Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Oct 30)
 

Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list.
  (Oct 31)
 

Thanks to Daniel Aleksandersen for sending this in. SSHGuard is an intrusion prevention utility that parses logs and automatically blocks misbehaving IP addresses (or their subnets) with the system firewall.

  (Oct 31)
 

Detailed security arrangements for London Heathrow airport, including the Queen's precise route every time she passes through, were found on a USB stick left in a West London street, according to reports.
  (Oct 31)
 

The US Deputy Attorney General has told business leaders that Uncle Sam won't demand mandatory backdoors in encryption – so long as companies can cough up an unencrypted copy of every message, call, photo or other form of communications they handle.
  (Nov 2)
 

FireEye's Innovation and Custom Engineering (ICE) team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Figure 1 shows the dashboard) to create, view, and manage tasks.
  (Nov 2)
 

Malware writers are widely abusing stolen digital code-signing certificates, according to new research.Malware that is signed with compromised certificates creates a means for hackers to bypass system protection mechanisms based on code signing.
  (Nov 2)
 

Updated WordPress has a security patch out for a programming blunder that you should apply ASAP.
  (Nov 2)
 

The silver screen may prove to be the silver lining for the cybersecurity industry's biggest problem: the cybersecurity workforce shortage.
  (Nov 3)
 

WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation.
  (Nov 3)
 

If you were to see a USB flash drive just lying in the parking lot at work, then it would be a good bet that the USB stick was part of a pen tester's trick to get inside a company's network or a company's test to determine which employee plugged it into a work PC and needs to attend awareness training.
  (Nov 6)
 

A law bill was introduced today to the US Senate designed to safeguard American elections from hacking by miscreants or manipulation by Russian or other foreign agents.
  (Nov 6)
 

Most people use Google to search for answers but don't know the results aren't always safe. Attackers have begun to exploit this reliance on Google by using Search Engine Optimization (SEO) to populate search results with malicious links and distribute the Zeus Panda Banking Trojan through a compromised Word document.