Like other tech giants, the company used its event to make important announcements in generative AI to help accelerate its enterprise adoption with Red Hat OpenShift AI, as well as several new capabilities in its automation platform Ansible.

The company is also focusing on simplifying management for Red Hat Enterprise Linux and securing the software supply chain.

Let’s look at the more notable announcements from the Raleigh, North Carolina-based tech firm’s announcements at its Red Hat Summit event in Boston, Mass.:

Red Hat OpenShift AI and Generative AI

According to Red Hat, the company is building and expanding upon the capabilities of OpenShift and OpenShift Data Science with OpenShift AI to give IT operations leaders, data scientists and developers a unified solution to train, serve, monitor and manage the lifecycle of artificial Intelligence (AI) and machine learning (ML) models and applications.

The company says Red Hat OpenShift AI underpins the generative AI services of IBM watsonx.ai, IBM’s new AI platform designed to scale intelligent applications and services across all aspects of the enterprise.

Red Hat says OpenShift AI solves a few key issues: the infrastructure-intensive training of AI models and requirement of specialized platforms and tools before serving, tuning and managing the model. OpenShift AI provides the infrastructure consistency across training, deployment and difference, the company says.

OpenShift AI provides a standardized foundation for creating production AI/ML models, as well as running the resulting applications, along with the ease-of-use and cloud-to-edge deployment options of OpenShift, the company says.

OpenShift AI provides several technology partner offerings, including Anaconda, IBM Watson Studio, Intel OpenVINO and AI Analytics Toolkit, NVIDIA AI Enterprise and Starburst, as well as 30 additional certified partners as part of the OpenShift ecosystem.

Customers with regulatory and compliance requirements, including air-gapped and disconnected environments can use OpenShift AI on -premises, while customers can also develop models in the public cloud and deploy them on-premises or at the edge, the company says. This provides a unique hybrid MLOps environment that enables collaboration between IT, data science and application developers, the company says.

According to Red Hat, new enhancements to OpenShift AI include deployment pipelines for AI/ML experiment tracking and automated ML workflows, model serving with GPU support for inference and custom model serving runtimes, and model monitoring to help organizations manage performance.

Ansible Lightspeed with IBM Watson Code Assistant

OpenShift AI, Red Hat says, is the base of IBM’s new AI enhancements including IBM Watson Code Assistant, to deliver domain-specific AI to IT organizations and developer teams.

This is done by bringing IBM Watson Code Assistant to Ansible, giving users the ability to write Ansible Playbooks with AI-generated recommendations. This new service is designed to help drive consistent and accurate automation adoption across an organization, the company says.

According to Red Hat, Ansible Lightspeed is the next phase of its Project Wisdom initiative, making it available to users, contributors, customers and Red Hat’s partner ecosystem. The service integrates with Watson Code Assistant, which will be available later this year. This allows access to IBM foundational models to quickly build automation code.

Event-Driven Ansible

Sticking with the IT automation theme, Red Hat also announced Event-Driven Ansible, a scalable solution designed to expand how organizations activate automation as a reliable strategy across the hybrid cloud.

The solution, slated for availability in June, is for Red Hat Ansible Automation Platform 2.4 customers; is designed to connect infrastructure and application observability tools with enterprise-grade Ansible automation, helping IT teams to pre-determine and define rules to initiate automated responses to situations like unresponsive system processes or unauthorized access requests.

When an event is trigged, the solution automatically executives the desired action via Ansible Playbooks or direct execution modules, with the ability to chain multiple events together into more complex automation actions, Red Hat says.

Event-Driven Ansible integrates with event sources form third-party monitoring, observability and IT tools, including Cisco ThousandEyes, CyberArk, Dynatrace, F5, IBM Instana, IBM Turbonomic, Palo Alto Networks, with additional partner integrations to follow.

Supplementary Red Hat-developed content is available for Red Hat OpenShift, Red Hat Insights, AWS, Microsoft Azure, Google Cloud Platform and ServiceNow, the company says.

Red Hat Enterprise Linux management

To help organizations better manage Red Hat Enterprise Linux, Red Hat is launching new capabilities in Red Hat Insights to give IT teams more insight and management tools to find and resolve IT issues much faster across the hybrid cloud. The tools are available through any browser via console.redhat.com and are designed to unify the management of Red Hat Enterprise Linux deployments in a single user interface, the company says.

According to Red Hat, these expanded capabilities build on the information provided by existing Red Hat Insights’ predictive analytics, which can detect potential bugs, misconfigurations or security vulnerabilities using Red Hat’s expertise in running Linux platforms in critical production environments.

The enhancements allow IT administrators to fix bugs without needing Red Hat Satellite Server and act on server groups simultaneously using patch templates, as well as build standardized operating system images that comply with organization-specific requirements.

Red Hat Advanced Cluster Security Cloud Service

According to the company, Red Hat Advanced Cluster Security Cloud Service is a new service that brings together Kubernetes-native security capabilities with a fully Red Hat-managed offering to help organizations take a security-forward approach to building, deploying and maintaining cloud-native applications regardless of the underlying Kubernetes platform.

The managed service supports both Red Hat OpenShift on private and public clouds and non-Red Hat Kubernetes services across major cloud providers, including Amazon EKS, Google GKE and Microsoft AKS, bringing security coverage to containerized applications regardless of where they are deployed.

Organizations can scale security capabilities across multiple clusters, whether on-prem or in the cloud while lowering operational costs by reducing the learning curve for implementing Kubernetes-native security without sacrificing necessary capabilities or enforcement, the company says.

Red Hat Trusted Software Supply Chain

Red Hat announced its Trusted Software Supply Chain Solution designed to protect against software supply chain vulnerabilities. The company says two new cloud services, Red Hat Trusted Application Pipeline and Red Hat Trusted Content, are joining in preview mode the existing Red Hat software and cloud services, including Quay and Advanced Cluster Security (ACS), to advance the successful adoption of DevSecOps practices, and embed security into the software development lifecycle.

Essentially, Red Hat Trusted Software Supply Chain allows customers to more efficiently code, build and monitor software using proven platforms, trusted content and real-time security scanning and remediation.

The solution allows customers to import git repositories and configure container-native continuous build, test, and deployment pipelines via a cloud service; inspect source code and transitive dependencies auto-generate Software Bills of Materials and verify and promote container images via a release criteria policy.

Visit the Red Hat Summit newsroom to learn more about these announcements and others.

The post Red Hat Summit 2023 Releases: AI, Automation, IT Management, Security appeared first on My TechDecisions.

The release comes less than week after the company released RHEL 8.7, and both are designed with IT system security and the hybrid cloud in mind. The company says each version comes with operating system images that are pre-configured to meet organization-specific system security needs.

The Raleigh, N.C.-based firm says both RHEL 8.7 and 9.1 enable security compliance profiles in image builder blueprint files, allowing IT to specify an OpenSCAP security profile when extending RHEL deployments with image builder to deliver operating system images that meet security and compliance requirements from installation.

According to Red Hat, the new versions also extend multi-level security support for agencies or other sensitive organizations to better document and control classification needs. Admins can also use new attestation technologies to verify that their operating system is booting with validated, unmodified components.

Red Hat Insights can now scan RHEL systems for the presence of known vulnerabilities or malicious code with a new malware detection capability, and Sigstore technology is now incorporated into RHEL’s native container tools as a technical preview to help users sign and verify code signatures using local keys, the company says.

The company says updated Red Hat Enterprise Linux system roles in both versions make it easier to automate and standardize manual tasks for RHEL deployments across they hybrid cloud, and new features such as automation support via Ansible and Redfish help IT better manage underlying hardware and more.

Available in RHEL 9.1 is PHP 8.1, an update of the PHP language as a certified, validated and supported Application Stream that enables enterprise developers to deliver new applications without risking stability.

RHEL 8.7 and 9.1 also include new tools and capabilities designed to help drive reliability and stability that IT departments need for hybrid cloud computing, including support for Extended Update Support (EUS) releases via Convert2RHEL and Leapp in-place upgrades to help IT operations teams plan and migrate in a consistent and standardized way to the latest versions of RHEL across the hybrid cloud.

