Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Interview with Security Expert and Author Ira Winkler: Advanced Persistent Security, Threat Intelligence, Social Engineering and more - Brittany Day recently had a conversation with acclaimed cyber security expert Ira Winkler, author of Advanced Persistent Security: A Cyberwarfare Approach. 

IBM Closes its $34 Billion Acquisition of Red Hat: A Monumental Moment for Open Source - In the tech giants largest deal ever and one of the biggest deals in US history, IBM closed its $34 billion acquisition of Red Hat on Tuesday July 9, 2019. Red Hat will now be a unit of IBMs hybrid cloud division and Red Hat CEO Jim Whitehurst will join IBMs senior management team. This event has significant meaning that extends beyond is monetary value: it is a testament to the power of Open Source and the opportunity it offers businesses of all sizes across all industries.

  20 Years of DDoS (Jul 22)
 

In this article, Dave Dittrich discusses the buildup to his discovery of DDoS attacks 20 years ago. I was inspired to start a series of articles on the early history of DDoS by a few recent events. Rik Farrow interviewed me for a forthcoming issue (Fall 2019 Vol. 44, No. 3) of Usenix ;login: magazine while I was also writing up a history of the early days of the Honeynet Project , which refreshed my memory on a number of events in 1999-2000. I also read this MIT Technology Review article on the 20th anniversary of the first DDoS attack on the University of Minnesota It took me a little while to remember that July 22 was not the first of the three days that the University of Minnesota spent off-line from persistent flooding. That happened almost a month later. Nor was July 22 even the start of the build up to that event. Now seemed like a good time to clarify this history.
  Mozilla Firefox Could Soon Get a “Tor Mode” Add-on (Jul 22)
 

Are you a Mozilla Firefox user? Did you know that Firefox browser could soon receive a Tor mode add-on that would significantly enhance privacy by connecting to the Tor network? While the final goal is to implement a fully-featured TOR mode in the browser natively, such a project takes time, and members of Mozilla and the Tor team discussed the challenges at a recent meeting. Their proposal was to develop a browser add-on that would enable this Tor mode in Firefox , as this approach could give the two organizations enough time to plan on the engineering work that is needed for this new feature.
  You’re very easy to track down, even when your data has been anonymized (Jul 23)
 

A new study reveals that you can be easily re-identified from almost any database, even when your personal details have been stripped out. Keep reading to learn the details. The data trail we leave behind us grows all the time. Most of it isnt that interesting"the takeout meal you ordered, that shower head you bought online"but some of it is deeply personal: your medical diagnoses, your sexual orientation, or your tax records. The most common way public agencies protect our identities is anonymization. This involves stripping out obviously identifiable things such as names, phone numbers, email addresses, and so on. Data sets are also altered to be less precise, columns in spreadsheets are removed, and noise is introduced to the data. Privacy policies reassure us that this means theres no risk we could be tracked down in the database.
  Alleged critical VLC flaw is nothing to worry about -- and is nothing to do with VLC (Jul 25)
 

There has been a lot of confusion over the last few days after news spread of a supposed vulnerability in the media player VLC . Despite being labelled as "critical", VLC's developers, VideoLAN, denied there was a problem at all.
  Here’s what you need to know about IBM’s new open-source Data Asset Exchange for AI (Jul 25)
 

Have you heard that IBMs Center for Open-Source Data and AI Technologies ( CODAIT ) recently unveiled a pair of carefully curated databases designed to provide machine learning developers models and datasets for AI projects?
  BBC: Russia is working on a Tor de-anonymization project (Jul 22)
 

Have you heard that hackers have stolen a massive trove of sensitive data and defaced the website of SyTech , a major contractor working for Russian intelligence agency FSB (Federal Security Service)? BBC Russia , which reported the breach, said its possible that this is the largest data leak in the history of the work of Russian special services on the Internet. The documents included descriptions of dozens of internal projects the company was working on, including ones on de-anonymization of users of the Tor browser and researching the vulnerability of torrents.
  UTSA launches open source security software to protect users on AWS (Jul 24)
 

Have you heard that the University of Texas at San Antonio has launched an open source user computer environment for Amazon Cloud called Galahad?
  Remote code execution vulnerability in VLC remains unpatched (Jul 23)
 

Have you heard that a serious vulnerability has been discovered in the latest release of the VLC media player and no patch is available? Non-profit VideoLAN's VLC player is popular software used to both play and convert a variety of audio and visual files. Available for Windows, Linux, Mac OS X, Unix, iOS, and Android systems, the open-source media player has now become the focus of a recent security advisory released by the German Computer Emergency Response Team (CERT-Bund). In the advisory , CERT-Bund warns that VLC media player version 3.0.7.1, the latest build available, contains a vulnerability which has been awarded a CVSS score of 9.8 out of 10.
  Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List (Jul 25)
 

Have you heard about the BlueKeep vulnerability that has been discovered in Windows RDP servers? Cybersecurity researchers have identified a new variant ofWatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw . BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote attacker to take full control over vulnerable systems just by sending specially crafted requests over RDP protocol.Though the patches for the BlueKeep vulnerability (CVE"2019-0708) was already released by Microsoft in May this year, more than 800,000 Windows machines accessible over the Internet are still vulnerable to the critical flaw.
  Attorney General Revives Feud With Tech Companies Over 'Warrant Proof' Encryption (Jul 24)
 

Security experts and lawmakers say that creating a backdoor to unlock devices and messages would make those products vulnerable to hackers. What are your thoughts on this? During a speech at a cybersecurity conference on Tuesday, Attorney General William Barr spoke out against the tech industrys practice of using encryption tools that can only be unlocked by the end user, arguing that it endangers lives and makes it more difficult for law enforcement to do their jobs. Barr said that encryption can be a valuable tool when it comes to protecting information from cybercriminals. He objected, however, to tech companies refusal to create ways for law enforcement to access locked or encrypted devices when they are issued search warrants.
  Browser plug-ins peddled personal data from over 4m browsers (Jul 26)
 

Do you used Firefox or Chrome as your web browser? Are you aware that browser plug-ins can be a threat to your privacy?
  VPNs' Future: Less Reliant on Users, More Transparent, And Smarter (Jul 24)
 

Interested in what the future has in store for VPNs? Virtual private networking is poised to become more automated and intelligent, especially as endpoints associated with cloud services and the IoT need protection. We'd love to hear your thoughts on this article. Market consolidation, transparent operation, greater intelligence: If this were Jeopardy, here's where you'd say, "What's the future of the VPN market look like?" Then you'd be on to Technology Forecasts for $500. What isn't in question is that virtual private networking technology will remain critical to protecting users, organizations, and their data. What is changing, according to industry experts, is the degree of automation and intelligence in VPN technology, not to mention the degree to which VPN functionality resides less in the hands of users (consistently cited as secure networking's weakest link) and more on the back end of the network. But continued growth of cloud services and the Internet of Things (Iot) means secure connectivity will still be needed.
  Bipartisan Senate Committee Releases Report on Election Security Threats (Jul 29)
 

This report comes as Senate Republicans move to block election security legislation, arguing that election officials have already fixed the security issues they experienced in 2016. What are your thought on this?
  Researchers: Your ‘Anonymous Data’ May Not Be As Anonymous After All (Jul 25)
 

Are you aware that you could be signing over the keys to your identity when filling out medical forms that promise to anonymize your information?
  Using Zero Trust and Conditional Access Policies to Reshape Cybersecurity (Jul 26)
 

Are you interested in learning about how zero trust and conditional access policies are reshaping cybersecurity? Get the details in this article.