Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
LinuxSecurity.com Feature Extras:
Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats - Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.
You've Been Pwned! Best Practices to Prevent Your Email Account from Being Compromised in a Data Breach - An Interview with Dave Wreski, CEO of Guardian Digital
Apache Tomcat Patches Important Remote Code Execution Flaw (Apr 15)
The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server.
US feds’ names, home and email addresses hacked and posted online (Apr 16)
A group of hackers that doxxed thousands of federal law enforcement employees last week has followed up with more posts offering even more victims' personal information.
Intel acquires UK’s Omnitek to double down on FPGA solutions for video and AI applications (Apr 16)
Intel's strategy to build out its FPGA processor business continues apace. Today the company announced that it was acquiring Omnitek, a company based out of England that has developed FPGA solutions specifically geared to video and AI applications.
Dragonblood: Data-leaking flaw in WPA3 Wi-Fi authentication (Apr 15)
Researchers have discovered several holes in a new security protocol for wireless networks. It warrants patching because although no one has exploited the bugs in the wild yet, they're severe enough to let people steal your Wi-Fi passwords.
What is a side channel attack? How these end-runs around encryption put everyone at risk (Apr 17)
Brute force attacks on cryptography could take billions of years, which no one has to spare. Maybe you live in a country where rubber hose cryptography is, shall we say, frowned upon. Hacking a target's endpoint is an option, but what if you get caught? Better to use an attack that leaves no forensic traces behind.
Google will block embedded browser log-ins to fight phishing (Apr 19)
Embedded browsers within apps can be useful if you want to use an existing account from another service -- say, your Gmail log-in -- to access their features. However, they're also really easy to weaponize for man-in-the-middle types of phishing attacks. Since Google can't differentiate between a legitimate log-in and a phishing attempt through a browser from within an application, it's blocking sign-ins from all embedded browser frameworks starting in June.
Utah County Struck by Ransomware (Apr 17)
Garfield County, Utah, was recently affected by ransomware. Local government is an increasingly attractive target for criminals because of its high dependence on information technology, and generally poor security. Elected officials are under constant pressure to spend available funds on something visible and appealing to the electorate rather than unseen technology.
IBM launches blockchain skills academy with University of Louisville (Apr 18)
One of top 200 universities in the US, along with a helping hand from IBM, is getting its students into blockchain with dedicated training.
Security flaw in French government messaging app exposed confidential conversations (Apr 19)
The French government just launched its own messaging app called Tchap in order to protect conversations from hackers, private companies and foreign entities. But Elliot Alderson, also known as Baptiste Robert, immediately found a security flaw. He was able to create an account even though the service is supposed to be restricted to government officials.
Facebook admits storing “millions” of Instagram passwords in plain text (Apr 20)
In yet another shocking admission by Facebook, the company said that not "tens of thousands" but "millions" of Instagram users were actually affected by the password leak that happened last month.
These are the most commonly hacked passwords - is one of them yours? (Apr 21)
Hundreds of millions of internet users continue to put themselves at risk of having their accounts hacked by using incredibly simple and commonly used passwords which can easily be guessed by cyber criminals - or worse, just plucked from databases of stolen information.
Nutanix Kubernetes-based Karbon On-Prem Distro Hits GA (Apr 21)
Nutanix pushed general availability of its Karbon certified Kubernetes platform that runs as part of its broader Nutanix Cloud Native stack.
Linux 5.1-rc6 Kernel Released In Linus Torvalds' Easter Day Message (Apr 21)
Linux 5.1-rc6 is larger than the previous release candidate, but he isn't too worried right now about the condition of the upcoming Linux 5.1 kernel.
Android Antivirus Tests Show You Shouldn’t Rely on Google Play Protect (Apr 22)
A new set of antivirus tests conducted by AV-TEST show that Android users should not rely on Google Play Protect as their exclusive mobile security product.
Epic Bug Lets Anyone Unlock the Nokia 9 With a Pack of Gum (Apr 22)
A security issue on the high-end Nokia 9 PureView smartphone allows anyone to unlock the device, using not only unregistered fingerprints, but even things like a pack of gum.