Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Feb 6)
 

The Australian Federal Police (AFP) will enter the nation's infants schools to train children in online stranger danger, Minister for Law Enforcement and Cyber Security Angus Taylor announced on Tuesday.
  (Feb 6)
 

Lauri Love has won a High Court appeal to prevent his extradition from the UK to the US on hacking charges. Love is wanted by US prosecutors to stand trial for allegedly hacking into the FBI, the US Central Bank, the US Army, and NASA, among others.
  (Feb 7)
 

Netherlands police's high-tech crime unit has arrested an 18-year-old man on suspicion of launching distributed denial-of-service (DDoS) attacks on the Dutch tax authority, tech site Tweakers, and internet service provider Tweak.
  (Feb 6)
 

Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks.
  (Feb 8)
 

Tens of thousands of websites are going to find themselves labeled as unsafe unless they switch out their HTTPS certificate in the next two months.
  (Feb 5)
 

So Uber partners with HackerOne to offer a public bug bounty program, advertising a $500 minimum guaranteed payout if a security vulnerability is found within an Uber app or information asset. Fair enough,
  (Feb 6)
 

Newly discovered hack would allow attackers to send data between two systems during TLS negotiation, researchers say.
  (Feb 8)
 

The confidential source code to Apple's iBoot firmware in iPhones, iPads and other iOS devices has leaked into a public GitHub repo.
  (Feb 7)
 

Religiously turning off location services might not save you from having your phone tracked: a paper from a group of IEEE researchers demonstrates tracking when GPS and Wi-Fi are turned off.
  (Feb 7)
 

The researcher behind the teaser of a new method to crack Amazon.com's "Key" connected door locks has revealed how his method works, and criticised Amazon's response to his work because it detailed the flaw before shipping a fix.
  (Feb 5)
 

Lt. Saul Jaeger, who commands the traffic unit at the Mountain View Police Department, remembers the first time a few years ago when he was given a demo of Waymo's self-driving cars.
  (Feb 9)
 

Enterprises invest a lot of time, effort and money in keeping their systems secure. The most security-conscious might have a security operations center. They of course use firewalls and antivirus tools. They probably spend a lot of time monitoring their networks, looking for telltale anomalies that could indicate a breach. What with IDS, SIEM and NGFWs, they deploy a veritable alphabet of defenses.