Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

New & Improved LinuxSecurity Site Coming Soon! - After many months of development by a dedicated team of programmers and beta testers, the new LinuxSecurity is almost ready! With an all new look & feel, organizational changes, security events, and additions to our staff, we hope to better serve the Linux and open source community. Although there are many aesthetic improvements, a major part of our development has focused on creating a content structure and backend system that is easy to update.

LinuxSecurity Migration Announcement - As Linux and security evolves, so has Linuxsecurity.com! Since 1996, Linuxsecurity.com has been the most comprehensive resource for all things in the world of security and open source. And as open source continues its rise in securing the world's information, we are continuing our pursuit in being at the forefront of this exciting growth. So we are unveiling the new look of Linux Security.

  Security researchers discover new Linux backdoor named SpeakUp (Feb 5)
 

Hackers have developed a new backdoor trojan that is capable of running on Linux systems. Named SpeakUp, this malware is currently distributed to Linux servers mainly located in China.
  Report: Chinese cyberspies hacked MSP, retailer and law firm in economic espionage campaign (Feb 7)
 

The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP's clients.
  What is an advanced persistent threat (APT)? And 5 signs you've been hit with one (Feb 7)
 

An advanced persistent threat (APT) is a cyberattack executed by criminals or nation-states with the intent to steal data or surveil systems over an extended time period. The attacker has a specific target and goal, and has spent time and resources to identify which vulnerabilities they can exploit to gain access, and to design an attack that will likely remain undetected for a long time.
  MongoDB databases still being held for ransom, two years after attacks started (Feb 8)
 

Two years after hacker groups began ransacking MongoDB databases and requesting ransom payments, the practice is still very much alive, ZDNet has learned this week.
  Huddle House restaurant chain announces breach of POS system (Feb 5)
 

US-based casual dining and fast food restaurant chain Huddle House announced late Friday last week a security breach that impacted its point of sale (POS) system.
  Over 59K Data Breaches Reported in EU Under GDPR (Feb 6)
 

The General Data Protection Regulation (GDPR) officially went into effect across the European Union on May 25, 2018. Since then, more than 59,000 personal breaches have been reported to regulators.
  Researcher reveals data leak at South Africas main electricity provider (Feb 6)
 

In what may be a case of "if we ignore it, it will go away," South Africa's largest electricity company has become the subject of the public exposure of customer data after ignoring researcher pleas to resolve the problem.
  New TLS encryption-busting attack also impacts the newer TLS 1.3 (Feb 11)
 

A team of academics has revealed a new cryptographic attack this week that can break encrypted TLS traffic, allowing attackers to intercept and steal data previously considered safe & secure.
  OkCupid Denies Data Breach Amid Account Hack Complaints (Feb 12)
 

Dating is tough as it is, but some OkCupid users are reporting a new kind of challenge: Hackers are breaking into accounts, changing their email addresses and passwords, and locking them out. However, the dating website states it has not been affected by a security breach.
  China's cybersecurity law update lets state agencies 'pen-test' local companies (Feb 11)
 

New provisions made to China's Cybersecurity Law last November gives state agencies the legal authority to remotely conduct penetration testing on any internet-related business operating in China, and even copy and later share any data government officials find on inspected systems.
  Hackers wipe US servers of email provider VFEmail (Feb 12)
 

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process.
  Millions Affected by 500px Data Breach (Feb 13)
 

Online photography network 500px has forced a password reset for all users after revealing this week that it suffered a data breach last summer.