The new RHEL versions also feature containerized application performance diagnostics via the RHEL web console to help users understand where a hardware bottleneck exists and what is consuming the most resources, even if those processes exist in a container.

RHEL 8.7 and 9.1 also include support for embedding containers, including UBI, into image builder blueprints to help IT teams create operating system images that embed a container image pulled from the associated container registry. This allows for containerized applications or processes to be used immediately upon booting up the image, the company says.

Existing Red Hat Enterprise Linux subscriptions can access Red Hat Enterprise Linux 9.1 and 8.7 via the Red Hat Customer Portal.

Gunnar Hellekson, vice president and general manager of Red Hat Enterprise Linux, says enterprise IT is becoming more complex as it expands to encompass traditional hardware, multiple public cloud environments and edge devices.

“The latest versions of Red Hat Enterprise Linux continue our commitment to making hybrid cloud computing more than just accessible, but successful at the scale of global business by pairing reliability and stability with features designed for innovation and flexibility,” Hellekson says.

The post Red Hat Enterprise Linux 8.7 and 9.1 Officially Available appeared first on My TechDecisions.

According to Microsoft, the Teams PWA for Linux—as a feature of the current web client for Linux customers—provides the “full richness” of Teams features and enables Microsoft to ship the latest teams features faster to Linux users and bridge the gap between the Teams desktop client on Linux and Windows.

The Redmond, Wash. software giant says the PWA offers access to more capabilities, including custom backgrounds, gallery view, reactions, the raise-a-hand feature in meetings, as well as large gallery and Together mode views. In addition, the Teams PWA provides desktop-like app features, such as system notifications for chat and channel, a dock icon with respective controls, application auto-start, and easy access to system app permissions.

Read Next: Microsoft Improves the Teams Desktop App Performance

Microsoft says the Teams PWA for Linux can be used with Conditional Access configuration applied through Endpoint Manager to give Linux users access to the web app while securely using Edge. This helps organizations use a unified endpoint management solution for Teams from Linux endpoints with security and quality built in.

The post Microsoft Releases Teams Progressive Web App for Linux appeared first on My TechDecisions.

The malware, called XorDdos, is named after its attack method, denial of service on Linux endpoints and servers, in addition to XOR-based encryption for its communications, according to a Microsoft security blog.

What makes this malware noteworthy is its ability to amass botnets that can be used to carry out large DDoS attacks, which Microsoft says can be used to hide further malicious activities, such as deploying malware and infecting other systems and devices.

According to Microsoft, XorDdos is known for using Secure Shell (SSH) brute force attacks to gain remote control on target devices, leveraging  widely used IT infrastructure protocol that enables encrypted communications over insecure networks for remote system administration activities that makes it an attractive target for attackers. XorDdos identifies valid SSH credentials and uses root privileges to run a script that downloads and installs the malware on the target device, per the blog.

The Linux trojan is also sneaky; it uses evasion and persistence tactics that allow it to remain active and very hidden, including obfuscating its activities; evading rule-based detection and hash-based file lookup, as well as leveraging anti-forensic techniques to break process tree-based analysis, according to Microsoft.

In recent campaigns, Microsoft observed XorDdos hiding malicious activities from analysis by overwriting sensitive files with a null byte, as well as other various persistence mechanisms to support different Linux distributions.

This is part of an alarming trend in which a DDoS trojan is used to deliver other malware, as devise first infected with XorDdos were later infected with the Tsunami backdoor, which Microsoft says further deploys a cryptocurrency miner. However, XorDdos did not directly install and distribute those secondary payloads. Instead, the trojan may be leveraged as a vector for follow-on activities, the company says.

For more information, including indicators of compromise, read Microsoft’s blog.

The post Watch Out For This Linux DDoS Trojan, Microsoft Says appeared first on My TechDecisions.

The platform, which will be generally available in the coming weeks, is said to be built to “drive enterprise transformation in parallel with evolving market forces and customer demands in an automated and distributed IT world,” the Raleigh, N.C.-based provider of open source software said in a press release.

