security – Page 4 – Learn Linux TV

Enterprise Linux Security Episode 73 – TruffleHog and CVSS version 4.0
In this episode, Jay and Joao will discuss a recent discovery by Truffle Security that has found 4,500 websites that have exposed a very critical directory. In addition, the upcoming Common Vulnerability Scoring System (CVSS) update, which will bring to version 4.0 – along with some important changes you’ll need to understand.

Relevant Articles
Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 73 – TruffleHog and CVSS version 4.0
Enterprise Linux Security Episode 71 – Internet DRM
In this episode, Jay and Joao talk about two recent news developments that may have important implications on the overall industry. First, In response to Microsoft’s recent Azure debacle, a US Senator calls for a probe to look into the matter. Second, our main story is yet another facepalm worthy idea from Google that aims to add “integrity” to our browsers, but it’s oddly lacking in said integrity and almost completely devoid of common sense. Google’s “Web Integrity Protection” seems to protect only their ad dollars while making browsing more tedious for the end-user. Will it pass? What is it exactly? Jay and Joao have all the answers in this episode!

Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
Relevant Articles
⇨

Read more: Enterprise Linux Security Episode 71 – Internet DRM
Enterprise Linux Security Episode 69 – Red Hat vs Enterprise IT
When it comes to Linux in the Enterprise, we have quite a few challenges we have to overcome on a day to day basis to ensure we can depend on our technology. We never thought Red Hat themselves would some day become our opponent, but here we are. In this episode, Jay and Joao will discuss discuss the latest impulsive and irresponsible decision Red Hat has made – as well as how that decision results in the company undermining their own customer base, while alienating the Linux Community at the same time.

Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
Relevant Articles
- Red Hat’s Announcement
- Response from Jeff Geerling (frequent contributor to open-source)
- Red Hat strikes a crushing blow against RHEL downstreams
- Response from Mike McGrath (Red Hat) regarding these changes
- Response from Learn Linux TV
⇨

Read more: Enterprise Linux Security Episode 69 – Red Hat vs Enterprise IT
CrowdSec 1.5 Gains New Features – Exploring Block Lists, Post Exploitation Behavior & More!

CrowdSec is a service that aims to enhance the security of your Linux server – which it does in a very interesting way. Leveraging the power of the very “crowd” it serves, CrowSec is able to build intelligence that benefits every server that has it installed. This service has been discussed on the channel before, but in this tutorial you’ll see some of the new features as of CrowdSec 1.5.

⇨

Read more: CrowdSec 1.5 Gains New Features – Exploring Block Lists, Post Exploitation Behavior & More!
Enterprise Linux Security Episode 67 – No One Else’s Computer
We’ve all heard the cloud referred to as “Someone Else’s Computer”, but what do you do if you find your data is on No One Else’s Computer? In this example, there was a happy ending (data was restored) but it’s still an important consideration all the same. What do you do if your cloud provider all of a sudden doesn’t have your data? In this episode, Jay and Joao discuss a recent situation in which Azure customers found themselves in a bit of a bad situation.

Download Links
- MP3 version
- MP3 version (smaller file size, lower bitrate)
- Ogg version
Relevant Articles
- Azure DevOps Outage in South Brazil
- This typo sparked a Microsoft Azure outage
⇨

Read more: Enterprise Linux Security Episode 67 – No One Else’s Computer
Enterprise Linux Security Episode 66 – Job Security
In this episode, Jay and Joao discuss another form of security, job security! Throughout the series, we’ve advised and educated on enhancing the security of your enterprise network, but in this episode the focus is on YOU. Specifically, how to safeguard yourself from turnover, raise awareness of your importance to your organization, and how to navigate potential “awkward” conversations that System Administrators may find themselves having with their boss. Don’t miss this episode!

Download links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 66 – Job Security
Enterprise Linux Security Episode 64 – FIPS
There are many security certifications that an organization can utilize to prove compliance with one or more standards, and being in compliance can bring additional benefits and opportunities. Federal Information Processing Standard (FIPS) is one of these certifications, and in this episode, Jay and Joao are joined by Nikos from Tuxcare to discuss FIPS and why your organization might consider it.

Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 64 – FIPS
Enterprise Linux Security Episode 61 – The Principle of Least Privilege
With the recent takeover of the “Linus Tech Tips” YouTube channel, what can we learn? In this episode, Jay and Joao will discuss some of the ways you can prevent such an event from happening to you (and it’s not just YouTube that’s a target).

Download Links
- MP3 version
- MP3 version (lower bitrate, smaller size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 61 – The Principle of Least Privilege
Enterprise Linux Security Episode 58 – Tales from the Red Team
Tasks that penetration testers and security analysis perform in order to expose security weaknesses may seem like a mysterious and complicated art. Most of the time, these tasks are considered “secret sauce” and unless you work for a red team, you may not be aware of what it may look like while someone attempts to gain access from the outside. In this episode, Jay and Joao discuss a report released by CISA, that provides a very detailed account at what goes into this type of work. This report is definitely a must-read, and this episode is a must-listen!

Download Links
- MP3 version
- MP3 version (smaller file, lower bitrate)
- Ogg version
Relevant Articles
- CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
- Ticket Granting Tickets (one of the strategies used by CISA)https://learnlinux.link/golden-ticket
⇨

Read more: Enterprise Linux Security Episode 58 – Tales from the Red Team
Enterprise Linux Security Episode 57 – Record Breaking DDoS Attacks
DDoS (Denial of Service) attacks are incredibly common, and apparently, are breaking records. In this episode, Jay and Joao discuss a recent blog post from Cloudflare regarding how popular this attack vector is becoming nowadays, as well as a quick refresher on Denial of Service attacks in general.

Download Links
- MP3 version
- MP3 version (smaller file, lower bitrate)
- Ogg version
Relevant Articles
- Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
⇨

Read more: Enterprise Linux Security Episode 57 – Record Breaking DDoS Attacks
How to Set Up KernelCare Enterprise for Reboot-Free Live Patching

Live patching enables Linux server administrators to benefit from critical security fixes right now, with the flexibility of rebooting later. There are multiple services that facilitate live patching, and in this video Jay goes over how to set up KernelCare Enterprise for this very purpose. This tutorial will go over what KCE is, how to install it, check for patches, and more!

Thanks to TuxCare for sponsoring today’s video.

Check out KernelCare Enterprise here. You can find a list of patches that KCE has available here.

⇨

Read more: How to Set Up KernelCare Enterprise for Reboot-Free Live Patching
Enterprise Linux Security Episode 53 – Digital Twins
By using clever infrastructure engineering strategies to increase reliability, you can minimize disruption and downtime for your organization. Another technique to consider is the concept of Digital Twin – having a full system clone/mirror you can use to test enhancements, perform a root-cause analysis, or more. In this episode, Jay and Joao discuss Digital Twins and how the concept can potentially help your organization.

Download Links
- MP3 version
- MP3 version (smaller file, lower bitrate)
- Ogg version
Relevant Articles
- Digital Twin (Wikipedia article)
- More malicious packages posted to online repository. This time it’s PyPI
⇨

Read more: Enterprise Linux Security Episode 53 – Digital Twins