Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Mar 27)
 

Over the weekend, Chris Byrne, an information security consultant and instructor for Cloud Harmonics, published a post to Facebook outlining a serious problem with the processes and third-party API used to deliver and manage Symantec SSL certificates.
  (Mar 28)
 

The UK government has said it wants access to messages sent via encrypted communications apps such as WhatsApp, re-igniting the debate over end-to-end encryption.
  (Mar 29)
 

A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in illicit profit has finally entered a guilty plea in the United States and is going to face sentencing in August.
  (Mar 30)
 

APT29 has used The Onion Router (TOR) and the TOR domain fronting plugin meek to create a hidden, encrypted network tunnel that appeared to connect to Google services over TLS. This tunnel provided the attacker remote access to the host system using the Terminal Services (TS), NetBIOS, and Server Message Block (SMB) services, while appearing to be traffic to legitimate websites. The attackers also leveraged a common Windows exploit to access a privileged command shell without authenticating.
  (Mar 31)
 

The problem isn't just that VPNs aren't great, it's that Republicans have broken the damn internet.As Congress, the FCC, the President, and telecom lobbyists have conspired to make it easy and legal for internet service providers to sell your private data to advertisers, you may have heard a simple piece of advice: Get a VPN.
  (Mar 30)
 

Open source developers who use Github are in the cross-hairs of advanced malware that can steal passwords, download sensitive files, take screenshots, and self-destruct when necessary.
  (Mar 30)
 

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.
  (Mar 31)
 

Who'd have thought that just days after the house rolled back privacy protections for internet users, ISPs would take advantage? The EFF did, pointing out that Verizon has already announced that it will install spyware, in the form of the launcher AppFlash, across its users' Android devices in the coming weeks.
  (Apr 3)
 

Recently inboxes have been hit by the so-called "airline phishing attack." It is a new take on an old phishing email. It uses multiple techniques to capture sensitive data and deploy an advanced persistent threat (APT).
  (Apr 3)
 

We are pleased to announce the eighth beta release of TorBirdy: TorBirdy 0.2.2. This release adds support for Thunderbird 52 and also features improved security configuration settings for Thunderbird. All users are encouraged to update.
  (Apr 3)
 

Tuesday's congressional vote to repeal U.S. restrictions on broadband providers doesn't mean that online privacy is dead. Consumers will just have to pay for it.