Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Jan 8)
 

A researcher has published a proof-of-concept (PoC) project called CoffeeMiner which shows how threat actors can exploit public Wi-Fi networks to mine cryptocurrencies.
  (Jan 8)
 

Hackers are targeting the upcoming Winter Olympics with a phishing and malware campaign directed at the organisations that provide infrastructure and other support for the Games.
  (Jan 8)
 

The proposed Active Cyber Defense Certainty (ACDC) Act has its pros and cons. But it's not the only option for protecting your company's digital assets.
  (Jan 11)
 

If "Going Dark" were an actual thing, then surely the FBI would be completely blind by now. After all, the bureau has been harping on how it was "going dark" for 25 years! That's right, the FBI started making claims about "going dark" due to encryption way back in 1993, according to Bruce Schneier.
  (Jan 10)
 

As upstream Glibc is working on deprecating libcrypt for its eventual removal from the codebase, Fedora developers are looking at using libxcrypt for their hashing/encoding crypto library.
  (Jan 11)
 

Canonical, the company that makes Linux distro Ubuntu, has re-released its Meltdown update for Ubuntu 16.04 LTS Xenial users after the first attempt tripped up machines.
  (Jan 11)
 

Let's Encrypt has disabled TLS-SNI-01 validation after the discovery of an attack able to hijack certificates using the protocol.
  (Jan 12)
 

All the major Linux distributions have now released their Intel chip meltdown patches. But, someone must retune all those servers to get their performance up to speed and replace network devices and servers running up-to-date Linux distros.
  (Jan 12)
 

The outgoing head of the Defense Information Systems Agency, which handles computer security for the US Department of Defense, has warned a massive cyber-attack is "looming" at the American military's door.
  (Jan 10)
 

In comparison to Microsoft which is having a busy month patching due to Spectre and Meltdown, Adobe's latest patch update addresses only one vulnerability.
  (Jan 14)
 

By default ssh logs out ssh attempts , wether they're successful or not , what it doesn't do by default is log out the passwords they've tried.So i thought it would be a good idea to slightly modify ssh to log them passwords too.
  (Jan 15)
 

In 2013, Edward Snowden revealed that the National Security Agency was legally collecting millions of Americans' phone calls and electronic communications--including emails, Facebook messages, and browsing histories--without a warrant. Congress has now decided not only to reauthorize these programs, but also to expand some of their most invasive techniques.