Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Dec 19)
 

Ah, you gotta love Red Hat -- they're never not busy working on something that might make our lives a little easier.Latest case in point: Thunderbolt 3.
  (Dec 21)
 

A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends.
  (Dec 18)
 

Anti-malware vendor Avast has donated its homegrown malware decompiler tool to the open-source community.
  (Dec 20)
 

Damaging attacks from second and third-tier nation-state threat actors – especially in the Middle East - could become more of a pressing issue for enterprises next year if a couple of recent incidents are any indication.
  (Dec 18)
 

If you use Firefox instead of Chrome, do you do so because you prefer Mozilla's stance on privacy? Some loyal Firefox users and even employees were up in arms after Mozilla surreptitiously installed the add-on Looking Glass last week. It didn't happen to all Firefox users, but the ones affected did not give the browser permission to install it.
  (Dec 20)
 

The door to your personal data got left wide open once again.Researchers revealed Tuesday that earlier this year they discovered a massive database -- containing information on more than 123 million American households -- that was sitting unsecured on the internet.
  (Dec 19)
 

After getting a shell on a server you may or may not have root access. To gain privileged access to a Linux system it may take performing more analysis of the system to find escalation issues. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) provides a methodology for performing various privilege escalation techniques against Linux-based systems.
  (Dec 21)
 

Brit teen Jack Chappell has avoided being sent to prison after pleading guilty to helping launch DDoS attacks against NatWest, Amazon and Netflix, among others.
  (Dec 22)
 

It was the year nothing seemed safe.Bombshell hacks were revealed one after another in 2017, from an Equifax breach that compromised almost half the country to global ransom campaigns that cost companies millions of dollars.
  (Dec 22)
 

Ken Moore, the creator of the FreeBSD-based TrueOS computer operating system and Lumina desktop environment, released the TrueOS 17.12 update, which introduces multiple enhancements.
  (Dec 22)
 

Norwegian browser maker Opera has launched the beta version of Opera 50, the first popular browser to integrate a built-in cryptocurrency-mining blocker.
  (Dec 26)
 

The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. This post will remain updated in the upcoming weeks.