General Esm W900

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (May 23)
 

Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
  (May 23)
 

Biometric locks for phones are just getting more and more elaborate. Not content with fingerprints, some devices now offer facial recognition tech for accessing a device, and in the Samsung Galaxy S8's case, an iris scanner too.
  (May 24)
 

The relationship between a manufacturer or vendor and security researchers can be filled with tension and unease, and it's most often put to the test during the vulnerability disclosure process. Although their intentions are pure, researchers often feel they are being shut out of the process, while vendors may see disclosure deadlines as a threat from researchers looking to produce headlines.
  (May 22)
 

Yahoo has decided to retire the use of the ImageMagick library following a researcher's disclosure of a simple way to break the system to cause email information leaks.
  (May 25)
 

Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed.The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met.
  (May 26)
 

Organizers at the DEF CON hacking conference in July are planning a mass cracking of US electronic election machines.The event, which for over 20 years has attracted the best and the brightest in the hacking community, will see a group hackathon against the voting machines that are used in every US election these days. The purpose is to check whether the machinery that underpins the electoral system is up to scratch.
  (May 26)
 

Samba is an open source project that is widely used on Linux and Unix computers so they can work with Windows file and print services.Samba can work as a client that lets you connect to Windows servers, and as a server that can accept connections from Windows clients.
  (May 30)
 

The average lifespan of a cloud resource is 127 minutes. Traditional security strategies can't keep up with this rate of change, and 82% of databases in the public cloud are left unencrypted.
  (May 30)
 

In the wake of this spring's Senate ruling nixing FCC privacy regulations imposed on ISPs, you may be (even more) worried about how your data is used, misused, and abused. There have been a lot of opinions on this topic since, ranging from "the sky is falling" to "move along, citizen, nothing to see here."