Category: Red Hat Security

You’ve just created a Red Hat Customer Portal account to provision a Red Hat OpenShift cluster. If you’re new to Red Hat Customer Portal, then you probably have a lot of questions, like what other Red Hat portals do you…

Read more →

IBM recently released their 2024 X-Force Cloud Threat Landscape Report.According to IBM, this report “provides a global cross-industry perspective on how threat actors are compromising cloud environments, the malicious activities they’re conducting once inside compromised networks and the impact it’s…

Read more →

Red Hat Insights makes it much easier to maintain and manage the security exposure of your Red Hat Enterprise Linux (RHEL) infrastructure. Included is the Insights malware detection service, a monitoring and assessment tool that scans RHEL systems for the…

Read more →

Most general purpose large language models (LLM) are trained with a wide range of generic data on the internet. They often lack domain-specific knowledge, which makes it challenging to generate accurate or relevant responses in specialized fields. They also lack…

Read more →

TL;DR: All versions of Red Hat Enterprise Linux (RHEL) are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, but are not vulnerable in their default configurations.Red Hat has been made aware of a group of vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177)…

Read more →

Confidential containers are containers deployed within a Trusted Execution Environment (TEE), which allows you to protect your application code and secrets when deployed in untrusted environments. In our previous articles, we introduced the Red Hat OpenShift confidential containers (CoCo) solution…

Read more →

In a previous post-quantum (PQ) article, we introduced the threat that quantum computing presents for any systems, networks and applications that utilize cryptography. In this article, you’ll learn what you can do to assist your organization in achieving crypto-agility with…

Read more →

The Automatic Certificate Management Environment (ACME) protocol allows automated interactions between certificate authorities and your servers. This means you can automate the deployment of your public key infrastructure at a low cost, with relatively little effort. ACME provides automated identifier…

Read more →

Red Hat Identity Management (IdM) is a centralized and comprehensive identity management solution that provides a wide range of features designed to help manage user identities, enforce security policies and facilitate access management. IdM offers a number of tailored and…

Read more →

Red Hat OpenShift sandboxed containers, built on Kata Containers, provide the additional capability to run confidential containers (CoCo). This article continues our previous one, Exploring the OpenShift confidential containers solution and looks at different CoCo use cases and the ecosystem…

Read more →

Red Hat OpenShift sandboxed containers, built on Kata Containers, now provide the additional capability to run confidential containers (CoCo). Confidential Containers are containers deployed within an isolated hardware enclave protecting data and code from privileged users such as cloud or…

Read more →

One of the key components of a container-based architecture is security.There are many facets to it (just have a look at the list of topics in the official OpenShift documentation here), but some of the most basic requirements are authentication…

Read more →

Quay.io is Red Hat’s hosted container registry service that serves enterprise users, open source community projects, and Red Hat customers worldwide. One of the most used features of Quay.io, besides storing and serving container images, is the comprehensive security vulnerability…

Read more →

Red Hat Advanced Cluster Security Cloud Service graduates from limited availability to general availability! This release allows customers to access a fully managed software-as-a-service to help protect their containerized applications across the full application lifecycle in any major cloud environment.…

Read more →

Secure Boot technology is part of Unified Extensible Firmware Interface (UEFI) specification. It is a useful and powerful tool which can be used to improve boot time security of an operating system by only allowing trusted code to be executed…

Read more →

In October 2023, Red Hat Product Security announced the publishing of Vulnerability Exploitability eXchange (VEX) files, in beta form, for every single CVE ID that is recorded in the Red Hat CVE Database. Since then, we have actively collected feedback…

Read more →

Good cyber security practices depend on trustworthy information sources about security vulnerabilities. This article offers guidance around who to trust for this information.In 1999, MITRE Corporation, a US Government-funded research and development company, realized the world needed a uniform standard…

Read more →

In the ever-evolving world of financial services, staying compliant, secure and efficient is paramount. Financial institutions are under constant pressure to manage risks, adhere to regulatory requirements and ensure operational consistency. With the advent of new technologies, the complexity of…

Read more →

If you want to know what post-quantum cryptography is or why any one will care, see part 1 of my series.On August 24, 2023 the National Institute of Standards and Technology (NIST) published its first draft of post-quantum algorithms. The…

