When Ransomware attacks begin spreading, how would officials go about finding the source? Most of the time, finding the culprit(s) behind cyber-attacks is a very challenging task. In this episode of Enterprise Linux Security, Joao and Jay discuss some methods that were recently used to de-anonymize ransomware domains.
A “researcher” with a screen name of “Sockpuppets” decides to demonstrate how insecure some specific online resources are, in the worst way possible. You can’t make this stuff up! In this episode, Jay and Joao discuss what this individual wanted to accomplish (and what happened instead).
There are many tools and utilities around security and network management, and in this episode of Enterprise Linux Security, Jay and Joao discuss some of their favorites.
We talk a lot about patching on this podcast, and the reason for that is because a lot of organizations don’t seem to handle this important aspect of security very well. A recent patching report from the Ponemon institute seems to reflect this, and the stats regarding patching definitely don’t look good. In this episode of Enterprise Linux Security, Jay and Joao discuss some of the findings within this report.
Have you considered using a YubiKey? In this complete guide, you’ll learn everything you need in order to get started with these awesome security keys. We’ll go over the differences between the available models, which one you should buy, as well as how to set it up to protect local logon for Linux, macOS, and Windows. In addition, two methods for protecting OpenSSH via YubiKeys are also covered.
The New Year is just beginning, and we already have a few important CVE’s to discuss, this time around Polkit and LUKS. The CVE numbers for these vulnerabilities are CVE-2021-4034 and CVE-2021-4122 respectively. In this episode, Jay and Joao discuss these vulnerabilities.
When creating a deployment image or template for distributing Linux to devices or servers, it’s a good idea to make sure that you reset the host keys for SSH. In this video, I’ll show you an easy method I found for automating this.
You can find the systemd unit file I used in the video here.
TheLog4Shell vulnerability is taking the Internet by storm, and it’s already being used for real-world attacks. In this video, Jay discusses the details around Log4Shell vulnerability in Log4j, and also CrowdSec’s community-based response to the situation.
The Log4Shell vulnerability is making its rounds all over security news sites, and with good reason – it’s quite easy to execute. In this episode, Jay and Joao discuss the vulnerability that exists within log4j, as well as some ways to keep your server safe.
This year, we’ve had a number of interesting security breaches. In this episode of the Enterprise Linux Security podcast, Joao and Jay talk about the worst healthcare breaches of 2021, and some lessons that can be learned from these events. Specifically, this article is discussed.
In this episode of Awesome Linux Tools, the spotlight is on Lynis – a really awesome utility you can use to get a better understanding of the overall security hygiene of your server. In this video, Jay will show you how to install it, and also how to run an audit.