Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

(May 4)

A 60 byte payload sent to a UDP socket to the rpcbind service can crash its host by filling up the target's memory.Guido Vranken, who discovered the vuln and created the "Rpcbomb" exploit, complains that he couldn't get action from the package maintainers, so he's written patches himself.
(May 2)

Since becoming a rolling distro, updated images have stopped being of much importance for Kali Linux. However, Kali Linux 2017.1 is apparently a major release for this distro with a host of new features and improvements made to this ethical hacking distro.
(May 1)

Late on Friday afternoon, the Commissioner of the Australian Federal Police waltzed out in front of the microphones and admitted that his agency had misused the metadata that the nation's telecommunication companies are forced to store.
(May 2)

Linux users, the free lunch is over. Pennsylvania-based Open Source Security on Wednesday decided to stop making test patches of Grsecurity available for free.The software, a set of powerful Linux kernel security enhancements, includes features such as support for role-based access controls and chroot restrictions that harden Linux implementations.
(May 1)

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.
(May 3)
Flickr account hijack flaw earns researcher $7k (May 2)

Yahoo has awarded a researcher $7,000 for disclosing a Flickr security flaw which enabled attackers to hijack user accounts without limit.The issue, patched on 10 April, permitted attackers to intercept and grab access tokens by circumventing Flickr protections.
(May 4)

A new phishing attack has appeared in inboxes around the world that masquerades as an email contact sharing a Google Doc.The emails appear to originate from a legitimate account, with the email addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. and dozens of contact email addresses blind carbon copied (bcc) in.
(May 5)

On Wednesday, Kenneth Lipp, a contributor to the Daily Beast, was doing what amounts to a random search on the security search engine Shodan when he discovered what appears to be a Web console for full-motion video feeds from two Predator drones.
(May 1)

Hacker Evaldas Rimasauskas, 48, of Vilnius, Lithuania, was arrested last month and charged with stealing more than $100 million from Facebook and Google, according to a Fortune report.
(May 5)

Having trouble finding the right security products for your business? You're not the only one.Today's market is filled with hundreds of vendors and plenty of marketing hype. But figuring out which solutions are worthwhile can be a challenge, especially for businesses with little experience in cybersecurity.
(May 3)

Security researchers have found multiple vulnerabilities into a specific model of robot arm used in factories.