According to Red Hat, the latest version of Red Hat Enterprise Linux (RHEL) is the first production releaser built from CentOS Stream, the continuously delivered Linux distribution that tracks just ahead of RHEL. That move is meant to help the broader RHEL ecosystem and solicit feedback, code and feature updates from customers, users and partners.

The company cites a recent study that found that 40% of G2000 companies will reset their cloud selection process to focus on business outcomes rather than IT requirements and will place a bigger value on access to providers’ portfolio from device to edge and from data to ecosystem. For Red Hat, that suggests the importance of a standardized platform that can reach across all of those footprints and give IT teams and developers a platform optimized for operations and production.

Red Hat says customers can use RHEL broadly, and existing customers can migrate RHEL subscriptions to the cloud of their choice with Red Hat Cloud Access. Customers can deploy the platform on-demand from major cloud providers, including AWS, Google Cloud, IBM Cloud and Microsoft Azure.

Red Hat Enterprise Linux 9 includes key enhancements designed to address evolving IT needs at the edge, including comprehensive edge management, a new service that oversees and scales remote deployments with greater control and security functionality, encompassing zero-touch provisioning, system health visibility and more responsive vulnerability mitigations from a single interface.

In addition, RHEL9 includes automatic container roll-back with Podman, the company’s integrated container management technology that can automatically detect if a newly updated container fails to start and roll the container back to the previous working version.

The new platform also includes a new image builder service to deliver key operating system functions as a service. RHEL 9 supports image creation for customized filesystems and major cloud providers and virtualization technologies, including AWS, Google Cloud, Azure and VMware.

The new platform includes RHEL’s Linux hardening features, including Red Hat Insights, the company’s proactive analytics service for detecting and remediating security issues. In addition, RHEL 9 includes features to address hardware-level security vulnerabilities, such as Spectre and Meltdown, and others to help user-space processes create memory areas that are inaccessible to potentially malicious code.

Red Hat Enterprise Linux 9 also includes integrity measurement and architecture digital hashes and signatures to help users verify the integrity of the operating system and detect rogue infrastructure modifications. With the platform available on IBM Cloud, RHEL 9 will include the security features of IBM Power Systems and IBM Z systems.

According to Red Hat, the new version also includes an expanded set of RHEL System Role for automating workflows for specific system configurations, and it also supports kernel live patching from the RHEL web console to help IT address critical tasks at scale.

At launch, Red Hat Enterprise Linux 9 will include a foundation ready for key Microsoft technologies, including SQL Server.

Mathew Hicks, executive vice president of products and technologies at Red hat, said in a statement that modern IT starts with Linux.

“As the world’s leading enterprise Linux platform, Red Hat Enterprise Linux 9 extends wherever needed across the open hybrid cloud and beyond, pairing the trusted backbone of enterprise Linux with the innovative catalysts of open source communities,” Hicks said. Linux is positioned at the epicenter of rapid technological evolution and that Linux is Red Hat Enterprise Linux.”

The post Red Hat Announces Red Hat Enterprise Linux 9 appeared first on My TechDecisions.

Last year,  ransomware groups (Sodinokibi/REvil, BlackMatter, etc) made headlines and then suddenly disappeared only to rebrand under a different name, according to cybersecurity researchers and analyst in the information security community.

Red Canary’s report also notes trends in supply chain compromise, as witnessed in the SolarWinds, Kaseya and Log4j attacks. These types of attacks are not going away anytime soon, says the cybersecurity firm. The exploitation of Kaseya VSA appliance software led to ransomware deployments on thousands of organizations that used the software for remote administration of endpoints.

The “as-a-service” models, such as, “phishing-as-a-service,” “ransomware-as-a-service,” “access-as-service,” are expected to continue. These types of services have led to a proliferation of partnering, making it challenging to identify and anticipate the progression of a compromise.

“It’s never been easier to find an adversary for hire,” says Red Canary, noting an upheaval in highly specialized malicious subscription-based software strategies.

User initiated access activity is also expected to continue, such as malicious emails, attempts to harvest victims’ credentials and breaches by way of a trusted party. Many threat actors will direct victims to download a malicious executable after engaging with content they purposely sought out, as observed on search engine results pages. Red Canary notes it is critical to respond to this type of activity as follow-on threats can include info-stealers and ransomware.

