Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
LinuxSecurity.com Feature Extras:
Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats - Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.
You've Been Pwned! Best Practices to Prevent Your Email Account from Being Compromised in a Data Breach - An Interview with Dave Wreski, CEO of Guardian Digital
Covert data-scraping on watch as EU DPA lays down “radical” GDPR red-line (Mar 31)
An interesting decision came out of Poland's data protection agency this week after the watchdog issued its first fine under Europe's General Data Protection Regulation (GDPR).
11 questions to ask before buying AI-enabled security software (Apr 1)
Infosec is complicated enough. Add AI/ML into your security software mix, and you may be asking for trouble. Or, choose the right vendor, and you could wind up with the best toys on the block. Here's what you need to know to wind up in the second camp.
What is a honeypot? A trap for catching hackers in the act (Apr 1)
A honeypot is a trap that an IT pro lays for a malicious hacker, hoping that they'll interact with it in a way that provides useful intelligence. It's one of the oldest security measures in IT, but beware: luring hackers onto your network, even on an isolated system, can be a dangerous game.
Over 13K iSCSI storage clusters left exposed online without a password (Apr 2)
Over 13,000 iSCSI storage clusters are currently accessible via the internet after their respective owners forgot to enable authentication.
Facebook demand for new user email passwords reveals appalling lack of security awareness (Apr 3)
No steps forward, three steps back -- it seems that with every promise Facebook makes to take the security and privacy of its users seriously, yet another example of appalling practices surfaces.
Apache web server bug grants root access on shared hosting environments (Apr 3)
This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server.
Chinese companies have leaked over 590 million resumes via open databases (Apr 4)
Chinese companies have leaked a whopping 590 million resumes in the first three months of the year, ZDNet has learned from multiple security researchers.
A dozen US web servers are spreading 10 malware families, Necurs link suspected (Apr 4)
Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs bonnet.
Dropbox uncovers 264 vulnerabilities in HackerOne Singapore bug hunt (Apr 6)
Dropbox has uncovered 264 vulnerabilities, paying out US$319,300 in bounties, after a one-day bug hunt in Singapore that brought together hackers from 10 nations around the world. Hosted by bug bounty platform HackerOne, the live event saw 45 of its members from countries such as Japan, India, Australia, Hong Kong, and Sweden, and some as young as 19, galvanise in the city-state in an attempt to infiltrate Dropbox's targeted systems.
FBI criticized for delaying breach notifications, including insufficient details (Apr 6)
The Federal Bureau of Investigations does a poor job at notifying victims of a cyber-attack, a US government report released earlier this week concluded.
Mar-a-Lago's Security Problems Go Way Beyond a Thumb Drive (Apr 5)
A Chinese woman was arrested for sneaking into Trump's "Winter White House," a reminder of how exposed the president's private club is to physical and cybersecurity risks.
Why corporate acquisitions could be good for the open source community (Apr 7)
Open source is all over the media, IBM announced its acquisition of Red Hat, one of the largest in tech history, for $34 billion. Microsoft announced its agreement to acquire GitHub for $7.5 billion. It seems the world's largest companies are either releasing or acquiring their own open-source software -- but opinions on this trend are divided.
Europe to pilot AI ethics rules, calls for participants (Apr 8)
The European Commission has announced the launch of a pilot project intended to test draft ethical rules for developing and applying artificial intelligence technologies to ensure they can be implemented in practice.