Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.

Today’s newsletter highlights our two most recent feature articles: Get started with CrowdSec v.1.0.X and Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall for Linux. We also examine various topics including Google's efforts to improve the security of the Linux kernel and improvements to the Linux Mint Update Manager designed to make it easier for users to apply security updates. Happy Monday - and happy reading!

Yours in Open Source,

Brittany Signature 150

LinuxSecurity.com Feature Extras:

Get started with CrowdSec v.1.0.X - Thank you to the Crowdsec project for contributing this article. The official release of CrowdSec v.1.0.X introduces several improvements to the previous version, including a major architectural change: the introduction of a local REST API.

Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall for Linux - CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

  Sysdig Donates Module to CNCF to Improve Linux Security (Feb 25)
 

As part of an effort to advance Linux security, Sysdig has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF).
  Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers (Feb 26)
 

Microsoft is open-sourcing the  CodeQL queries  that it used to investigate the impact of Sunburst or Solarigate malware planted in the SolarWinds Orion software updates, enabling other organizations to use the queries to perform a similar analysis. Mike Hanley, CSO of GitHub, says  CodeQL provides, "key guardrails that help developers avoid incidents and shipping vulnerabilities". 
  Python programming language hurries out update to tackle remote code vulnerability (Feb 23)
 

The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable- but in practical terms can only be used to knock a machine offline. Upgrade now!
  Windows Subsystem for Linux 2: The GUI features developers have been asking for (Feb 23)
 

Get ready, developers- Microsoft's WSL 2 is getting graphics support!
  Cheap baby monitors and security cameras – widespread flaw allows remote viewing (Feb 22)
 

New research highlights that cheap baby monitor and security camera vendors prioritize convenience over user security and privacy, building a highly insecure convenience feature that allows anyone to remotely view unencrypted video streams into their products.
  'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security (Feb 25)
 

Google has demonstrated serious concern about the security of Linux and open-source code, and is sponsoring a pair of full-time developers to work on the kernel's security.
  Top Linux distro tells users: Stop using out of date versions, update your software now (Feb 24)
 

Linux Mint maintainers are emphasizing the importance of keeping software up-to-date - a critical security best practice that many users are neglecting.
  To infinity and beyond: Linux and open-source goes to Mars (Feb 22)
 

If all goes well, the first flight on Mars will be made by the Linux-powered Perseverance Mars rover's companion drone helicopter.
  Red Hat closes StackRox Kubernetes security acquisition (Feb 24)
 

With the popular Linux distro's acquisition of StackRox, Red Hat is taking a major step forward in securing not only its own Kubernetes distribution, OpenShift, but other Kubernetes distros as well.
  How to Update Ubuntu, Linux Mint, or Elementary OS via the Desktop (Feb 26)
 

Want to update your Linux distro? Learn how to update Ubuntu, Linux Mint, and Elementary OS via the desktop in this tutorial.
  Go malware is now common, having been adopted by both APTs and e-crime groups (Mar 1)
 

There's been a 2,000% increase of new malware written in Go over the past few years. Many of these malware families are botnets targeting Linux and IoT devices to either install crypto miners or enroll the infected machine into DDoS botnets.
  Linux Mint's Update Manager To Encourage Users To Apply Security Updates (Mar 1)
 

Linux Mint is working on improving its Update Manager in an effort to encourage users to apply security updates.