Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (May 9)
 

Earlier this year, hackers exploited vulnerabilities in the Signaling System No. 7 (SS7) protocols to sidestep two-factor authentication and steal funds from German victims' bank accounts, according to Germany's Suddeutsche Zeitung.
  (May 10)
 

There is no question that the web browser will be the piece of software with the largest and the most exposed attack surface on your Linux workstation. It is a tool written specifically to download and execute untrusted, frequently hostile code.
  (May 11)
 

SELinux transitions are in some ways similar to a setuid executable in that when a transition happens the new process has different security properties then the calling process. When you execute setuid executable, your parent process has one UID, but the child process has a different UID.
  (May 11)
 

The second annual Cyber Investing Summit, held on Wall Street at the New York Stock Exchange, announced that Kevin Mitnick, the world's most famous hacker, will be its opening act on May 23, 2017.
  (May 8)
 

The Google Doc phishing scam that conned over a million users this week illustrates how attackers cleverly respond to wider spread end-user awareness about how phishing attacks work.
  (May 8)
 

A new form of cyberattack has set its sights on high-profile targets across the globe, enabling its perpetrators to conduct espionage and steal data by using readily available software tools, thus removing the need to deploy advanced malware.
  (May 9)
 

To prevent further fake Docs phishing attacks on Gmail users, Google says it will tighten enforcement of the OAuth system it uses for linking third-party apps to Google accounts.
  (May 13)
 

A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).
  (May 12)
 

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.
  (May 10)
 

A bot is thought to be behind the posting of thousands of messages to the FCC's website, in an apparent attempt to influence the results of a public solicitation for feedback on net neutrality.
  (May 10)
 

A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday.
  (May 12)
 

Thanks to IoT botnets, DDoS attacks have finally turned from something of a novelty into an everyday occurrence. According to the A10 Networks survey, this year the ‘DDoS of Things' (DoT) has reached critical mass – in each attack, hundreds of thousands of devices connected to the Internet are being leveraged.