Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  As predicted, more branch prediction processor attacks are discovered (Mar 27)
 

Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.
  Thousands of etcd installs are leaking secret server keys online (Mar 26)
 

Thousands of servers running etcd are exposing user credentials publicly on the Internet. According to security researcher Giovanni Collazo, a quick query made through the Shodan search engine revealed a total of 2,284 etcd servers which are leaking credentials, including the passwords and keys required for cms_admin, mysql_root, and postgres server infrastructure.
  Snooping on HTTPS is about to get harder: TLS 1.3 internet encryption wins approval (Mar 26)
 

The Internet Engineering Task Force (IETF) has approved version 1.3 of the Transport Layer Security (TLS), the key protocol that enables HTTPS on the web.
  GoScanSSH Malware Targets Linux Servers (Mar 28)
 

A recently discovered malware family written using the Golang (Go) programming language is targeting Linux servers and using a different binary for each attack, Talos warns.
  Craigslist personals, some subreddits yanked after passage of FOSTA (Mar 26)
 

Craigslist shut down its personals section on Friday in response to the passage of H.R. 1865, the Fight Online Sex Trafficking Act (FOSTA) bill, in both houses of Congress on Wednesday.
  Cisco critical flaw: At least 8.5 million switches open to attack, so patch now (Mar 29)
 

Cisco has released patches for 34 vulnerabilities mostly affecting its IOS and IOS XE networking software, including three critical remote code execution security bugs.Perhaps the most serious issue Cisco has released a patch for is critical bug CVE-2018-0171 affecting Smart Install, a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software.
  Cyberattack disrupted Baltimore emergency responders (Mar 28)
 

There appears to be no honor among thieves. Threat actors have been cashing in on hacking and cyberattacks for years. Pillaging bank accounts, stealing identities, selling access to botnets to disrupt websites -- the possibilities are endless.
  (Mar 29)
 

"Hacker-for-hire" service launched distributed denial-of-service (DDoS) attacks against websites and phone-bombed its victims.
  Update Drupal ASAP: Over a million sites can be easily hacked by any visitor (Mar 29)
 

Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.
  Purism Librem 13: A Security-Focused Powerhouse of a Linux Laptop (Mar 30)
 

he company in question is Purism.Does the name sound familiar? It should. This is the same company behind the Librem 5 phone, a mobile device that promises to bring Linux to mobility, on a level that might lend a modicum of relevancy to Linux in the smartphone landscape (and not just as a kernel on the world's most popular platform).
  How to configure multiple websites with Apache web server (Mar 30)
 

In my last post, I explained how to configure an Apache web server for a single website. It turned out to be very easy. In this post, I will show you how to serve multiple websites using a single instance of Apache.
  Beyond Implementation: Policy Considerations for Secure Messengers (Apr 2)
 

One of EFF's strengths is that we bring together technologists, lawyers, activists, and policy wonks. And we've been around long enough to know that while good technology is necessary for success, it is rarely sufficient. Good policy and people who will adhere to it are also crucial.