Blog posts tagged
"Security"

195 posts


ebarretto
18 June 2025

Fixes available for local privilege escalation vulnerability in libblockdev using udisks

Article Ubuntu

Qualys discovered two vulnerabilities in various Linux distributions which allow local attackers to escalate privileges. The first vulnerability (CVE-2025-6018) was found in the PAM configuration. This CVE does not impact default Ubuntu installations because of how the pam_systemd.so and pam_env.so modules are invoked....

ebarretto
18 June 2025


Giulia Lanzafame
10 June 2025

Apache Spark security: start with a solid foundation

Article Data Platform

Everyone agrees security matters – yet when it comes to big data analytics with Apache Spark, it’s not just another checkbox. Spark’s open source Java architecture introduces special security concerns that, if neglected, can quietly reveal sensitive information and interrupt vital functions. Unlike standard software,...

Giulia Lanzafame
10 June 2025


Rawand Benour
5 June 2025

What if your container images were security-maintained at the source?

Article Ubuntu

Software supply chain security has become a top concern for developers, DevOps engineers, and IT leaders. High-profile breaches and dependency compromises have shown that open source components can introduce risk if not properly vetted and maintained. Although containerization has become commonplace in contemporary...

Rawand Benour
5 June 2025


Octavio Galland
30 May 2025

Apport local information disclosure vulnerability fixes available

Article Ubuntu

Qualys discovered two vulnerabilities in various Linux distributions which allow a local attacker with permission to create user namespaces to leak core dumps for processes of suid executables. These affect both apport, the Ubuntu default core dump handler (CVE-2025-5054), and systemd-coredump, the default core dump...

Octavio Galland
30 May 2025


Benjamin Ryzman
9 April 2025

SONiC: The open source network operating system for modern data centers

Networking Networking

Software for Open Networking in the Cloud (SONiC) is an open-source network operating system that has revolutionized data center networking. Originating as a Microsoft-led initiative in the Open Compute Project (OCP) in 2016, SONiC has rapidly gained traction among hyperscalers and switch hardware vendors, including...

Benjamin Ryzman
9 April 2025


Stephanie Domas
24 March 2025

What is Application Security (AppSec)?

Article Hardening

Application security (or AppSec, for short) is a broad term that refers to all of the tools, actions, and processes that an organization uses to protect its applications against vulnerabilities across the entirety of its life cycle. Application security has one objective: to find weaknesses in your applications and...

Stephanie Domas
24 March 2025


Henry Coggill
14 March 2025

What is System Hardening? Essential Checklists from OS to Applications

Article CIS Benchmarks

Hardening a system aims to decrease its exposure to make it difficult to hack, and to lessen the potential collateral damage in the event of a compromise.

Henry Coggill
14 March 2025


Luci Stanescu
28 February 2025

How to conduct a vulnerability assessment

Article Security

The realm of information security is fraught with jargon, as anyone who has come across vulnerability-related terms can tell you. To complicate matters further, some of these terms are used interchangeably or in contexts outside of computing. This can muddy the waters for people looking to learn about vulnerability...

Luci Stanescu
28 February 2025


Canonical
6 February 2025

Canonical achieves ISO/SAE 21434 certification, strengthening automotive cybersecurity standards

Article Automotive

Certified cybersecurity processes to help safeguard next-generation connected vehicles Canonical is proud to announce it has achieved the ISO/SAE 21434 certification for its Security Management System, following an extensive assessment by TÜV SÜD, a globally respected certification provider. This milestone highlights...

Canonical
6 February 2025


João Hellmeister
20 January 2025

A comprehensive guide to NIS2 Compliance: Part 3 – Setting the roadmap and demonstrating NIS2 compliance.

Article Ubuntu

In this third and final part of the series, I’ll provide some tips on how to set up your roadmap and effectively demonstrate compliance without overburdening your teams.  If you’re just joining the fun now, in our two previous editions we covered who NIS2 applies to and what requirements it sets out. Be sure to

João Hellmeister
20 January 2025


João Hellmeister
15 January 2025

A comprehensive guide to NIS2 Compliance: Part 1 – Understanding NIS2 and its scope

Article Ubuntu

The EU NIS2 directive, which calls for strengthening cybersecurity across the European Union, is now active in all member states. Join me for this 3-part blog post series  in which I’ll explain what it is, help you understand if it is applicable to your company and how you can become NIS2 compliant. In this first

João Hellmeister
15 January 2025


eslerm
14 January 2025

Rsync remote code execution and related vulnerability fixes available

Article Hardening

Canonical’s security team has released updates of the rsync packages for all supported Ubuntu releases. The updates remediate CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

eslerm
14 January 2025


Canonical
4 December 2024

Canonical announces Ubuntu Security Research Alliance Program 

Article Canonical announcements

Today, Canonical, the publisher of Ubuntu, announced its new Ubuntu Security Research Alliance Program, a free partnership between Canonical and open source vulnerability scanning organizations. The goal is to ensure vulnerability data is more transparent and standardized, while improving on-platform security for Ubuntu...

Canonical
4 December 2024


eslerm
19 November 2024

Needrestart local privilege escalation vulnerability fixes available

Article Ubuntu

Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, and CVE-2024-11003) and a related issue in libmodule-scandeps-perl (CVE-2024-10224). The vulnerabilities affect Debian, Ubuntu and other Linux distributions....

eslerm
19 November 2024


  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page