Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Linux: An OS Capable of Effectively Meeting the US Governments Security Needs Heading into 2020 - As Open Source has become increasingly mainstream and widely accepted for its numerous benefits, the use of Linux as a flexible, transparent and highly secure operating system has also increasingly become a prominent choice among corporations, educational institutions and government sectors alike. With national security concerns at an all time high heading into 2020, it appears that the implementation of Linux could effectively meet the United States governments critical security needs for application development and installations.

Linux Kernel Security in a Nutshell: How to Secure Your Linux System - The Linux kernel is the core component of the Linux operating system, maintaining complete control over everything in the system. It is the interface between applications and data processing at the hardware level, connecting the system hardware to the application software. The kernel manages input/output requests from software, memory, processes, peripherals and security, among other hefty responsibilities. Needless to say, the Linux kernel is pretty important.

  Mozilla to force all add-on devs to use 2FA to prevent supply-chain attacks (Dec 13)
 

Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account to prevent supply-chain attacks. The new rule is to enter effect starting in 2020. Learn more:
  Google Releases Chrome 79 for Linux, Windows, and Mac with 51 Security Fixes (Dec 11)
 

Are you a Google Chrome user? Googlehas releasedthe Chrome 79 web browser for all supported platforms, including GNU/Linux, macOS, Windows, Android, and Chrome OS. This release includes 51 security fixes. Learn more:
  Defense Department To Congress: 'No, Wait, Encryption Is Actually Good; Don't Break It' (Dec 12)
 

As Senate Judiciary Committee Chair Lindsey Graham has continued his latest quest to undermine encryption with a hearing whose sole purpose seemed to be to misleadingly argue that encryption represents a "risk to public safety." The Defense Department has weighed in to say that's ridiculous. As you may recall, the DOJ and the FBI have been working overtime to demonize encryption and pretend -- against nearly all evidence -- that widespread, strong encryption somehow undermines its ability to stop criminals. Learn more in an interesting TechDirt article:
  Strengthen California’s Consumer Data Privacy Regulations (Dec 9)
 

EFF and a coalition of privacy advocates have filed comments with the California Attorney General seeking strong regulations to protect consumer data privacy. The draft regulations are a good step forward, but the final regulations should go further. What are your thoughts on the draft regulations that were published in October? Learn more:
  Networking attack gives hijackers VPN access (Dec 9)
 

Researchers have discovered a security flaw in macOS, Linux, and several other operating systems that could let attackers hijack a wide range of virtual private network (VPN) connections. Learn more about this networking attack:
  Google Chrome Will Now Alert You If Your Passwords Have Been Hacked (Dec 12)
 

Google yesterdayrolled a new stable version of the companys web browser, Chrome 79 for Windows, Mac, Linux, Android, and iOS. The new web browser comes with several security improvements and better secure browsing protections, including a new feature that will automatically alert you if your passwords have been hacked. Learn more:
  At long last, WireGuard VPN is on its way into Linux (Dec 10)
 

For years, developers have been working on this new take on the virtual private network, and now it's finally ready to go. Learn more about this in-kernel VPN, which should be released in the next major Linux kernel release, 5.6, in the first or second quarter of 2020:
  Ad industry groups ask that the CCPA keep its mitts off their cookies (Dec 11)
 

Five ad industry groups have asked California Attorney General Xavier Becerra to change stipulations about cookie-blocking in the states impending, far-reaching, almost-GDPR-but-not-quite privacy law, which goes into effect in the new year. What is your opinion on this request? Learn more:
  The Senate Judiciary Committee Wants Everyone to Know It’s Concerned About Encryption (Dec 13)
 

The Senate Judiciary Committee recently held a hearing on encryption and lawful access. Thats the fanciful idea that encryption providers can somehow allow law enforcement access to users encrypted data while otherwise preventing the bad guys from accessing this very same data. Learn more:
  Plundervolt – stealing secrets by starving your computer of voltage (Dec 16)
 

The funky vulnerability of the month " what we call a BWAIN , short for Bug With an Impressive Name " is Plundervolt , also known as CVE-2019-11157 . Learn more about this vulnerability, how it works and what actions you should be taking to protect you system in an informative Naked Security article:
  Debian Releases Updated Intel Microcode for Coffe Lake CPUs, Fixes Regression (Dec 16)
 

The Debian Project released a new intel-microcode security update for Intel CPU microarchitectures to address a regression affecting HEDT and Xeon processors, and add mitigations for Coffe Lake CPUs. Learn more about this update: