Subterms
Image: Getty Images/iStockphoto A joint research effort has led to the discovery of Symbiote, a new form of Linux malware that is “almost impossible” to detect. On Thursday, researchers from BlackBerry Threat Research & Intelligence team, together with Intezer security researcher Joakim Kennedy, published a blog post on the malware – dubbed Symbiote because of […] More
The United States Cybersecurity and Infrastructure Agency (CISA) has added 36 new flaws to its catalog of vulnerabilities that are known to be exploited by cyber criminals. The CISA alert warns that the vulnerabilities are a frequent attack vector for malicious attackers and pose “significant risk”. Organisations, particularly those associated with federal government, are urged […] More
Image: Getty Images/iStockphoto Poor identity, access and credential management is the biggest cybersecurity challenge for cloud computing, after the shift to remote working has redefined the workplace and changed priorities around the use of cloud applications and services, warns new research. Special Feature According to a survey of 700 industry experts on security issues in […] More
By Jiap — Shutterstock It has been a totem of the cryptocurrency community that the numeric addresses of Bitcoin and other wallets will protect the identity of those using them to buy and sell. A new paper, released this week by researchers at Baylor College of Medicine and Rice University, has shattered that presumed anonymity. […] More
Image: Dzelat/Shutterstock The US is warning that hackers working for China have been exploiting publicly known flaws in network devices as part of broader attacks to steal and manipulate network traffic. The National Security Agency (NSA), Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have listed 16 flaws in network […] More
Google’s Android security updates for June 2022 fix 41 vulnerabilities, including five classed as critical. The updates, for the Android operating system versions 10, 11 and 12, have been detailed in Google’s Android Security Bulletin. Among the most severe security vulnerabilities receiving updates is CVE-2022-20130, a vulnerability in Android’s Media Framework that could lead to […] More
Security is a primary consideration of Linux and open-source software today. So when European Linux giant SUSE released the SUSE Linux Enterprise 15 Service Pack 4 (SLE 14 SP4) it came as no surprise that it incorporated top security features.
ZDNet Recommends
This included a Supply chain Levels for Software Artifacts (SLSA) Level 4 compliance. SLSA, pronounced “salsa,” is an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain.” Started by Google, SLSA is now a Linux Foundation project.With SLSA Level 4 compliance, SUSE claims that its code has been given a two-person review of all changes and uses a hermetic, reproducible build process. This is the highest level of SLSE compliance — it means you can have a high degree of confidence that its software hasn’t been touched by hackers.SLE 15 SP4 also supports confidential computing if you’re running on AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) CPUs. What’s that? Instead of just encrypting data when it’s at rest in storage or on the network, it’s also encrypted in memory or CPU registers. This is important if you’re running processes with sensitive data on the cloud. SLE 15 SP4 is the first Linux distribution to support this. Today, you can use this to isolate virtual machines (VM) on the Google Cloud. You can expect to see it supported on other clouds soon. Speaking of the cloud, SUSE has worked with Nvidia to deliver maximum performance and availability by integrating Nvidia’s recently open-sourced GPU kernel-mode driver. While this won’t help gamers, at least not yet, it enables SLE 15 SP4 cloud and server users to speed up such GPU-accelerated computing jobs as artificial intelligence and machine learning (AI/ML). SUSE has long been a live-patching pioneer. In this latest release, though, SUSE now supports live patching for user-space applications. This means you can update user programs with no downtime. This also means SUSE will live-patch security-critical programs that you might not think of as user-space such as the OpenSSL cryptographic library.The new SLE runs on the Linux kernel 5.14 and systemd version 249. If you run the SLE desktop (SLED), the desktop now uses Gtk4 and GNOME 41 by default for its interface.For managing SLE, while SUSE still supports YaST, it’s moving to the DevOps tool Salt. SUSE Manager Server also now works hand-in-glove with Salt.If you don’t subscribe to SLE, you can still easily and freely try it with openSUSE Leap 15.4. That’s because starting in 2021, SUSE made its community Linux binary compatible with its enterprise offering. If you decide you like SUSE’s take on Linux, the company makes it easy to migrate from openSUSE to SLE.If you elect to use SLES 15, the operating system has a 13-year life cycle, with 10 years of General Support and three years of Extended Support. Version SP3 will be fully maintained and supported until six months after the release of SLES 15 SP4. So, you’ll have until December 2022 to move from SP3 to SP4. The migration is simple and straightforward.So, if you’re considering a serious Linux for your business, I urge you to remember that it’s not just Canonical Ubuntu or Red Hat Enterprise Linux (RHEL). SUSE and SLE are also well worth your time.As SUSE CEO Melissa Di Donato said at the SUSECon keynote, “From our business-critical Linux … we are on course to becoming the most trusted and most secure open-source infrastructure provider in the market.”Related Stories: More
Apple has debuted a new mobile tool to wrestle away control in coercive, domestic violence situations — but timing is crucial if you have to use this feature. The feature, Apple Safety Check, has been designed to help tackle domestic abuse and intimate partner violence (IPV). Apple has worked with organizations, including the National Network To End Domestic Violence (NNEDV) and the National Center for Victims of Crime (NCV) to design this new feature.Read on: How to find and remove spyware from your phoneSafety Check is making its debut in iOS 16, the next upgrade to Apple’s mobile operating system. iOS 16 is in beta and is expected to become widely available in the fall. What is domestic abuse or IPV? More
