Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Dec 12)
 

There have been numerous high-profile breaches involving popular websites and online services in recent years, and it's very likely that some of your accounts have been impacted. It's also likely that your credentials are listed in a massive file that's floating around the Dark Web.
  (Dec 13)
 

Updated version includes changes to some existing guidelines - and adds some new ones. The National Institute of Standards and Technology (NIST) has released the second draft of a proposed update to the national Cybersecurity Framework of 2014.
  (Dec 12)
 

UPDATED NEWS ANALYSIS: Intel's Management Engine, which runs inside most recent Intel processors, can be hijacked by hackers, who can then gain unlimited access to everything on the device.
  (Dec 11)
 

You can't keep your data secure software alone. A good hacker knows a complex set of skills that includes computers, social engineering, and physical security. That means a hacker that really wants your stuff will know how to pick a lock to get it.
  (Dec 11)
 

For this week's episode of Salted Hash, we're joined by Josh Shaul, the vice president of web security at Akamai. He shares his story about his experiences during the Dyn Inc. DDoS attacks, and offers some details about the Reaper botnet.
  (Dec 14)
 

Moscow's recent demand to inspect the source code of American software vendors supplying the Russian government does not pose the severe security threat some are making it out to be, experts say, emphasizing that while sharing source code with a nation-state adversary does make it easier for an attacker to find security flaws, source code is far from the "keys to the kingdom" for bug hunters.
  (Dec 15)
 

Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
  (Dec 15)
 

Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going in comparison is being put into looking for mathematical backdoors, two cryptography professors argue.
  (Dec 15)
 

News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways.
  (Dec 18)
 

If you use Firefox instead of Chrome, do you do so because you prefer Mozilla's stance on privacy? Some loyal Firefox users and even employees were up in arms after Mozilla surreptitiously installed the add-on Looking Glass last week. It didn't happen to all Firefox users, but the ones affected did not give the browser permission to install it.
  (Dec 18)
 

Anti-malware vendor Avast has donated its homegrown malware decompiler tool to the open-source community.