Security

OSS NEWS

New Cloud Cybersafety, Malware Miseries, Snap Snafus Lavish Linux

Linux security

The power of open-source software and the flexibility of Linux computing consume a significant share of news space each month.

Increasing numbers of technical jobs continue to go unfilled due to a lack of Linux skills. Many of those vacant jobs no doubt make it more difficult to stem the tide of cyberattacks by digital criminals who do not lack the needed skills.

Read on to discover new efforts to make learning Linux more accessible to non-English speaking job applicants. The Linux Foundation and edX are redoubling technical training opportunities globally.

New developments this month include a key acquisition to bolster and expand cloud computing. Keeper Security takes a big step toward integrating better security and cloud encryption architecture.

Also significant is StormForge’s release this month of a new solution for cloud environments with machine learning.

If you are a Snap package user, be sure to check out the potential vulnerability issue discovered this month. It is a privileged escalation thing.

Keeper Acquires Glyptodon for Zero-Trust Remote Access

Keeper Security earlier this month announced its acquisition of Glyptodon, creator of Glyptodon Enterprise, and Apache Guacamole, the open-source platform millions use to access remote desktops.

This acquisition enhances Keeper Security’s cybersecurity platform to protect organizations in the public and private sectors even more effectively. Keeper will integrate Glyptodon Enterprise into its zero-trust and zero-knowledge security and encryption architecture, resulting in a highly secure, agentless remote access platform without the need for a VPN.

“In today’s changing work environment with distributed technical teams and compute resources residing in the cloud or in a remote location, it is vital that enterprises can securely and quickly connect with those systems,” said Darren Guccione, CEO and co-founder of Keeper Security.

“Acquiring Glyptodon is an important component of our go-forward strategy as we unify essential privileged access management features into our cybersecurity platform to protect organizations in the public and private sectors,” he added.

Keeper will continue to support the open-source Apache Guacamole project while also advancing the capabilities of its fully-supported commercial version.

Alongside the public announcement, Keeper has integrated Glyptodon and Keeper Secrets Manager, providing encrypted vault storage of access credentials. In the coming months, Keeper Security plans to enhance Glyptodon and integrate advanced capabilities into the Keeper Enterprise platform.

First ML Tool for Kubernetes

Kubernetes is complex and has no lack of vendors racing to see who can have a real impact on this. But the gush of tools has only widened its complexity gap. Even worse is the amount of data enterprises collect that remains untapped from a lack of intelligent optimization platforms.

Cambridge, Mass.-based StormForge is pulling ahead in the race to address both these concerns. The company on Wednesday announced StormForge Optimize Live, a new solution for automatically and intelligently improving the efficiency of production of cloud environments.

Optimize Live analyzes existing observability data using machine learning to recommend real-time configuration changes that reduce resource usage and cost while ensuring application performance.

The new solution is part of the StormForge platform, which now closes the loop between pre-production and production optimization to proactively and continuously ensure peak efficiency for organizations using Kubernetes.

It is the first machine learning solution to intelligently improve app performance and cost-efficiency in cloud-native production environments — and support modern architecture and operations requirements — by going a level deeper to draw performance insights on all the data collected, informing and optimizing cloud-native environments.

“StormForge informs, optimizes, and operates throughout the entire cloud-native development cycle for both developers and operations managers who require an intelligent and comprehensive platform that maximizes their returns on Kubernetes investments. This is how we all realize the promise of Kubernetes and cloud-native,” said Matt Provo, CEO and founder of StormForge.

Cloud and cloud-native technologies have changed the way enterprises manage resources. This creates an opportunity for innovative performance and optimization solutions, according to Joe Daly, director of community at FinOps Foundation.

“StormForge is among a very select group of companies innovating to deliver to developers, operations managers, and finance teams modern, intelligent solutions that give FinOps practitioners insights into their environments that allow them to take their practice to the next level,” he said.

Oh, Snap! More Critical Vulnerabilities Found

Qualys Research Team discovered multiple vulnerabilities in the snap-confine function on Linux operating systems. The most important of which can be exploited to escalate privilege to gain root privileges.

Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu.

