Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Oct 5)
 

A password leak vulnerability in a popular broadcast platform could allow hackers to hijack online radio stations.The security flaw allows anyone to reveal the plaintext admin account and password for almost any radio station hosted on SoniXCast, a New York-based online broadcast site, boasting over 50,000 terrestrial and internet radio stations on its network.
  (Oct 5)
 

Since 2015, ASERT has observed and followed a DDoS Botnet named Flusihoc. To date very little has been published about this family, despite numerous anti-virus and intrusion detection signatures created by various vendors. Flusihoc has remained persistent with multiple variants, over 500 unique samples in our malware zoo, and continued development.
  (Oct 2)
 

Sometimes old fixed bugs come back to bite us. That's the case with CVE-2017-1000253, a Local Privilege Escalation Linux kernel bug.
  (Oct 2)
 

A multi-year effort to update the internet's overall security has been put on hold just days before it was due to be introduced, over fears that as many as 60 million people could be forced offline.
  (Oct 6)
 

Is encryption a threat to law and order, or an essential tool for staying secure online? Two events this week show how much disagreement there still is about it.
  (Oct 6)
 

Windows has long been the world's biggest malware draw, exploited for decades by attackers. It continues today: The Carbon Black security firm analyzed 1,000 ransomware samples over the last six months and found that nearly 99% of them targeted Windows.
  (Oct 6)
 

Google researchers disclosed seven serious flaws in an open-source DNS software package Dnsmasq, which is is commonly preinstalled on routers, servers, smartphones, IoT devices and operating systems such the Linux distributions Ubuntu and Debian. The most severe of the vulnerabilities could be remotely exploited to run malicious code and hijack the device.
  (Oct 4)
 

LOIC Download below – Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#.
  (Oct 6)
 

Yet another W3C API can be turned against the user, privacy boffin Lukasz Olejnik has warned – this time, it's in how browsers store and check credit card data.
  (Oct 5)
 

Keybase has launched a new service to encrypt git repositories for free.Keybase, the provider of the Keybase security app for mobile phones and PCs, offers an open-source system supported by public-key cryptography to implement end-to-end encryption across your devices and communication.
  (Oct 9)
 

Mozilla has launched a pilot program using Cliqz technology to pull user browsing data in Firefox.
  (Oct 9)
 

Virtual private network provider PureVPN helped the FBI track down an Internet stalker, by combing its logs to reveal his IP address.