Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Feb 13)
 

In his backpack, Wouter Slotboom, 34, carries around a small black device, slightly larger than a pack of cigarettes, with an antenna on it. I meet Wouter by chance at a random cafe in the center of Amsterdam. It is a sunny day and almost all the tables are occupied. Some people talk, others are working on their laptops or playing with their smartphones.
  (Feb 14)
 

When is security not security? When it guards against the wrong people or against things that never happen. A useless security measure is just another batch of code that might contain an exploitable bug. So the Linux developers always want to make sure a security patch is genuinely useful before pulling it in.
  (Feb 14)
 

Managing open-source mobile security and privacy for activists worldwide | Salted Hash Ep 18
  (Feb 14)
 

VPN is an acronym for Virtual Private Network. The purpose of a VPN is to provide you with security and privacy as you communicate over the internet.
  (Feb 15)
 

A fast-moving botnet that turns routers, cameras, and other types of Internet-connected devices into potent tools for theft and destruction has resurfaced again, this time by exploiting a critical vulnerability that gives attackers control over as many as 40,000 routers. Despite the high stakes, there's no indication that the bug will be fixed any time soon, if at all.
  (Feb 16)
 

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats.
  (Feb 16)
 

A stealthy backdoor undetected by antimalware providers is giving unknown attackers complete control over at least 100 Linux servers that appear to be used in business production environments, warn researchers.
  (Feb 13)
 

If you're still running a website that is still using insecure HTTP then it's time to wake up and drink the coffee.Because unless you take action soon, you're going to find many of your visitors are going to distrust your website.
  (Feb 15)
 

Intel has updated its bug bounty program, offering up to $250,000 to anyone identifying vulnerabilities in its hardware and software. The key update here is that the program is now open to everyone through the HackerOne platform -- it was previously open to selected security researchers on an invite-only basis.
  (Feb 16)
 

Researchers have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws, which may force chipmakers like Intel to re-examine already difficult hardware mitigations.
  (Feb 12)
 

On Wednesday, an anonymous person published the proprietary source code of a core and fundamental component of the iPhone's operating system.
  (Feb 15)
 

FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password.