In addition, software vulnerabilities will continue to be problems for IT teams moving forward, the firm says.

Check out the complete list of 12 threat detection trends you should know in the slideshow.

The post 12 Threat Detection Trends IT Pros Should Know appeared first on My TechDecisions.

According to the company, the Linux EDR and MDR solution will help organizations better protect their Linux environments, which can be difficult to secure. The solution leverages Linux-optimized technology developed by the company’s engineers, analysts, researchers and customer support.

Red Canary says the solution is dedicated to Linux infrastructure and production environments with a lightweight agent designed from the ground up to support most Linux distributions while using minimal resources.

This is a departure from other Linux security solutions, which Red Canary says can be disruptive because they are first designed for Windows or Mac agents and were adapted for Linux. Those can impact system performance, business and customers, according to the company.

The solution features a lightweight sensor that “operates entirely in userland, avoiding kernel modules, hooking, or code injection,” which Red Canary says can lead to system instability, kernel panics and system crashes.

Customer portals provide transparent sensor performance to give customers and stakeholders confidence they need when deploying to business-critical systems, Red Canary says in a blog.

The company says its telemetry collection and threat detection capabilities exceed industry standards, with features such as behavioral detection, rootkit identification, fileless malware detection and more.

The solution supports a wide range of Linux distributions, versions and kernels, as well as the latest container and container orchestration technologies, such as Kubernetes and Docker, giving customers the viability and detection outcomes for ephemeral or long-lived workloads, according to Red Canary.

The company also boasts a support team that is available 24/7 for general security advice or questions, and customers can also communicate via Slack.

The post Red Canary Announces Linux-First EDR, MDR Solution appeared first on My TechDecisions.

The new antimalware engine in Microsoft Defender is currently in public preview mode. After the public preview phase, general availability will gradually roll out to all devices.

In a Tech Community blog, Microsoft says users can expect the following:

• Better support for protection against known and unknown malware with client-side machine-learning models, heuristics, and correlation between static signals.
• Enhanced cloud-delivered protection with support for metadata-based machine-learning models, file classifications and reputation-based  machine-learning models, and more.
• Emergency security intelligence updates are now available through cloud-delivered protection that can help protect against malware outbreaks.
• Better support for false positive and false negative prevention.
• Threat naming and definition version nomenclature will change for the purpose of consistency across all platforms and aligning to our overall naming conventions. For more information about how Microsoft names malware, see Malware names | Microsoft Docs.
• Reduced memory and CPU footprints
• Improved behavior monitoring with lower resource consumption is now available to all our customers as a configurable component for Linux (if enabled).
• Memory scanning, providing better coverage for fileless attacks (Linux).
• Reduced overall package size, significantly reduced security intelligence update download sizes.
• Custom file indicators are now available with “audit”, “allow”, “block & remediate” action. The certificate indicator type will be added at a later date.

The prerequisites for the new Microsoft Defender antimalware engine are the following:

1. Preview features must be enabled on your tenant. See Turn on preview features for more information
2. The device must be in the insiders-fast or insiders-slow channel on Linux, Beta or Preview on macOS.
3. If your organization has preview features enabled in your tenant, please ensure that machines participating in these channels are always on the latest version to take the latest fixes and improvements.
4. The minimum Microsoft Defender for Endpoint version number must be 101.56.62 and for down-level servers (RHEL 6.x and CentOS 6.x) it must be 101.62.64

Another key feature of the new antimalware engine is the ability to create custom file indicators, of which some may already have experience with on Windows. The three indicator response actions are ‘allow’, ‘alert only’, and ‘alert and block’. The actions are now supported on macOS and Linux.

Microsoft also notes that warn and block indicator types are currently not supported for Linux & macOS, as visually indicated in the Microsoft 365 Defender portal. Microsoft adds, “If you have previously created non-scoped custom file indicators (targeted to all devices) in your environment, the indicators will also start applying to any device that is running the new antimalware engine.”

For more information, visit Microsoft’s Tech Community blog.

The post Microsoft Unveils New Antimalware Engine Capabilities for Linux and macOS appeared first on My TechDecisions.

