Security News

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and Cloud Native Computing Foundation, which builds sustainable ecosystems for cloud native software, announced a new certification, the Certified Kubernetes Security Specialist is in development. CKS will consist of a performance-based certification exam testing competence across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.

Boffins in Microsoft Research has pulled the covers off Project Freta, a free service aimed at spotting memory malfeasance. The project kicked off two years ago, partially in response to existing malware sensors being evaded as malicious code gained the ability to spot when it was being observed and self-destruct to prevent discovery.

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine snapshots, with capabilities to spot malicious software, kernel rootkits, and other stealthy malware techniques such as process hiding.

Each supercomputer deployment powered by Red Hat Enterprise Linux uses hardware that can be purchased and integrated into any datacenter, making it feasible for organizations to use enterprise systems that are similar to those breaking scientific barriers. Regardless of the underlying hardware, Red Hat Enterprise Linux provides the common control plane for supercomputers to be run, managed and maintained in the same manner as traditional IT systems.

In contrast, a high-end GPU might have 2000 to 5000 cores, but they aren't each able to run completely different instructions at the same time. Servers fitted with GPUs probably need two sets of patches, covering both the NVIDIA GPU drivers that control the actual hardware in the physical system, and the NVIDIA vGPU software, which shares out physical GPUs between guest operating systems running under virtualisation software from vendors including Citrix, Red Hat and VMWare.

Microsoft has added support for Linux and Android to Microsoft Defender ATP, its unified enterprise endpoint security platform. "Adding Linux into the existing selection of natively supported platforms by Microsoft Defender ATP marks an important moment for all our customers. It makes Microsoft Defender Security Center a truly unified surface for monitoring and managing security of the full spectrum of desktop and server platforms that are common across enterprise environments," noted Helen Allas, a principal program manager at Microsoft.

Microsoft has extended its antivirus package for servers - better known the Defender Advanced Threat Protection for servers suite - to Linux as a general availability release. More importantly for admins, it can be controlled through the Microsoft Defender Security Center alongside Windows Server boxen and fleets of PCs. Mind you, this isn't something Microsoft expects to help it break into organizations exclusively using Linux.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

In three posts marked urgent to the Linux kernel mailing list on Tuesday, Anthony Steinhauser points out problems with countermeasures put in place to block Spectre vulnerabilities in modern Intel and AMD x86 microprocessors that perform speculative execution. The Spectre family of flaws involve making a target system speculate - perform an operation it may not need - in order to expose confidential data so an attacker can obtain it through an unprotected side channel.

In three posts marked urgent to the Linux kernel mailing list on Tuesday, Anthony Steinhauser points out problems with countermeasures put in place to block Spectre vulnerabilities in modern Intel and AMD x86 microprocessors that perform speculative execution. The Spectre family of flaws involve making a target system speculate - perform an operation it may not need - in order to expose confidential data so an attacker can obtain it through an unprotected side channel.