Read more →

In today’s networked digital world, application programming interface (API) security is a crucial component in safeguarding private information and strengthening the integrity of online transactions. The potential for attack has increased dramatically as a result of the growing use of…

Read more →

The State of Kubernetes Security for 2024 report shows us that as the popularity of Kubernetes grows, the more important security planning and tooling becomes. Our annual report examines some of the most common cloud-native security challenges and business impacts…

Read more →

Today we’re excited to announce a new mechanism for admins to safely and easily customize an operating system deployment with highly refined needs while taking full advantage of the automation and power provided by Red Hat OpenShift. This means you…

Read more →

Red Hat Enterprise Linux 9.4 introduces the ability for centrally managed users to authenticate through passwordless authentication with a passkey, meaning it’s an enterprise Linux distribution with Fast Identity Online 2 (FIDO2) authentication for centrally managed users! This is all…

Read more →

The Marvin Attack is a new side-channel attack on cryptographic implementations of RSA in which the attacker decrypts previously captured ciphertext by measuring, over a network, server response times to specially crafted messages. The attacker also may forge signatures with…

Read more →

In a previous Red Hat article, VP of Red Hat Product Security, Vincent Danen, discussed the question “Do all vulnerabilities really matter?” He emphasized that “a software vulnerability has the potential to be exploited by miscreants to harm its user.”…

Read more →

It is hard to imagine any modern computer system that hasn’t been improved by the power of artificial intelligence (AI). For example, when you take a picture with your smartphone camera, on average more than twenty deep learning (DL) models…

Read more →

ANSSI, the National Cybersecurity Agency of France (Agence nationale de la sécurité des systèmes d’information), provides a configuration guide for GNU/Linux systems. It’s identified as ANSSI-BP-028 (formerly known as ANSSI DAT NT-028). Recently, ANSSI published an update of its ANSSI-BP-028…

Read more →

A lot of organizations use Red Hat Ansible Automation Platform to orchestrate their infrastructure and Hashicorp Vault to manage their secrets. But how do they work together?HashiCorp Vault is a powerful tool for managing secrets, providing a centralized platform for…

Read more →

In the last few years, several Red Hat customers have asked how to add a Web Application Firewall (WAF) to the OpenShift ingress to protect all externally facing applications.A WAF is a Layer 7 capability that protects applications against some…

Read more →

Changing systems passwords is a common task that all systems administrators must do to keep up with all the latest security policies. Now with secrets being managed by the secrets management system, we need a way to integrate with that…

Read more →

The concept of security by design, which includes the concept of security by default, is not new. In fact, secure by design is considered one of the fundamental principles of secure development. In general, we say there is security by…

Read more →

The Kentik Collection is now Red Hat Ansible Certified Content, and is available on Ansible automation hub. The highlight of this is Event-Driven Ansible, an event source plugin from Kentik to accept alert notification JSON. This works in conjunction with…

Read more →

How to get started with automated policy as code: Start small but think BIG.A policy enforcement feature is coming to future versions of Red Hat Ansible Automation Platform. This blog provides more detail around where we’re heading with this exciting…

Read more →

Veeam Backup and Replication is a backup, recovery and data management platform that modernizes data protection for cloud, physical and virtual environments. In this post we’re going to look at using Veeam as part of a strategy to guard against…

Read more →

Recently we announced that Red Hat Insights along with Red Hat OpenShift on AWS GovCloud has achieved Federal Risk and Authorization Management Program (FedRAMP®) Agency Authority to Operate (ATO) at the High Impact Level.We delved down a bit further into…

Read more →

Recently we announced that Red Hat Insights along with Red Hat OpenShift on AWS GovCloud has achieved Federal Risk and Authorization Management Program (FedRAMP®) Agency Authority to Operate (ATO) at the High Impact Level.We delved down a bit further into…

Read more →

As Kubernetes becomes increasingly integral to production environments, cyber adversaries are likewise becoming more skilled in cloud-native exploitation. According to the CrowdStrike 2024 Global Threat Report, cases involving exploitation of cloud services increased by 110% in 2023, far outpacing non-cloud…

