On August 13th, 2020, The National Security Agency and Federal Bureau of Investigations released a cybersecurity advisory that warned anyone deploying or maintaining a Linux system about a new Russian (and now worldwide) cyber espionage threat named Drovorub. Of course, this isn't the first time a government-sponsored cyber threat has found its way into the wild. But its newsworthiness lies not in its origin, novelty, or effectiveness, but in the fact that it can be completely prevented to begin with.
Read MoreThe Crucible Embedded Hypervisor mitigates the recent rash of CPU-based information leakage / unauthorized disclosure vulnerabilities, including those made public in CVE 2018-3620 and CVE 2018-3646. The Xen project further classifies these vulnerabilities under XSA 273. Crucible inherently mitigates these speculative execution (and related Spectre / Meltdown) vulnerabilities as a result of its explicit hardware resource allocation strategy, and overall secure-by-design configuration.
Read More