General Esm W900

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Jul 27)
 

It's the nightmare situation nobody wants to be in."C'est juste un peu frustrant," said Ayoub Elaassal in a tweet last week, describing his frustration. He just found out that he had been denied entry to the US, just days before he was set to fly out from where he lives in Paris to speak at the Black Hat conference in Las Vegas.
  (Jul 25)
 

A recently patched flaw in the Linux-based GNOME Files file manager has been discovered that could enable hackers to create malicious Windows-based MSI files which would run malicious VBScript code on Linux.
  (Jul 25)
 

In the last few months, waves of ransomware attacks have pummeled the world, disrupting not just businesses but also vital services like hospital care, energy infrastructure, and telecoms. Which means the research Andrea Continella and his team have pursued recently couldn't be better timed: A tool that detects ransomware automatically, almost instantly, and restores your system from backups before hackers can fully lock it down.
  (Jul 24)
 

Eight months after three critical vulnerabilities were fixed in the memcached open source caching software, there are over 70,000 caching servers directly exposed on the internet that have yet to be patched. Hackers could execute malicious code on them or steal potentially sensitive data from their caches, security researchers warn.
  (Jul 25)
 

If you're running the caching service Memcached, and particularly if you're exposing it to the public internet for some reason, please make sure you've patched it. Tens of thousands of vulnerable systems haven't.
  (Jul 24)
 

Microsoft has unveiled a new bug hunting tool, named Microsoft Security Risk Detection, that's built to help customers find and eliminate bugs before attackers can seize on them.
  (Jul 28)
 

One out of every seven people on the planet uses the messaging app WhatsApp every day, according a recent blog post from the company. A billion people a day send messages to their friends and family on a service that's end-to-end encrypted by default, up from a billion per month last year.
  (Jul 27)
 

Tom Grasso, unit chief of the FBI's cyber division, took the Black Hat stage to discuss the processes and partnerships leading up to the massive Avalanche takedown in December 2016.
  (Jul 28)
 

Malware authors continue to chip away at Samba bugs similar to those that helped spread WannaCry/WannaCrypt.
  (Jul 28)
 

If you haven't updated your iPhone or Android device lately, do it now. Until very recent patches, a bug in a little-examined Wi-Fi chip would have allowed a hacker to invisibly hack into any one of a billion devices. Yes, billion with a b.
  (Jul 31)
 

At Def Con's hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal; John Hopkins computer scientist Matt Blaze said, "We encourage you to do stuff that if you did on election day they would probably arrest you."