Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Email Security FAQs Answered by Guardian Digital - With email-related attacks becoming increasingly prevalent and serious, effectively securing your email accounts is more important than ever before.

- LinuxSecurity debunks some common myths and misconceptions regarding open source and Linux by answering a few Linux-related frequently asked questions.

  Vendors confirm products affected by libssh bug as PoC code pops up on GitHub (Oct 21)
 

Products from major vendors such as F5 and Red Hat are affected by a major vulnerability that came to light this week and which resides in the libssh library.
  Get Essential Security Information from Linux Security Summit Videos (Oct 22)
 

In case you missed it, videos for Linux Security Summit NA are now available. On Linux.com, we covered a couple of these in depth, including:Redefining Security Technology in Zephyr and Fuchsia By Eric Brown
  Morrisons Loses Insider Breach Liability Appeal (Oct 23)
 

Supermarket giant Morrisons has been told by the Court of Appeal that it is liable for the actions of a malicious insider who breached data on 100,000 employees, setting up a potential hefty class action pay-out.
  (Oct 26)
 

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.
  (Oct 22)
 

Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile.
  (Oct 21)
 

An explosive report in The New York Times this weekend sheds new light on the apparent targeting of Twitter accounts by "state-sponsored actors" three years ago.
  EU Laws Could Spell Double Trouble for Firms (Oct 24)
 

Legal experts have warned organizations in certain highly regulated industries that they could be fined twice under new EU security laws with huge maximum penalties.
  (Oct 23)
 

There's more hand-wringing around cybersecurity this year than last, according to 66% of organizations surveyed for IDG's 2018 US State of Cybercrime report.
  Yahoo agrees to pay $50 million to settle data breach lawsuit (Oct 24)
 

Yahoo must pay $50 million in damages to victims of one of the largest data breaches on record.
  (Oct 25)
 

Linus Torvalds quietly met with Linux's top 40 or so developers at the Maintainers' Summit, held in concert with Open Source Summit Europe in Scotland. Afterward, we spoke about his return to Linux, the adoption of the Linux Code of Conduct (CoC), and how Berkeley Packet Filter (BPF) is changing Linux.
  Hackers steal personal data of up to 9.4 million Cathay Pacific passengers (Oct 25)
 

Most people in the world would describe it as a company "admitting they've been hacked."But if you're the breached company and want to apply the maximum amount of PR spin, you might instead issue a release saying you're "announcing a data security event affecting customer data."
  Trade.io Hacked, Loses 50 Million Tokens Worth $7.5 million (Oct 22)
 

In a Medium blog post, Jim Preissler, the CEO of the trade.io cryptocurrency exchange, disclosed a security breach which allows hackers to steal roughly 50 million trade tokens (TIO) worth $7,5 million from a cold storage wallet owned by the company, as first reported by ZDNet.