Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.

Today’s newsletter highlights our two most recent feature articles: Can Linux Be Used To Offer More Security In A WFH World (On And Offline)? and Openwall Releases LKRG 0.9.0 with a Long List of Major Changes, Improvements & Bug Fixes. We also examine various topics including Linux Mint's decision to notify users about pending updates on their system and a the discovery of a new strain of malware targeting NodeJS developers using Linux and macOS that hides in a fake Browserify NPM package. Happy Monday - and happy reading!

Yours in Open Source,

Brittany Signature 150

LinuxSecurity.com Feature Extras:

Can Linux Be Used To Offer More Security In A WFH World (On And Offline)? - Can companies bolster their remote-working operations — even offline — through swapping their current operating systems for Linux? Let’s see what conclusions we can reach.

Openwall Releases LKRG 0.9.0 with a Long List of Major Changes, Improvements & Bug FixesOpenwall recently announced the release of LKRG (Linux Kernel Runtime Guard) 0.9.0, featuring a host of major changes and improvements, as well as fixes for multiple security bugs. 

  Is Linux Mint Turning Into Windows? (Apr 14)
 

Linux Mint developers have decided to notify users about pending updates on their system, raising a controversial question - is Linux Mint turning into Windows?
  New Linux, macOS malware hidden in fake Browserify NPM package (Apr 14)
 

A new malicious package targeting NodeJS developers using Linux and macOS has been discovered hidden in a fake Browserify NPM package.
  Google releases Chrome 90 with HTTPS by default and security fixes (Apr 15)
 

Google Chrome 90 has arrived with new privacy features and fixes for 37 security flaws. Chrome users: this is an update you don't want to overlook!
  BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE (Apr 12)
 

Google security researcher Andy Nguyen has disclosed long-awaited  details  of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers to execute arbitrary code with kernel privileges on vulnerable devices. Nguyen claims that his findings ultimately led to a safer, more stable kernel.
  Linux Foundation creates research division to study open source impact (Apr 15)
 

In the latest sign of the  growing influence  of  open source software , the Linux Foundation has announced that it is creating a new research unit to provide greater insight into open-source technology, as well as the people creating it. Among the groups priorities are examining diversity and security.
  Linux kernel will soon have initial support for Apple’s M1 chipset (Apr 13)
 

Thanks to  Asahi Linux , the Linux kernel will soon have initial support for Apples M1 chipset. This will likely arrive as part of the upcoming Linux 5.13 update.
  PHP Maintainers Shared Update On PHP Source Code Compromise (Apr 13)
 

The maintainers of the PHP programming language have issued an update  regarding the security incident that came to light late last month , stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. This was initially treated as a compromise of the git.php.net server - but further investigation into the incident has revealed that the commits were a result of pushing them using HTTPS and password-based authentication.
  Google backs effort to bring Rust to the Linux kernel (Apr 16)
 

Google's Android Team is backing an effort to introduce Rust as a second programming language in the Linux kernel in an effort to improve security.
  Getting Started With System Logging in Linux (Apr 12)
 

System logging is the most reliable way of knowing which activities were carried out on your Linux system. This guide explains how to get started with Linux system logging.
  How to set up an SSH tarpit in Ubuntu Server 20.04 (Apr 16)
 

Learn how to add an SSH tarpit to Ubuntu Server 20.04 with the help of endlessh.