Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Feb 22)
 

Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims.
  (Feb 21)
 

You know that the passwords chosen by the people you support are probably not strong enough to protect your infrastructure against a serious attack. And even the few exceptions to the rule are probably being reused on multiple servers and accounts. You beg and nag, but it's a losing battle.
  (Feb 21)
 

A BitTorrent client with more than 100 million users suffered numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google's Project Zero. Users were left exposed for several hours on Tuesday when the bug was public and a new security patch didn't quite work.
  (Feb 22)
 

Minister for Home Affairs Peter Dutton has reignited the Coalition's push to access encrypted communications, touting decryption as fundamental in fighting terrorism, ahead of the Australia-ASEAN Special Summit next month.
  (Feb 19)
 

Oracle appears to have open-sourced DTrace, the system instrumentation tool that Sun Microsystems created in the early 2000s and which has been beloved of many-a-sysadmin ever since.As noted by developer Mark J. Wielaard, this commit by an Oracle developer shows that something is afoot.
  (Feb 19)
 

Heartland Payment Systems: remember that decade-old breach?What was then the sixth-largest payments processor in the US announced back in 2009 that its processing systems had been breached the year before.
  (Feb 20)
 

I am so sick and tired of crap security news about Android and Linux. In the latest example, GoSecure claims it's discovered Chaos: a Stolen Backdoor Rising Again. Yeah. Right. Let's look closer.
  (Feb 19)
 

At the Munich Security Conference in Germany, major companies, including Siemens, Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom, signed a Charter of Trust for cybersecurity. The signatories were joined by Elżbieta Bieńkowska, the EU Commissioner for Internal Market, Industry, Entrepreneurship and Small- and Medium-sized Enterprises, and Canada's foreign minister and G7 representative Chrystia Freeland.
  (Feb 20)
 

These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
  (Feb 20)
 

Last year was another one for the record books when it came to software vulnerabilities: published security flaws jumped by 31% in 2017.
  (Feb 21)
 

Brazil ranks fifth on a list of countries most targeted by distributed denial of service (DDoS) attacks in 2017, according to a study released today. The country has seen a total of 264.900 so about 735 attacks per day and 30 events per hour last year. The data features on the 13th annual Worldwide Infrastructure Security Report by NETSCOUT Arbor.
  (Feb 23)
 

Drupal has patched multiple vulnerabilities in the CMS platform, some of which are deemed critical.