General Esm W900

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Jul 10)
 

The last several years have seen a slew of reports coming out lamenting the typical enterprise's ability to recruit and retain quality cybersecurity talent.
  (Jul 11)
 

The Linux Foundation has launched a new open source project focused on centralizing security services orchestration for multi-cloud environments.
  (Jul 14)
 

A vulnerability hidden in Kerberos code for more than 20 years met its end in patches issued this week by Microsoft and several Linux vendors.Having found the flaw three months ago in Heimdal, an open-source implementation of Kerberos, Jeffrey Altman, founder of AuriStor, and Viktor Dukhovni and Nicolas Williams from Two Sigma Investments, dubbed the bug Orpheus' Lyre.
  (Jul 12)
 

Drone hackers in the UK are busy at work exploiting the application security shortcomings of a major manufacturer to circumvent restrictions, including flight elevation limits. DJI says it has pushed out a firmware update to nip the problem in the bud, but one expert The Register spoke to maintains that hacking is still possible.
  (Jul 13)
 

Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.Penetration testers as well as bad-guy hackers typically rely on several common attack tools to break into business networks.
  (Jul 14)
 

Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.It's obvious cybersecurity has a diversity problem: just one-tenth of today's cybersecurity workforce are minorities, and the the number of women has basically plateaued for the past few years at a meager 11%.
  (Jul 17)
 

Managing an IT department at the best of times can be a struggle, and managing a security team has its own special challenges.But whatever you do, don't put an engineer, even your best, in charge, unless their people management skills are as good as their infosec knowhow.
  (Jul 17)
 

The White House more or less doxed citizens, who took the time to submit feedback to the Presidential Advisory Commission on Election Integrity, by publishing 112 pages (pdf) of public comments without first redacting any personal information; some of the emailed comments were outraged, some commenters dropped f-bombs, one sent goatse, but they were published in full, including those that showed citizens' "email addresses, home addresses and phone numbers."
  (Jul 17)
 

On Unix systems, random numbers are generated in a number of ways and random data can serve many purposes. From simple commands to fairly complex processes, the question "How random is random?" is worth asking.