This week, unfortunately, we saw thousands of people losing their jobs at major tech companies. Also, organizations are struggling with a vulnerability found in a VMware product. CISA has released a ransomware recovery tool to help impacted organizations. Ubuntu has also released an update to patch multiple vulnerabilities, while Linux Kernel maintainers confirmed that 6.1 will be an LTS. Also this week, we saw some early implementations of new AI technologies in popular web services.
Linux 6.1 is a Long-Term Support (LTS) Kernel now
The Linux community has been eagerly awaiting the release of Linux 6.1. Greg Kroah-Hartman, the Linux stable maintainer, confirmed that Linux 6.1 will be the Long-Term Support kernel. The plan, for now, is to maintain Linux 6.1 through December 2026, which is a few months longer than the current Linux 5.15 LTS series, which will be maintained through October 2026. Linux 6.1 may be maintained for even longer, potentially up to 2028, but this will ultimately depend on the usage of the kernel by major industry players and the level of commitment to testing the point release candidates.
CISA publishes VMware ESXi ransomware recovery tool
CISA has released a script allowing organizations to attempt to recover virtual machines infected with a two-year-old VMware vulnerability, tracked as CVE-2021-21972. However, experts recommend that before adopting CISA’s ESXiArgs recovery script, any business should carefully study it to decide if it is acceptable for their environment. They also clarify that the script attempts to build new config files that allow access to the VMs rather than destroy the encrypted config files. CISA clarifies that while it attempts to guarantee that scripts like this one are safe and functional, they are offered without any warranties and CISA does not accept any responsibilities if the script causes any harm.
Ubuntu Linux Kernel update fixes 19 vulnerabilities
Canonical publishes Linux Kernel security updates for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS, fixing 19 vulnerabilities including CVE-2022-47940 (CVSS3 8.1), CVE-2022-3640 (CVSS3 8.8), and CVE-2022-3623 (CVSS3 7.5). All users are strongly advised to obtain the latest update to make sure they are protected against these vulnerabilities. Due to an inevitable ABI change, the upgraded kernel has a new version number; as a result, any third-party kernel modules you may have previously installed must be recompiled and reloaded. Users can use the Software Updater utility or run the “update” command in the Terminal.
Microsoft’s new AI-powered Bing search engine and Edge browser
Microsoft reinvents Bing and Edge with AI-powered search which helps answer more complicated questions than what people usually expect from a search engine. On February 7, Microsoft unveiled its revamped products to provide better search, more comprehensive answers, a new chat experience, and the capacity to produce content. Microsoft claims that the tools excel at dealing with more complex problems, whereas standard search engines are great for finding websites. According to the internet, the company views these resources as an “AI copilot” for the internet.
TuxCare launched AlmaCare, offering unique support and compliance abilities for AlmaLinux
TuxCare announced the general availability of the AlmaCare service, an enterprise-grade support service designed for AlmaLinux. Organizations requiring FIPS-certified deployments or those operating under compliance regimens with similar requirements will no longer be forced to choose between compliance and security with AlmaCare’s FIPS add-on. With the FIPS add-on, regular re-certifications of newer versions and live security patches don’t affect compliance. AlmaCare also features hourly support bundles for a wide range of packages.
VMWare ESXi is now available on Google Cloud
Google introduced Google Cloud VMware Engine, a managed VMware platform allowing users to run their VMware workloads on Google Cloud. It allows users to use VMware ESXi as the hypervisor for Google Cloud solutions. VMware Engine private clouds include Google-managed VMware ESXi clusters. Users will be able to manage the virtual infrastructure with VMware vCenter and VMware NSX-T. The GCVE IaC Foundations code will help users to automate the configuration of several layers using infrastructure as code.
OpenSSL addresses and fixes multiple vulnerabilities
OpenSSL had a vulnerability that had a chance to allow an attacker to read memory contents or enact a denial of service. While it does not seem to have a CVSS rating yet, this vulnerability could let hackers launch malicious attacks. This “X.400 address type confusion” vulnerability is tracked as CVE-2023-0286 and now has an update to fix it. The vulnerability was fixed in OpenSSL version 3.0.8, affected since 3.0.0, which also addressed several other flaws. All users are urged to update to the latest stable version.