Red Hat Blog

IBM recently released their 2024 X-Force Threat Intelligence Index.According to IBM, this report offers data on the threat landscape “as a resource to IBM clients, researchers in the security industry, policy makers, the media, and the broader community of security professionals and business leaders. It’s [their] intent to keep all parties informed of the current threat landscape so they can make the best decisions for reducing risk.”Part of the threat landscape includes an analysis from Red Hat Insights on the aggregated threats that the Insights team can see affects Red Hat customers.

Every system administrator needs to know about common vulnerabilities and exposures (CVEs) that affect their systems. Included with your Red Hat Enterprise Linux subscription is the Red Hat Insights vulnerability service which gives you a list of all of the CVEs affecting the systems registered to Insights across your systems or at the individual system level.Historically, Insights has only showed you CVEs with errata - ones you can fix. However we recently released a new feature which lets you see all CVEs - ones with and without errata. Watch the video below to see this feature in action. Y

From FIPS 140-3 to Common Criteria to DISA STIGs, Red Hat is constantly pursuing the next iteration of compliance for our customers. Red Hat’s mission has long been to bring community innovation to enterprise organizations, packaged in a hardened, production-ready form. This isn’t just about packaging and testing, however; we take extra steps to bring these emerging capabilities in-line with some of the most stringent secure computing standards and requirements in the world. Innovation by itself isn’t enough for public sector agencies or the companies that serve these organizations. Inst

Welcome to part 4 of this miniseries on the concept of Environment as a Service. As discussed in part one, an environment comprises everything that is needed to run an application and, in a kubernetes-centric platform, it starts with the provisioning of a namespace.Sometimes, though, we need components and configurations to exist outside of our namespace for our applications to run properly.These external configurations may involve everything from external global load balancers, external firewalls, provisioning of certificates from external PKI’s, and more… just to name a few. Sometimes, t

P11-kit is an integral component to enable Hardware Security Module (HSM) and related technologies around PKCS#11. Over the years, its focus had mostly been on the library, with the bundled command-line tools not receiving much attention. When the user wanted to perform operations on the HSM or smartcard, they typically had to use tools from other packages. The most popular ones include p11tool from GnuTLS, modutil from NSS, and pkcs11-tool from OpenSC.With p11-kit 0.25.1 release, the p11-kit command-line tool bundled with p11-kit has been extended with a handful of utilities, to make it possi

We are pleased to announce the provisioning of Red Hat OpenShift Dedicated clusters on Google Cloud Shielded VMs is now generally available. This blog gives a short overview of Shielded VMs and the new configuration parameter introduced in the OpenShift Dedicated provisioning workflow.Shielded VMs are specialized VMs on Google Cloud with extra security features such as secure boot, firmware and integrity monitoring and rootkit protection. This protects enterprise workloads from threats like remote attacks, privilege escalation, and malicious insiders.Red Hat customers can optionally select Ena

This is the fifth and final part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesPatch management needs a revolution, part 3: Vulnerability scores and the concept of trustPatch management needs a revolution, part 4: Sane patching is safe patching is selective patchingThere is an intersection between “compliance” and “security” but it’s wise to realize that compliance does not equal security. Compliance, when don

The trusted platform module (TPM) is a self-contained hardware encryption technology present in recent computer systems. It provides, among other things, hardware random number generation and more secure storage for encryption keys. This enables administrators to encrypt operating system disks that will then only be decryptable on the same system. Version 2.0 of the TPM specification was published in 2015, and Microsoft’s Windows 11 requires a version 2.0 TPM to be present to install.To support operating systems like Windows 11 that require a TPM, libvirt provides a virtual TPM (vTPM) that c

Red Hat has always been an advocate of growth at the intersection of open source and computing solutions–which is exactly where RISC-V can be found. RISC-V is one of those technologies where the future is both evident and inevitable. By integrating open source concepts with the hardware development process, it’s not hyperbole to say that RISC-V is disrupting the hardware industry.Our excitement around the unique value RISC-V brings to the hardware ecosystem as an open and collaborative instruction set architecture (ISA) is nothing new. Red Hat has been providing Fedora on RISC-V for severa

When it comes to open-source innovation, Red Hat is committed to pushing technological boundaries and enhancing the capabilities of cutting-edge solutions. As we look back at 2023, we’ll discuss Red Hat's role in advancing Extended Berkeley Packet Filter (eBPF) technology, from collaborative contributions to the Linux kernel to strategic implementations within Red Hat's portfolio, and explore the intersection of innovation, performance, security capabilities and networking within the evolving landscape of eBPF.Kernel upstream collaborationsRed Hat engineers actively collaborated with the Lin