Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
LinuxSecurity.com Feature Extras:
Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats - Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.
You've Been Pwned! Best Practices to Prevent Your Email Account from Being Compromised in a Data Breach - An Interview with Dave Wreski, CEO of Guardian Digital
Why corporate acquisitions could be good for the open source community (Apr 7)
Open source is all over the media, IBM announced its acquisition of Red Hat, one of the largest in tech history, for $34 billion. Microsoft announced its agreement to acquire GitHub for $7.5 billion. It seems the world's largest companies are either releasing or acquiring their own open-source software -- but opinions on this trend are divided.
Europe to pilot AI ethics rules, calls for participants (Apr 8)
The European Commission has announced the launch of a pilot project intended to test draft ethical rules for developing and applying artificial intelligence technologies to ensure they can be implemented in practice.
Proposed bill would forbid big tech platforms from using dark pattern design (Apr 9)
A new piece of bipartisan legislation aims to protect people from one of the sketchiest practices that tech companies employ to subtly influence user behavior. Known as "dark patterns," this dodgy design strategy often pushes users toward giving up their privacy unwittingly and allowing a company deeper access to their personal data.
Microsoft Fixes Another Two Zero Days in Patch Avalanche (Apr 10)
Microsoft maintained the pressure on system administrators this month by releasing fixes for over 70 vulnerabilities in its products, two of which are classed as zero-day flaws.
Intel finally issues Spoiler attack alert: Now non-Spectre exploit gets CVE but no patch (Apr 10)
Intel has finally posted an official security advisory in response to the recently revealed Spoiler attack, which uses a weakness in Intel CPUs to enhance already known attacks that leak secrets from memory.
Getting started with Python's cryptography library (Apr 11)
The first rule of cryptography club is: never invent a cryptography system yourself. The second rule of cryptography club is: never implement a cryptography system yourself: many real-world holes are found in the implementation phase of a cryptosystem as well as in the design.
Endpoint security is consolidating, but what does that mean? (Apr 11)
In 2017, my colleague Doug Cahill conducted research on endpoint security. Back then, the research indicated that 87% of organizations were considering a comprehensive endpoint security suite rather than several disconnected endpoint security point tools.
Android phones transformed into anti-phishing security tokens (Apr 12)
Google just announced a new security feature that allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts.
Dragonblood: Data-leaking flaw in WPA3 Wi-Fi authentication (Apr 15)
Researchers have discovered several holes in a new security protocol for wireless networks. It warrants patching because although no one has exploited the bugs in the wild yet, they're severe enough to let people steal your Wi-Fi passwords.
Apache Tomcat Patches Important Remote Code Execution Flaw (Apr 15)
The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server.