The Qualys Research Team confirmed the vulnerability. Then, it engaged in responsible vulnerability disclosure and coordinated with both vendor and open-source distributions in announcing this newly discovered flaw.

Snap is a software packaging and deployment system used in Linux distributions. Its packages make it easy to install applications with all their dependencies included to run on all major Linux distributions.

Snap has become reasonably widespread in the Linux world, with a number of major vendors distributing packages using it. While any exploit that can give root access is problematic, being a local exploit reduces the risk somewhat, noted Mike Parkin, engineer at Vulcan Cyber.

“But even considering this is a local exploit, patching vulnerable systems should be a priority,” he told LinuxInsider.

This discovery is both very widespread and very dangerous. It enables cybercriminals to escalate their privileges to gain root access, added Bud Broomhead, CEO at Viakoo.

“With that access, threat actors can distribute malware, plant deepfakes, move laterally within corporate networks, and many other forms of being compromised,” he told LinuxInsider.

Free Linux Intro Training Available in Spanish

The Linux Foundation’s extremely popular Introduction to Linux online course, with over one million English-speaking individuals enrolling around the world. Now, Spanish-speaking students can join the online program.

The Universitat Politècnica de València translated the course materials into Spanish and is now available to take on the edX learning platform for free. The course consists of approximately 60 hours of materials, including videos and hands-on lab assignments.

English- and Spanish-speaking learners can audit the course free for 14 weeks with access to all course materials. Students can choose to upgrade to the verified track for US$49 to get unlimited access to materials, additional graded exams and assignments, and a verified certificate of completion.

The 2021 Open Source Jobs Report from Linux Foundation Research and edX found that 92 percent of employers are struggling to find enough talent with open-source technology skills.

Linux is the most in-demand skill next to cloud computing. The introduction to learning Linux course is a step towards closing the talent gap in the market.

Introduction to Linux is designed for experienced computer users with limited or no previous exposure to Linux. It acquaints them with the various tools and techniques commonly used by Linux system administrators and end-users to work in a Linux environment.

“We strive to make quality open source training accessible to anyone who wants it, anywhere, anytime, but with most technical discussions and documentation being primarily in English, it can be hard for those who do not speak the language to get started,” said Linux Foundation senior vice president and general manager, training and certification Clyde Seepersad.

Linux Malware Sees 35% Growth

Despite the increased security the Linux OS provides, the computing platform is no longer out of the crosshairs of malicious attackers looking for a quick payday. Malware infections targeting Linux devices rose by 35 percent last year compared to 2020, according to several reports.

One of the most common attack vectors sought to enslave IoT devices for DDoS (distributed denial of service) attacks. The CrowdStrike 2022 Global Threat Report highlights these key malware attack findings targeting Linux:

  • XorDDoS, Mirai, and Mozi were the most prevalent malware families, accounting for 22 percent of all Linux-targeting malware attacks observed in 2021.
  • Mozi had explosive growth, with 10 times more samples circulating in the wild compared to the previous year.
  • XorDDoS also had a notable year-over-year increase of 123 percent.

Various cybersecurity reports confirm an ongoing trend toward attacking Linux computers that emerged in previous years.

Cloud Security May Rain on Business Enthusiasm

Malware is not the only problem lurking around Linux security. Cybercriminals are stepping up their efforts to target Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks, and other illicit activity, according to industry reports.

Businesses and organizations increasingly hesitate to trust the security of cloud data storage to avoid potential attacks. In some cases, the attack threshold happens because IT workers misconfigured hardware and software settings. For a variety of reasons, cybersecurity researchers report malware aimed at Linux-based systems more frequently.

Reports warn that ransomware is evolving and now aims at Linux host images used to spin up workloads in virtualized environments. Attacking cloud environments — which predominantly are powered by Linux platforms — lets attackers grab information from servers they encrypt and then threaten to publish unless the companies involved pay a ransom.

Adding insult to injury, even organizations that pay to regain access to their encrypted files worry about double jeopardy. They often end up paying twice to prevent the publication of stolen content.

Cryptojacking events against Linux computers further exacerbate cloud and on-premises storage. Even if files are left intact, cryptojacking malware steals processing power from CPUs and servers to mine for cryptocurrency. 

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Security

LinuxInsider Channels