. This post expands on this topic and explores how you could apply…

Read more →

This article has been indexed from Red Hat Security The concept of distroless is a popular idea in the world of containers – but its also poorly understood. Read about some common fallacies of distroless as well as some of…

Read more →

This article has been indexed from Red Hat Security Network controls and segmentation methods allow you to control, segregate, and visualize Kubernetes traffic. These methods help you isolate tenants and better secure communications flows between containerized applications and microservices.   …

Read more →

This article has been indexed from Red Hat Security DevSecOps helps organizations secure their software environments with greater speed and at a larger scale – but implementing it can be a challenge. Learn more about how to succesfully navigate your…

Read more →

This article has been indexed from Red Hat Security In July, Red Hat brought together a group of security experts, partners, and industry peers to discuss some of the hybrid cloud security problems organizations face and solutions to tackle those…

Read more →

This article has been indexed from Red Hat Security Security is at the top of mind for our customers, and understanding the language and practices around security is vital for teams delivering applications and managing infrastructure. Understanding how Red Hat…

Read more →

This article has been indexed from Red Hat Security Adopting DevSecOps in your organization is all about introducing security into your development process as early as possible. Shifting left means introducing security as far to the left in this software process…

Read more →

This article has been indexed from Red Hat Security There are two methods commonly used to agree on shared secrets: have one party use some long-term asymmetric key to encrypt the secret and send it to the owner of the…

Read more →

This article has been indexed from Red Hat Security Red Hat Enterprise Linux (RHEL) has offered the ability to encrypt disks for many years, but the network bound disk encryption (NBDE) functionality, which can automatically unlock volumes by utilizing one…

Read more →

This article has been indexed from Red Hat Security Data controls help protect data integrity and prevent unauthorized data disclosure for stored data and data in motion. In this post we’ll dive deeper into the concepts of data controls and…

Read more →

This article has been indexed from Red Hat Security Sigstore is an open source project originally conceived and prototyped at Red Hat and now under the auspices of the Linux Foundation with backing from Red Hat, Google and other IT…

Read more →

This article has been indexed from Red Hat Security Sigstore is an open source project originally conceived and prototyped at Red Hat and now under the auspices of the Linux Foundation with backing from Red Hat, Google and other IT…

Read more →

This article has been indexed from Red Hat Security June is application analysis month in the Red Hat’s monthly Security series! Beginning in March 2021, the Red Hat Security Ecosystem team has provided an introduction to a DevOps Security topic…

Read more →

This article has been indexed from Red Hat Security Read the original article: Identity and access in the DevSecOps life cycle

Read more →

This article has been indexed from Red Hat Security Read the original article: Identity and access in the DevSecOps life cycle

Read more →

This article has been indexed from Red Hat Security Kubernetes is a robust yet complex infrastructure system for container orchestration, with multiple components that must be adequately protected. In order to know how to more effectively secure your Kubernetes environments,…

Read more →

This article has been indexed from Red Hat Security What is Policy-Based Decryption? Read the original article: Network-Bound Disk Encryption improvements in RHEL 8

Read more →

This article has been indexed from Red Hat Security As organizations are adopting agile and DevOps to improve their processes and products at breakneck speed, security considerations may be left in the dust and digital risks left unmanaged. Therefore, organizations…

Read more →

This article has been indexed from Red Hat Security As organizations are adopting agile and DevOps to improve their processes and products at breakneck speed, security considerations may be left in the dust and digital risks left unmanaged. Therefore, organizations…

Read more →

This article has been indexed from Red Hat Security As a Product Manager at Red Hat, I speak with customers to understand the challenges they seek to address and recommend Red Hat technologies that can help maximize efficiency and productivity…

Read more →

This article has been indexed from Red Hat Security Read the original article: DevSecOps compliance: Make your auditor's job easier!

Read more →

Red Hat publishes security data using the Open Vulnerability and Assessment Language (OVAL). Depending on what you have installed, according to the Red Hat and OVAL compatibility FAQ, you’ll need to scan streams for all products installed on your system.…

Read more →

Red Hat publishes security data using the Open Vulnerability and Assessment Language (OVAL). Depending on what you have installed, according to the Red Hat and OVAL compatibility FAQ, you’ll need to scan streams for all products installed on your system.…

Read more →

Read the original article: Compliance clarity with Red Hat Insights Why audits aren’t enough Read the original article: Compliance clarity with Red Hat Insights

Read more →

Read the original article: Combating security challenges with cloud-native AI-driven architecture Network security in modern datacenters is primarily focused on the inbound/outbound packet flow, often referred to as north-south traffic. Read the original article: Combating security challenges with cloud-native AI-driven…

