Red Hat Blog

March 29, 2024 is a day that will hardly be forgotten by the open source community: Andres Freund disclosed his findings about the compromise in the xz compression library, which would enable an attacker to silently gain access to a targeted affected system. How did that coordination work under the hood? In this article we will give a behind the scenes glimpse into what this looked like at Red Hat.DiscoveryOn Wednesday, March 27, Andres contacted the Debian security team via their contact email ([email protected]) and let them know about the oddities he found in a SSH slowdown when using a n

Artificial intelligence (AI) is being introduced to just about every facet of life these days. AI is being used to develop code, communicate with customers, and write in various media. Cyber security, particularly product security is another place AI can have a significant impact. AI is being built into security tools, and, on the flip side, into the realm of exploitation. AI is now mainstream and won't be going away anytime soon, so security professionals need to learn how to best use it to help enhance the security of their systems and products.AI and its implications for securityThe term "a

Many organizations face numerous challenges when modernizing their applications or migrating from on-premises applications to cloud-native microservices. This can include challenges such as deploying and managing their applications at scale, increased network complexity, managing costs and ensuring security.Red Hat and F5 are collaborating to deliver enhanced networking and security services using Red Hat OpenShift to deploy technology from F5 Distributed Cloud. This technical collaboration aims to provide organizations with a more seamless multi and hybrid cloud application experience, prov

Red Hat and the National Institute of Standards and Technology (NIST) are pleased to announce our third annual Cybersecurity Open Forum – Improving the Nation’s Cybersecurity. On April 24, 2024, cybersecurity experts will gather in Washington, D.C., to share best practices and strategies for successfully navigating the evolving cybersecurity landscape. As threats evolve in sophistication and scale, government and industry must adapt swiftly and effectively to protect data and infrastructure.Attendees will learn about the nature of cybersecurity vulnerabilities, strategies to enable protect

As of Jun 30, 2024, the Red Hat Enterprise Linux (RHEL) 7 maintenance support 2 phase ends and Red Hat will no longer update compliance content for RHEL 7. Many policy providers, such as CIS and DISA, will no longer update their policies once maintenance ends.When this support phase ends, you can expect:The RHEL 7 scap-security-guide package will no longer be updated. You can continue to use the content provided after Jun 30, 2024. The content is mature, stable, and still suitable for use by Extended Update Support (EUS) customers after the end of maintenance, however as mentioned before there

Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of our process in this article.Is this a CVE?First and foremost, what is a CVE? Short for Common Vulnerabilities and Exposures, it is a list of publicly disclosed computer security flaws. Learn more in this Red Hat post.To receive a severity rating, the issue needs to be a CVE. But what does it take to be a CVE? In order to warrant a CVE ID, a vulnerability has to comp

In confidential computing environments, attestation is crucial in verifying the trustworthiness of the location where you plan to run your workload or where you plan to send confidential information. Before actually running the workload or transmitting the confidential information, you need to perform attestation.This blog provides an overview of the components implemented in the confidential containers (CoCo) to support the IETF RATS model (Remote ATtestation procedureS Architecture). The components include the Attestation Service (AS), Key Broker Service (KBS), Reference Value Provider Servi

Updated March 30, 2024: We have determined that Fedora Linux 40 beta does contain two affected versions of xz libraries - xz-libs-5.6.0-1.fc40.x86_64.rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm. At this time, Fedora 40 Linux does not appear to be affected by the actual malware exploit, but we encourage all Fedora 40 Linux beta users to revert to 5.4.x versions.Editor's note: This post has been updated to more clearly articulate the affected versions of Fedora Linux and add additional mitigation methods.Yesterday, Red Hat Information Risk and Security and Red Hat Product Security learned that the l

What is Ansible Lightspeed?Red Hat Ansible Lightspeed, armed with the formidable watsonx Code Assistant, leverages generative artificial intelligence (AI) to transform user prompts into code recommendations built on Red Hat Ansible Automation Platform best practices. Merging the realms of AI and Information Technology (IT), Red Hat Ansible Lightspeed can be used to enhance the productivity of automation developers and extend trust in the automation codebase.Leveling up the code with Red Hat’s Secure Development LifecycleRed Hat’s Secure Development Lifecycle (RH-SDL) focuses on software de

Red Hat Insights is a SaaS (Software as a Service) offering from Red Hat that centralizes different tools and technologies to help analyze and remediate systems, platforms, and applications. It helps you keep your infrastructure compliant with best practices and security profiles, while also offering cost management and cluster update risks analysis.Insights is available for Red Hat Enterprise Linux, Red Hat Ansible Automation Platform, and Red Hat OpenShift at no additional cost with the associated subscriptions.Insights for OpenShiftRed Hat Insights is present by default in each OpenShift cl