Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer (Apr 16)

Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on.
Nation-State Attacks Take 500% Longer to Find (Apr 15)

When it comes to threats that put your business at risk, gaining visibility into attacks remains a challenge. New research shows that in 50% of cases over the past 12 months, organizations had insufficient endpoint or network visibility to respond successfully.
(Apr 17)

Of the many great features/changes for Linux 4.17, one of the most exciting to us is the idle power efficiency and performance-per-Watt improvements on some systems thanks to a rework to the kernel's idle loop handling. Rafael Wysocki and Thomas Ilsche as two of the developers working on this big code change presented on their work today for this CPU idle loop ordering problem and its resolution.
(Apr 16)

Dear Governor Deal:I am writing to urge you to veto SB315, the "Unauthorized Computer Access" bill.
Hackers are using botnets to take the hard work out of breaking into networks (Apr 17)

Why hack a network when you can get a botnet to do it for you?It turns out that botnets might be an easier way to break into a network, not least by taking the grunt work out of it. It's not a new concept -- we've seen it before with bots running through lists of default usernames and passwords to hijack Internet of Things devices.
Allscripts: Ransomware, recovery, and frustrated customers (Apr 15)

The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company's customers without access to the services needed to run their medical practices -- some for more than a week.
German Government Chooses Open Source For Its Federal Cloud Solution (Apr 18)

It's not hidden that apart from costing tons of money, the use of proprietary software also brings along hidden security caveats. These are the two primary reasons why the usage of open source software is being pushed in public agencies all around the world, especially in European countries.
Microsoft built its own custom Linux kernel for its new IoT service (Apr 18)

At a small press event in San Francisco, Microsoft today announced the launch of a secure end-to-end IoT product that focuses on microcontroller-based devices -- the kind of devices that use tiny and relatively low-powered microcontrollers (MCUs) for basic control or connectivity features.
(Apr 19)

IBM released an open-source software library meant to help developers and researchers to protect AI systems including Deep Neural Networks (DNNs) against adversarial attacks. DNNs are complex machine learning models that has certain similarity with the interconnected neurons in the human brain.
Gold Galleon hackers target maritime shipping industry (Apr 19)

Researchers have uncovered a Nigerian hacking ring which targets maritime shipping firms in order to try and steal millions of dollars on an annual basis.
(Apr 20)

Developer platform GitHub has warned that plans to stop copyright infringements online could have a major impact on open-source software development.
LinkedIn Fixes User Data Leak Bug (Apr 20)

LinkedIn has quietly patched a vulnerability which could have allowed malicious third parties to steal members' personal data.