Read more →

Read the original article: Shifting left: Davie Street Enterprises implements DevSecOps   Become a supporter of IT Security News and help us remove the ads. Read the original article: Shifting left: Davie Street Enterprises implements DevSecOps

Read more →

Read the original article: Reflections on 2020 security vulnerabilities What can be said about 2020 that hasn’t been said already? It definitely was a year where things happened and there certainly were several of those things that involved security. Looking…

Read more →

Read the original article: Reflections on 2020 security vulnerabilities What can be said about 2020 that hasn’t been said already? It definitely was a year where things happened and there certainly were several of those things that involved security. Looking…

Read more →

Read the original article: Red Hat Risk Report: A tour of 2020's branded security flaws An article from December 2020 reported that 2020 had a record high number of CVEs reported for the fourth year in a row (yet another…

Read more →

Read the original article: Red Hat Risk Report: A tour of 2020's branded security flaws An article from December 2020 reported that 2020 had a record high number of CVEs reported for the fourth year in a row (yet another…

Read more →

Read the original article: Defense in depth with Red Hat Insights Vulnerability and patch management can be time-consuming and painful. Standard practices for vulnerability management rely on scanning for vulnerabilities and rescanning to confirm that patches have been applied. Unfortunately,…

Read more →

Read the original article: Defense in depth with Red Hat Insights Vulnerability and patch management can be time-consuming and painful. Standard practices for vulnerability management rely on scanning for vulnerabilities and rescanning to confirm that patches have been applied. Unfortunately,…

Read more →

Read the original article: Introducing Red Hat Vulnerability Scanner Certification As container and Kubernetes adoption in production has grown, concerns regarding container security, monitoring, data management and networking remain. In order to address these challenges, organizations must lay a secure…

Read more →

Read the original article: Understanding Multipath TCP: High availability for endpoints and the networking highway of the future The days when you used a horse and buggy to travel to town along a dusty, wheel-rutted path are gone. Today’s roadways…

Read more →

Read the original article: Understanding Multipath TCP: High availability for endpoints and the networking highway of the future The days when you used a horse and buggy to travel to town along a dusty, wheel-rutted path are gone. Today’s roadways…

Read more →

Read the original article: DISA Has Released the Red Hat Enterprise Linux 8 STIG We are pleased to announce that, in collaboration with Red Hat, the Defense Information Systems Agency (DISA) has published a Secure Technical Implementation Guide (STIG) for…

Read more →

Read the original article: STIG Security Profile in Red Hat Enterprise Linux 7 Red Hat has recently updated the Red Hat Enterprise Linux (RHEL) 7 Security Technical Implementation Guide (STIG) Profile to include more coverage of automated content and improve…

Read more →

Read the original article: STIG Security Profile in Red Hat Enterprise Linux 7 Red Hat has recently updated the Red Hat Enterprise Linux (RHEL) 7 Security Technical Implementation Guide (STIG) Profile to include more coverage of automated content and improve…

Read more →

Read the original article: Considering privacy in a work from home world Data Privacy Day is a celebrated reminder of how to protect your privacy and draw awareness on how to stay safe in a digital world. With a new…

Read more →

Read the original article: Implementing the ACSC "Essential Eight" baseline for security automation in Red Hat Enterprise Linux Achieving compliance with a security policy and maintaining compliance can be tedious. At Red Hat, we believe that such things should be…

Read more →

Read the original article: Using OpenSCAP to help achieve HIPAA compliance with Red Hat Enterprise Linux 8.3 Tracking and controlling activities across a large environment is challenging in any IT environment. Adding requirements like HIPAA compliance makes life even more…

Read more →

Read the original article: SCAP Security Guide: helping you to achieve security policy compliance All of us have highly sensitive and valuable assets, such as payment and financial information, health data, and classified information, that need protection. The SCAP Security…

Read more →

Read the original article: Public-Key Cryptography Standard (PKCS) #11 v 3.0 has been released: What is it, and what does it mean for RHEL? OASIS has announced that its members have approved Version 3.0 of the Public-Key Cryptography Standard (PKCS)…

Read more →

Read the original article: Center for Internet Security (CIS) compliance in Red Hat Enterprise Linux using OpenSCAP The CIS (Center for Internet Security) produces various cyber security related services. In particular, it produces benchmarks, which are “configuration guidelines for various…

Read more →

Read the original article: Public-Key Cryptography Standard (PKCS) #11 v 3.0 has been released: What is it, and what does it mean for RHEL? OASIS has announced that its members have approved Version 3.0 of the Public-Key Cryptography Standard (PKCS)…

Read more →

Read the original article: Center for Internet Security (CIS) compliance in Red Hat Enterprise Linux using OpenSCAP The CIS (Center for Internet Security) produces various cyber security related services. In particular, it produces benchmarks, which are “configuration guidelines for various…

Read more →