Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.

Yours in Open Source,

Brittany Signature 150 Feature Extras:

Secure Linux Hosting for Businesses - Linux prevails as the most popular OS among hosting providers - and for good reason. Linux is secure by design , cost-efficient, compatible with the majority of key programming languages used worldwide and offers high levels of customization. 

What Is Threat Intelligence? - Thank you to Oyelakin Timilehin Valentina and Duane Dunston for contributing this article. Threat intelligence (or threat intell) is information used to understand past, present, and future threats targeting an organization. It is evidence-based knowledge about a previous, existing or emerging threat to organizational assets. Threat intelligence also includes settings, implications, mechanisms, context, and even action-oriented advice on the threat. Context mentioned here includes who the attackers are, what their motivation is, what their capabilities are, and what indicators of compromise are in your system. An Indicator of compromise (IOC) is forensic data in a system log file, for example, which identifies malicious activities on a system or network.

  Debian 10.10 released with latest security updates (Jun 21)

Debian 10.10 has been released with the latest security updates. Some popular packages that have received updates in this update include the Linux Kernel,  Nvidia  graphics drivers, OpenVPN, Firefox ESR, OpenSSL, Chromium, and OpenJDK.

  The ISRG wants to make the Linux kernel memory-safe with Rust (Jun 22)

The Internet Security Research Group - backed by Google's financial support - has provided prominent developer Miguel Ojeda with  a one-year contract to work on Rust in Linux  and other security efforts full-time. 

  Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks (Jun 23)

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). This discovery highlights the fact that developers of such applications must put in a high level of scrutiny to ensure their security.

  How to Browse with Tor to Protect Your Privacy Online (Jun 21)

If you're concerned about online privacy, then you should give the Tor Browser a try. It's free and open-source and enables anonymous Internet communication. Check it out!

  Linux Foundation creates standards for voice technology with major partners (Jun 23)

The Linux Foundation is teaming up with companies like Target, Microsoft and Veritone to create the Open Voice Network, an initiative designed to "prioritize trust and standards" in voice-focused technology. Linux Foundation representatives said the Open Voice Network would support the platforms by "delivering standards and usage guidelines for voice assistant systems that are trustworthy, inclusive and open."

  File encryption and decryption made easy with GPG (Jun 22)

GPG is a popular and powerful Linux file encryption tool. Learn how to use GPG to keep private files private.

  Ubuntu 21.04 Users Get Major Kernel Security Update, 17 Vulnerabilities Patched (Jun 25)

Canonical has released a new major Linux kernel security update for Ubuntu 21.04 (Hirsute Hippo), patching a total of 17 security vulnerabilities!

  Google rolls out a unified security vulnerability schema for open-source software (Jun 25)

Google recognizes that before you can understand something, you need to measure it, and is bringing a way to measure security errors across open-source software programs.

  The Linux kernel may not be quite as secure as it should be (Jun 27)

Kernel developers have gracefully accepted suggestions concerning release signing process