Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Apr 24)

The past year has seen a remarkable laundry list of email-based attacks. Phishing, spear-phishing, whaling, business email compromise (BEC), CEO to CFO scamming, email impersonation -- whatever names you attach to this bewildering variety of attacks, it's clear that hackers are using the full range of email techniques available to them.

  Chrome OS Terminal app hints at upcoming Linux support (Apr 23)

Soon, Chromebooks might be able to run Linux programs. That possibility already was hinted at last February but might be coming really soon with the appearance of the Terminal app in Chrome OS' dev channel.

  Linux Launches Deep Learning Foundation For Open Source Growth In AI (Apr 26)

The Linux Foundation has launched the LF Deep Learning Foundation, an umbrella organisation which will support and sustain open source innovation in artificial intelligence, machine learning, and deep learning. The organisation will strive to make these critical new technologies available to developers and data scientists everywhere, said a statement published by LF.

  (Apr 24)

The UK finance industry must improve collaboration with government and law enforcement to disrupt the cybercrime business model more effectively, according to a new report from KPMG and UK Finance.

  (Apr 23)

LinkedIn has plugged a flaw in its AutoFill button that would have allowed a malicious website to harvest basic account data from your LinkedIn profile.

  (Apr 22)

A decade ago, it was a serious question whether open source databases were ready for mission-critical applications. The obvious response at the time was "no," with substantial evidence to back that claim. More recently, self-promoting vendors have continued to pitch the idea that proprietary databases "are the best fit for mission-critical applications," but the idea has lost credibility.

  The firms that piggyback on ransomware attacks for profit (Apr 25)

Being hit by ransomware must be bad enough when you don't have a secure backup of your critical data that you can turn to. Just imagine how it feels to then be ripped off a second time by the data recovery firm you turn to for help in your moment of panic.

  Apple continues open source campaign by releasing FoundationDB on GitHub (Apr 22)

Acquired by Apple in 2015, the FoundationDB database architecture has officially gone open source, the company announced today. It's the latest move by Apple to open more of its non-secret software initiatives to public contributions, following earlier moves with its Swift programming language, cryptographic libraries, and benchmarking tools.

  (Apr 25)

WEI Mortgage discovered a data breach from an email phishing scam last fall that may have exposed loan package information and identifying data such as Social Security numbers.

  (Apr 27)

A new phishing campaign was discovered sending more than 550 million emails within the first quarter of 2018, according to data from Vade Secure. The threat was discovered in early January and has primarily hit users in the US, UK, France, Germany, and the Netherlands.

  Two-fifths of UK Firms Suffered Attack or Security Breach in 2017 (Apr 26)

Some 43% of UK businesses have experienced a security breach or cyber-attack in the past 12 months, a slight drop from a year previously, according to the latest government research.

  (Apr 27)

Only one of the top 50 federal IT contractors has fully implemented an email protocol designed to prevent fraud, the Global Cyber Alliance advocacy group reports.