Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Oct 17)
 

All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
  (Oct 18)
 

Adobe has patched a zero-day vulnerability used by the BlackOasis APT to plant surveillance software developed by Gamma International.
  (Oct 18)
 

On Monday, the security community scrambled to unpack Krack, a fundamental vulnerability in the ubiquitous, secure Wi-Fi network standard known a WPA2. Though some of the most popular devices are mercifully already protected (like most of those that run Windows and iOS), a staggering population remains exposed to data theft and manipulation every time they connect to WPA2 Wi-Fi.
  (Oct 19)
 

The Carnegie-Mellon University's Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis.
  (Oct 16)
 

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.
  (Oct 17)
 

Announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds has revealed that fuzzing is producing a steady stream of security fixes.
  (Oct 16)
 

An advisory from Cisco issued last Friday, October 13th, gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA).
  (Oct 17)
 

Here's yet another reason to make sure you lock down your clutch of cloud services: cryptocurrency mining.
  (Oct 20)
 

The US is starting to fall well behind China in terms of the speed at which organizations are alerted to reported security vulnerabilities, according to a study out this week by threat intel biz Recorded Future.
  (Oct 20)
 

There's something new to add to your fun mental list of invisible internet dangers. Joining classic favorites like adware and spyware comes a new, tricky threat called "cryptojacking," which secretly uses your laptop or mobile device to mine cryptocurrency when you visit an infected site.
  (Oct 23)
 

Google's efforts to knock the web into a state of HTTPS-by-default is showing signs of working, with a significant rise in HTTPS traffic on Chrome on Android, Windows, Mac, and Chrome OS.
  (Oct 23)
 

State-backed hackers are apparently targeting security researchers with their latest campaign, which uses a document advertising a cybersecurity conference as the lure.