Linux

While not nearly commonly seen on Linux systems, library (shared object files on Linux) injections are still a serious threat. On interviewing Jaime Blasco from AT&T’s Alien Labs, I’ve become more aware of how easily some of these attacks are conducted.In this post, I’ll cover one method of attack and some ways that it can be detected. I’ll also provide some links that will provide more details on both attack methods and detection tools. First, a little background. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ]
Shared library vulnerability
Both DLL and .so files are shared library files that allow code (and sometimes data) to be shared by various processes. Commonly used code might be put into one of these files so that it can be reused rather than rewritten many times over for each process that requires it. This also facilitates management of commonly used code.To read this article in full, please click here READ MORE HERE…

Four vulnerabilities were publicly disclosed related to Intel microprocessors. These vulnerabilities allow unprivileged attackers to bypass restrictions to gain read access to privileged memory. They include these common vulnerabilities and exposures (CVEs):
CVE-2018-12126 – a flaw that could lead to information disclosure from the processor store buffer
CVE-2018-12127 – an exploit of the microprocessor load operations that can provide data to an attacker about CPU registers and operations in the CPU pipeline
CVE-2018-12130 – the most serious of the three issues and involved the implementation of the microprocessor fill buffers and can expose data within that buffer
CVE-2019-11091 – a flaw in the implementation of the “fill buffer,” a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache

[ Also read: Linux hardening: a 15-step checklist for a secure Linux server ]
Red Hat customers should update their systems
Security updates will degrade system performance, but Red Hat strongly suggests that customers update their systems whether or not they believe themselves to be at risk.To read this article in full, please click here READ MORE HERE…

Building and deploying lightweight apps is becoming an easier and more reliable process with the emergence of unikernels. While limited in functionality, unikernals offer many advantages in terms of speed and security.What are unikernels?
A unikernel is a very specialized single-address-space machine image that is similar to the kind of cloud applications that have come to dominate so much of the internet, but they are considerably smaller and are single-purpose. They are lightweight, providing only the resources needed. They load very quickly and are considerably more secure — having a very limited attack surface. Any drivers, I/O routines and support libraries that are required are included in the single executable. The resultant virtual image can then be booted and run without anything else being present. And they will often run 10 to 20 times faster than a container.To read this article in full, please click here READ MORE HERE…

According to Imperva research, a container flaw reported last month (CVE-2019-5736) in Docker’s remote API has already been taken advantage of by hundreds of attackers.Imperva claims that they were able to locate 3,822 Docker hosts with the remote API (port 2735) publicly exposed. Of these, approximately 400 were accessible, and most of these were running a cryptocurrency miner for a lesser-known form of cryptocurrency called Monero. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ]
Monero (ticker symbol XMR) is an open-source cryptocurrency that was created in April 2014. It focuses on fungibility (individual units are essentially interchangeable), privacy, and decentralization. It also takes advantage of an obfuscated public ledger. That means anyone can broadcast or send transactions, but outside observers cannot tell the source, amount, or destination of the funds.To read this article in full, please click here READ MORE HERE…

There’s a new Linux security tool you should be aware of — Cmd (pronounced “see em dee”) dramatically modifies the kind of control that can be exercised over Linux users. It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems.Provided by a company of the same name, Cmd focuses on cloud usage. Given the increasing number of applications being migrated into cloud environments that rely on Linux, gaps in the available tools make it difficult to adequately enforce required security. However, Cmd can also be used to manage and protect on-premises systems.To read this article in full, please click here READ MORE HERE…

Red Hat announced a vulnerability this morning – one that can be exploited if a user runs malicious or modified containers. The flaw in runC (a lightweight portable container runtime) and Docker that this vulnerability exposes allows an attacker to escape a container and access the underlying file system. That might sound bad, but there’s more.The good news is that this vulnerability cannot be exploited if SELinux is enabled and that this is the default on Red Hat systems. To check whether your Red Hat system is enforcing SELinux, use one of the following commands:$ /usr/sbin/getenforce
Enforcing <==

$ sestatus
SELinux status: enabled <==
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

[ Read also: Linux hardening: A 15-step checklist for a secure Linux server ]
This vulnerability also requires local access to the system. Affected Red Hat systems include:To read this article in full, please click here READ MORE HERE…

If you’re contemplating a career in cybersecurity and haven’t come up to speed on Linux, now’s the time to get ramped up and here’s one easy way to do it. This new book from No Starch Press was written with people like you in mind. Authored by OccupyTheWeb, Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali provides everything from basic Linux command-line skills through to scripting, manipulating logging, network scanning, using and abusing system services, and remaining stealthy in the process.Why Linux is important to security
Because Linux is open source, tool developers (and you) have a level of access that is unsurpassed. Linux is transparent, and that means you can learn to manipulate it in ways that are not possible with most OSes. In addition (and undoubtedly for the reason just mentioned), most cybersecurity tools are written to run on Linux.To read this article in full, please click here READ MORE HERE…

If you’re contemplating a career in cybersecurity and haven’t come up to speed on Linux, now’s the time to get ramped up and here’s one easy way to do it. This new book from no starch press was written with people like you in mind. Authored by OccupyTheWeb, the force behind Hackers-Arise, Linux Basics for Hackers provides everything from basic Linux command line skills through to scripting, manipulating logging, network scanning, using and abusing system services, and remaining stealthy in the process.Why Linux?
Because Linux is open source, tool developers (and you) have a level of access that is unsurpassed. Linux is transparent and this means that you can learn to manipulate it in ways that are not possible with most OSes. In addition (and undoubtedly for the reason just mentioned), most cybersecurity tools are written to run on Linux.To read this article in full, please click here READ MORE HERE…

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable, thus flaws or vulnerabilities associated with these processes will be more difficult to exploit.ASLR is used today on Linux, Windows, and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each one.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here READ MORE HERE…

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable and, thus, flaws or vulnerabilities associated with these processes will be more difficult to exploit. ASLR is used today on Linux, Windows and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each OS.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here READ MORE HERE…