Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Jan 16)
 

In the world of information security, people are often told to "think like a hacker." The problem is, if you think of a hacker within a very narrow definition (e.g., someone who only breaks Web applications), it leads to a counterproductive way of thinking and conducting business.
  (Jan 17)
 

Back in 2000, a bug crept into the Internet Systems Corporation's BIND server, and it lay unnoticed until now.The result: if you're running a vulnerable version of BIND and using DNSSEC, you need to patch the server against a denial-of-service vulnerability.
  (Jan 17)
 

Mozilla's embrace of HTTPS, the secure form of HTTP, has ratcheted up a notch with the news that Firefox developers must start using a web security design called ‘secure contexts' "effective immediately."
  (Jan 17)
 

The first lawsuits to overturn the Federal Communications Commission's rollback of Obama-era net neutrality rules have been filed.Attorneys general from 22 states filed a lawsuit on Tuesday to block the repeal of the rules. Mozilla, maker of the Firefox browser, also said it has filed a suit against the FCC, and several public interest groups have filed petitions in court.
  (Jan 16)
 

A newly-uncovered form of Android spyware is one of the most advanced targeted surveillance tools ever seen on mobile devices, coming equipped with spying features never previously seen active in the wild.
  (Jan 14)
 

By default ssh logs out ssh attempts , wether they're successful or not , what it doesn't do by default is log out the passwords they've tried.So i thought it would be a good idea to slightly modify ssh to log them passwords too.
  (Jan 15)
 

"Hello Joe," read the November 2016 email from someone identifying himself as "John Doughs." "I have found a major vulnerability in Uber."
  (Jan 17)
 

The ICEBRG Security Research team discovered four malicious Google Chrome extensions during a routine investigation of anomalous traffic. More than 500,000 users, including workstations in major businesses around the world, have been affected.
  (Jan 16)
 

Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year.
  (Jan 15)
 

Coined by US deputy attorney general Rod Rosenstein, responsible encryption is a new name for an old argument: that public agencies fighting crime and terrorism must have access to our private communications--for our own good. In 2016, Apple defied a court order to unlock an iPhone used by a shooter in an attack in San Bernardino, California.
  (Jan 18)
 

New Mexico man pleads guilty to directing cyberattacks against his prior employers, business competitors, and law enforcement agencies.
  (Jan 16)
 

A new variant of the notorious Mirai malware is exploiting kit with ARC processors.The nasty, dubbed Okiru, is the first capable of infecting devices running the ARC CPU, according to independent security researcher Odisseus.