Read more →

Architecting, deploying, and managing hybrid cloud environments can be a challenging and time-consuming process. It starts with processor selection, operating system configuration, application management, and workload protection, and it never ends. Every step requires a reliable, trusted software foundation with…

Read more →

Here at Red Hat, we’ve spent over a decade building up the power of Red Hat Insights, making it one of the most valuable pieces of technology included in your Red Hat subscription. We’ve integrated with industry-leading technologies like IBM…

Read more →

Many organizations face numerous challenges when modernizing their applications or migrating from on-premises applications to cloud-native microservices. This can include challenges such as deploying and managing their applications at scale, increased network complexity, managing costs and ensuring security.Red Hat and…

Read more →

Red Hat and the National Institute of Standards and Technology (NIST) are pleased to announce our third annual Cybersecurity Open Forum – Improving the Nation’s Cybersecurity. On April 24, 2024, cybersecurity experts will gather in Washington, D.C., to share best…

Read more →

Artificial intelligence (AI) is being introduced to just about every facet of life these days. AI is being used to develop code, communicate with customers, and write in various media. Cyber security, particularly product security is another place AI can…

Read more →

As of Jun 30, 2024, the Red Hat Enterprise Linux (RHEL) 7 maintenance support 2 phase ends and Red Hat will no longer update compliance content for RHEL 7. Many policy providers, such as CIS and DISA, will no longer…

Read more →

Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of…

Read more →

In confidential computing environments, attestation is crucial in verifying the trustworthiness of the location where you plan to run your workload or where you plan to send confidential information. Before actually running the workload or transmitting the confidential information, you…

Read more →

We are pleased to announce the release of Red Hat OpenShift Service Mesh 2.5. OpenShift Service Mesh is based on the Istio and Kiali projects, and is included as part of all subscription levels of Red Hat OpenShift. OpenShift Service…

Read more →

The Quay team is excited to announce that Red Hat Quay 3.11 will be generally available this month. This release will introduce updates to permission management and image lifecycle automation automation for more effective management at scale. Significant updates include:Team-sync…

Read more →

We’re pleased to announce that the Red Hat FedRAMP offering, which includes Red Hat OpenShift Service on AWS (ROSA), has obtained the “Ready” designation from the FedRAMP Joint Authorization Board (JAB). This means that Red Hat is now listed on…

Read more →

Public clouds provide geo resilience in addition to being cost-effective when compared to on-premise deployments. Regulated industries such as the Financial Services Industry (FSI) traditionally have been unable to take advantage of public clouds since FSI is highly regulated from…

Read more →

From FIPS 140-3 to Common Criteria to DISA STIGs, Red Hat is constantly pursuing the next iteration of compliance for our customers. Red Hat’s mission has long been to bring community innovation to enterprise organizations, packaged in a hardened, production-ready…

Read more →

Every system administrator needs to know about common vulnerabilities and exposures (CVEs) that affect their systems. Included with your Red Hat Enterprise Linux subscription is the Red Hat Insights vulnerability service which gives you a list of all of the…

Read more →

When it comes to open-source innovation, Red Hat is committed to pushing technological boundaries and enhancing the capabilities of cutting-edge solutions. As we look back at 2023, we’ll discuss Red Hat’s role in advancing Extended Berkeley Packet Filter (eBPF) technology,…

Read more →

Red Hat has always been an advocate of growth at the intersection of open source and computing solutions–which is exactly where RISC-V can be found. RISC-V is one of those technologies where the future is both evident and inevitable. By…

Read more →

This is the third part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesVulnerability ratings are the foundation for a good…

Read more →

Red Hat OpenShift sandboxed containers (OSC) version 1.5.0, introduces Peer Pods to IBM Z and LinuxONE. This update is the product of a cooperation between IBM and Red Hat, and is an important step in improving sandboxed containers, paving the…

Read more →

In 2023, Red Hat met with so many customers and partners – from industry event interactions and individual meeting rooms to cross country visits and late-night service calls, we’ve learned so much from our trusted ecosystem. With all of these…

Read more →

Protecting intellectual property and proprietary artificial intelligence (AI) models has become increasingly important in today’s business landscape. Unauthorized access can have disastrous consequences with respect to competitiveness, compliance and other vital factors, making it essential to implement leading security measures.…

Read more →