Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- LinuxSecurity debunks some common myths and misconceptions regarding open source and Linux by answering a few Linux-related frequently asked questions.

Security Highlights from Defcon 26 - Defcon 26 provided individuals and organizations with valuable tips and insight on security and the latest and most effective defenses. Here are some security-related highlights from the event.

  (Sep 26)
 

While the Linux kernel has been patched for months (and updated CPU microcode available) to mitigate Spectre Variant Two "Branch Target Injection" this has been focused on kernel-space protection while patches are pending now for userspace-userspace protection.
  (Sep 27)
 

Multiple Linux distributions including all current versions of Red Hat Enterprise Linux and CentOS contain a newly discovered bug that gives attackers a way to obtain full root access on vulnerable systems.
  (Sep 28)
 

Researchers have discovered that several leading Android-based password managers can be fooled into entering login credentials into fake phishing apps.
  Vulnerable open source component adoption skyrockets in the enterprise (Sep 25)
 

Open-source software and components are critical to many of the online services we use today. Companies, ranging from the most well-known technology giants to SMBs, will often use open-source technologies to improve their own business processes and access useful software libraries.
  White House Issues National Cyber Strategy (Sep 23)
 

Taking a critical step forward in national cyber defense, the White House yesterday published the National Cyber Strategy, aimed at strengthening America's cybersecurity capabilities. President Trump wrote, "With the release of this National Cyber Strategy, the United States now has its fully articulated cyber strategy in 15 years."
  (Sep 25)
 

After developing it internally for over 10 years, the National Cybersecurity Agency of France (ANSSI) has decided to open source CLIP OS, a Linux-based operating system developed "to meet the specific needs of the [French] administration," and is asking outside coders to contribute to its development.
  The Sony hacker indictment: 5 lessons for IT security (Sep 25)
 

In August 2018, the US Department of Justice (DoJ) unsealed the indictment of a North Korean spy, Park Jin Hyok, whom they claim was behind the hack against Sony and the creation and distribution of the WannaCry ransomware. The 170-plus-page document was written by Nathan Shields of the FBI's LA office and shows the careful sequence of forensic analysis they used to figure out how various attacks were conducted.
  (Sep 27)
 

New research from O'Reilly Media has revealed that almost nine out of 10 (86%) businesses are deploying machine learning technologies without considering important questions regarding data quality, consumer privacy and the quality of machine learning applications.
  (Sep 24)
 

Choosing the best platform – Linux or Windows is complicated. Because both the system is versatile and capable of doing many mission-oriented and regular task. So if I ask you which one is the best system between Linux and Windows? On this topic, you can start an ever ending discussion.
  Linux firewalls: What you need to know about iptables and firewalld (Sep 28)
 

A firewall is a set of rules. When a data packet moves into or out of a protected network space, its contents (in particular, information about its origin, target, and the protocol it plans to use) are tested against the firewall rules to see if it should be allowed through.
  Independence Blue Cross Breach Exposed 17K Records (Sep 23)
 

Independence Blue Cross, a Philadelphia-based health insurer notified thousands of its members this week that a data breach had exposed some of their protected health information (PHI), according to Healthcare Informatics.
  (Sep 26)
 

Three individuals who admitted responsibility for creating and operating the highly disruptive Mirai botnet of 2016 have escaped jail time. Instead, they will now assist US law enforcement on cybersecurity matters.