General Esm W900

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Jun 30)
 

Developers with Canonical pushed out a handful of patches for the Linux-based operating system Ubuntu this week, including one that resolves a bug that could have let an attacker cause a denial of service or execute arbitrary code with a TCP payload.
  (Jun 28)
 

Logs on your Linux server are crucial to monitoring and troubleshooting. Take a look at what they actually are and how to make the most of them.
  (Jun 26)
 

With computer hacking attacks making headline news on a frequent occasion, it is time for companies and individuals to take a more active stance in securing their computer systems.
  (Jun 29)
 

Hackers have tools that they use to carry out various types of operations. But among them all, the most crucial is the Linux Operating System.
  (Jun 29)
 

Chris Coulson, Ubuntu developer at Canonical, has found a critical vulnerability Linux that can be exploited to remotely hack machines running the popular OS. The flaw, tracked as CVE-2017-9445, resides in the Systemd init system and service manager for Linux operating systems.
  (Jun 27)
 

In spite of the rise of HTTPS, there are still spots where content originating on the Web can remain unencrypted, so a Mozilla engineer wants to close one of those gaps.
  (Jun 29)
 

How do I keep my server/cloud computer powered by Debian Linux 9.x or 8.x current with the latest security updates automatically? Is there is a tool to update security patched automatically?
  (Jun 26)
 

Every developer knows the importance of following best security practices. But too often we cut corners, maybe because we have to work hard until those security practices sink in. Unfortunately, that usually takes something like seeing a security malpractice that's so bad it gets marked in indelible ink in our brains.
  (Jun 28)
 

WatchGuard®'s latest quarterly Internet Security Report reveals that despite an overall drop in malware detection, Linux malware made up more than 36 percent of the top threats identified in Q1 2017. The increased presence of Linux/Exploit, Linux/Downloader and Linux/Flooder attacks highlights the need to protect Linux-based IoT devices and Linux servers from the internet with layered defences.
  (Jun 27)
 

At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, "The Password Reset MitM Attack" (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.
  (Jun 27)
 

In as little as four hours, the bad guys can reverse engineer a software patch for an open-source content management system (CMS) and build an exploit capable of turning millions of websites into spammers, malware hosts or DDoS attackers.
  (Jun 30)
 

The Shadow Brokers is once again trying to sell yet more stolen NSA cyber-weapons, raising the asking price in the process. And the gang has threatened to out one of the US spy agency's ex-operatives that it claims hacked Chinese targets.