Thank you for subscribing to our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week’s most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.


Today’s newsletter highlights our two most recent feature articles: RavenDB: Pioneering Data Management with an Innovative Open-Source Approach and TANSTAAFL! The Tragedy of the Commons Meets Open-Source Software. We also examine various topics including the release of Tails 4.11 featuring the Tor Browser 10 and security concerns associated with Windows Subsystem for Linux 2 (WSL2) bypassing the Windows 10 firewall. Happy Monday - and happy reading!

RavenDB: Pioneering Data Management with an Innovative Open-Source Approach - When it comes to using a NoSQL document database to store, manage and retrieve documents, reliability, privacy, efficiency and ease-of-use are essential in optimizing productivity and ensuring data security. However, the unfortunate reality is that many NoSQL document databases fail to embody these important characteristics, leaving users frustrated - and often at risk. 

How To Identify Libraries that are Still Vulnerable to Attacks After Updates - Patch management can be a complex and time-consuming process, and because of this, patches to fix vulnerabilities may not be applied before a hacker is able to breach an organization's security. The majority of organizations are not aware of these vulnerabilities until they have experienced a breach, at which point it is frustrating to learn that deploying a simple patch could have prevented the breach altogether.

  Mac, Linux Users Now Targeted by FinSpy Variants (Sep 29)
 

The infamous FinSpy spyware has returned - and is now targeting Linux and macOS users. FinSpy is being used in new campaigns targeting dissident organizations in Egypt.
  Windows Subsystem for Linux 2 bypasses the Windows 10 Firewall (Oct 2)
 

The Windows Subsystem for Linux 2 will bypass the Windows 10 firewall and any configured rules, raising security concerns for those who use the feature - the main concern being a lack of awareness of this change.
  IPStorm botnet expands from Windows to Android, Mac, and Linux (Oct 1)
 

The IPStorm botnet, which was first spotted targeting Windows systems last year, has quadrupled in size to reach 13,500 infected systems - and is now targeting Linux, Android and Mac devices.
  Hackers jailbreak Apple’s T2 security chip powered by bridgeOS (Oct 2)
 

The Apple T2 security chip has finally been jailbroken! Heres all you need to know about it. The latest update of checkra1n adds support for bridgeOS " the operating system that powers the Apple T2 security chip. For what its worth, the T2 chip is not A10 per se but it is derived from the Apple A10 Fusion architecture.
  Linux-based Windows makes perfect sense (Oct 1)
 

Eric S. Raymond, one of open-source's founding fathers, thinks we're nearing the  last phase of the desktop wars . The winner?  Windows running on Linux . "Google chose to save money and increase security by using  Linux as the basis for Chrome OS . This worked out really well for Google. It can for Microsoft with -- let's take a blast from the past -- and call it Lindows as well."
  Balancing Linux Security with Usability (Sep 28)
 

Security is a balance between accessibility, usability, and restriction - too far in any of those directions, and you're in for trouble. Here are some tips on how to strike that balance with your Linux system.
  Using ssh-keygen and sharing for key-based authentication in Linux (Sep 30)
 

Using SSH key-based authentication is beneficial for both security and convenience. Learn how to generate and share keys using ssh-keygen in this tutorial.
  Tails 4.11 Anonymous OS Released with Tor Browser 10, Extended Persistent Storage (Oct 5)
 

Tails 4.11 - the latest version of the "Anonymous OS" - is now available for download, offering a selection of improvements, updated components and security fixes.