TheLog4Shell vulnerability is taking the Internet by storm, and it’s already being used for real-world attacks. In this video, Jay discusses the details around Log4Shell vulnerability in Log4j, and also CrowdSec’s community-based response to the situation.
Recently, some interesting security news has occurred, and two specific developments are the main discussion in this episode. Trojan Source is a newly discovered tactic that can be used to hide malicious code and execute something completely unexpected, even when the source code appears to be syntactically correct. In addition, CISA recently mandated a large number of CVE’s to be patched in the very near future, which will likely have ramifications even outside of the United States. Also, Jay and Joao also discuss the recently released Fedora 35, which is a distribution that has a large presence on the workstations that administrators use.
Migrating your servers from one Linux distribution to another can be a daunting task, even moreso if it’s a migration you’re doing because of unforeseen events or changes within the ecosystem. In this video, Jay and Joao discuss the challenges when it comes to migrating Linux distributions, and the effect this has on security.
Rebooting is a pain, and in some organizations, downright tedious. Shuffling virtual machines between hosts in a cluster is even more tedious, and when it’s time to install patches, that’s what many administrators are forced to do. In this video, I check out QEMUCare, which aims to live-patch QEMU to avoid VM shuffling. In particular, we’ll look at installing ePortal (which deploys the patches) and also an example scenario.