Magewell will showcase the new software in booth C8508 at the 2022 NAB Show, taking place April 24-27 in Las Vegas.

Magewell Cloud Features

Per a statement, Magewell Cloud software makes it easy for integrators, administrators, and IT staff to manage multiple Magewell IP encoders and decoders across multiple sites. This is possible through an intuitive, browser-based interface. Additionally, its rich feature set can also be controlled programmatically via HTTP-based APIs. Thus, it provides systems integrators and third-party developers with advanced deployment flexibility and integration possibilities. Beyond the efficiency and convenience of centralized management, Magewell Cloud is ideal for enabling technical personnel to remotely manage devices on behalf of less-experienced users.

Also Read: Magewell Joins Barco’s ClickShare Alliance Program

The software supports all current Magewell streaming and IP conversion hardware. These include Ultra Stream live streaming and recording appliances; Ultra Encode universal live media encoders; and Pro Convert encoders and decoders for bridging traditional video signals with IP media networks using NDI technology and other popular protocols. Users can thus remotely configure device parameters, monitor device status, trigger operational functions and perform batch firmware upgrades across multiple units of the same model.

The core Magewell Cloud software is available free of charge for managing up to 20 Magewell hardware devices. The two additional versions of Magewell Cloud —supporting up to 50 or 150 devices, respectively — will be available for purchase as perpetual licenses. They also add SRT relay and protocol conversion functionality for the corresponding number of streams.

Features of SRT Relay

The SRT Relay feature simplifies one-to-many or many-to-many streaming with the SRT protocol. It does so by letting Magewell and third-party SRT solutions connect via Magewell Cloud rather than directly to each other. Thus, it eliminates the need for public, static IP addresses at every endpoint. Bi-directional protocol conversion between SRT and RTMP also lets users take advantage of the benefits of SRT in their streaming workflows while providing compatibility with non-SRT hardware and software.

“Our solutions are often used in large-scale production and distribution workflows that span multiple rooms or locations,” says James Liu, VP of Engineering at Magewell. “The Magewell Cloud software makes it easier for integrators and users to configure and manage our hardware in these deployments. [Meanwhile,] its stream management capabilities simplify the use of SRT technology in multi-site and multi-protocol workflows.”

Magewell Cloud delivers as a Docker container and can be deployed on customers’ own private server or public cloud infrastructure such as Amazon Web Services (AWS) or Microsoft Azure. Magewell recommends Linux as the operating system for Magewell Cloud installations. However, it is also compatible with Windows and MacOS.

Additionally, Magewell channel partners may also offer optional, fee-based support services to assist customers with deploying the software or managing their devices.

This article originally appeared on our sister-site Commercial Integrator.com.

The post Magewell Releases Cloud Management Software appeared first on My TechDecisions.

The company’s new report, “Exposing Malware in Linux-based Multi-Cloud Environments,” shows ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are looking for the most valuable assets in cloud environments to inflict the most damage to the target, as exhibited in DarkSide’s ransomware attack, which crippled Colonial Pipeline’s networks causing a national gasoline shortage in the U.S.

Cybercriminals are also looking for instant monetary rewards often by cryptojacking— where criminals secretly use a victim’s computing power to generate cryptocurrencies against their will. Cryptojacking attacks are often focused on mining the Monero currency (or XMR). The VMware Threat Analysis Team (TAU) discovered 89% of cryptominers used XMRig-related libraries. Since these types of attacks do not completely disrupt the operations of cloud environments, they are more difficult to detect.

Related: What The Colonial Pipeline Ransomware Attack Says About Infrastructure Security

Attackers are also using malware, webshells and remote access tools to gain access to Linux systems, VMware says. One of the primary implants used by attackers is Cobalt Strike, according the VMware’s research. Cobalt Strike is a commercial penetration testing and red team tool, and recent variant of the Linux-based Vermilion Strike.

VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the internet between February 2020 and November 2021. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises.

Now, organizations must place a greater priority on threat detection.

“As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface,” said Brian Baskin, manager of threat research at VMware in a statement.

The post Cybercriminals Are Using Malware To Target Linux-Based Systems appeared first on My TechDecisions.