Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Jan 3)
 

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
  (Jan 3)
 

Last year, Google's Project Zero team discovered serious security flaws caused by "speculative execution," a technique used by most modern processors (CPUs) to optimize performance.
  (Jan 2)
 

Thanks to Daniel Aleksandersen for sending this in. "tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads.
  (Jan 4)
 

Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world's computers.The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks.
  (Jan 2)
 

Ransomware targeting cloud services is one of the six biggest cyber threats likely to face organisations in 2018, according to the Massachusetts Institute of Technology
  (Jan 3)
 

Cryptojacking, which exploded in popularity this fall, has an ostensibly worthy goal: Use an untapped resource to create an alternative revenue stream for games or media sites, and reduce reliance on ads.
  (Jan 5)
 

As you've likely heard by now, there are some problems with Intel, AMD, and ARM processors. Called Meltdown and Spectre, the discovered attack possibilities are rather severe, as they impact pretty much every technical device on the network or in your house (PCs, laptops, tablets, phones, etc.).
  (Jan 5)
 

If you, like me, spend a lot of time Googling cryptocurrencies, you've probably seen that face. You might already know the one I'm talking about: It stares at you from web ads, blankly, with just a hint of a smile, like a bad 80s yearbook photo.
  (Jan 2)
 

A critical security vulnerability has been reported in phpMyAdmin--one of the most popular applications for managing the MySQL database--which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link.
  (Jan 2)
 

Once upon a time, standards were our friends. They provided industry-accepted blueprints for building homogeneous infrastructures that were reliably interoperable. Company A could confidently build an application and -- because of standards -- know that it would perform as expected on infrastructure run by Company B.
  (Jan 2)
 

Thanks to Daniel Aleksandersen for sending this in. "One of Fedora's differentiating features compared to other Linux distributions is its well-maintained and low-friction default SELinux policy set. The two virtual private server (VPS) hosting providers Linode and Vultr have been offering server instances of Fedora Server with Security-Enhanced Linux (SELinux) enforcement disabled by default."
  (Jan 8)
 

The proposed Active Cyber Defense Certainty (ACDC) Act has its pros and cons. But it's not the only option for protecting your company's digital assets.