Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Encryption: An Essential Yet Highly Controversial Component of Digital Security - If youve been keeping up with recent security news, you are most likely aware of the heated worldwide debate about encryption that is currently underway. Strong encryption is imperative to securing sensitive data and protecting individuals privacy online, yet governments around the world refuse to recognize this, and are continually aiming to break encryption in an effort to increase the power of their law enforcement agencies.

Linux: An OS Capable of Effectively Meeting the US Governments Security Needs Heading into 2020 - As Open Source has become increasingly mainstream and widely accepted for its numerous benefits, the use of Linux as a flexible, transparent and highly secure operating system has also increasingly become a prominent choice among corporations, educational institutions and government sectors alike. With national security concerns at an all time high heading into 2020, it appears that the implementation of Linux could effectively meet the United States governments critical security needs for application development and installations.

  Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now! (Jan 9)
 

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems?If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website.Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Learn more:
  Firefox 72 rolls out: No more notification popups, fingerprinting blocked by default (Jan 8)
 

Are you a Mozilla Firefox user? Firefox 72 brings more privacy protection enhancements and addresses annoying notification request popups. Learn more about this release:
  What Is Fingerprinting and How Firefox Blocks It (Jan 10)
 

Your data is worth more than you can imagine, and this is why advertisers turn to all kinds of tactics to collect information about you, including a method that is known as fingerprinting. Learn aboutfingerprinting and how Firefox blocks this privacy threat bydefault:
  Linux 5.5-rc5 Released With "Fixes All Over" + A Big Performance Regression Fix (Jan 6)
 

Linux 5.5 development has been picking up in recent days following Christmas week and New Year's but now more upstream developers returning to their keyboards in order to get this next kernel update buttoned up for its debut around month's end. Learn about the fixes and improvements that users can expect when they update to Linux 5.5-rc5:
  The year of encryption is upon us (Jan 9)
 

Each year has its defining moments and trends. Learn why 2020 will be the "Year of Encryption":
  Linux 5.6 Seeing Random Changes, New "Insecure" Option With GRND_INSECURE (Jan 8)
 

The recent work by longtime kernel developer Andy Lutomirski on improving Linux's random APIs and introducing a new "GRND_INSECURE" option is now queued into the random dev queue ahead of the Linux 5.6 cycle. Learn more:
  Kali Linux to Default to Non-Root User With 2020.1 Release (Jan 6)
 

The Kali Linuxdistribution is going to switch to a new security model by defaulting to a non-root user starting with the upcoming 2020.1 release. Learn more:
  Arch Linux Kicks Off 2020 with New ISO Release Powered by Linux Kernel 5.4 (Jan 7)
 

Are you an Arch Linux user? Arch Linux is one of the very first GNU/Linux distributions to kick off 2020 with a brand new ISO image, the first to be based on the latest Linux kernel series. Learn more:
  Canonical Outs Major Linux Kernel Update for All Supported Ubuntu Releases (Jan 8)
 

Canonical has released the first Linux kernel security update for all of its supported Ubuntu Linux releases to address more than 30 security vulnerabilities. Learn more about this update and its implications for Ubuntu users:
  Arm Chips Vulnerable to PAN Bypass – “We All Know it’s Broken” (Jan 13)
 

Are you aware that memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed? The Arm team has just recently mitigated the bug, which would allow an attacker to circumvent its Privileged Access Never (PAN) controls in the kernel.
  Powerful GPG collision attack spells the end for SHA-1 (Jan 13)
 

New research has heightened an already urgent call to abandon SHA-1, a cryptographic algorithm still used in many popular online services. A new, powerful GPG collision attack on the system which could enable attackers to fake digital certificates has been discovered.