Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  A Sneak Peek at the New NIST Cybersecurity Framework (Mar 5)
 

The National Institute of Standards and Technology's (NIST) updated Cybersecurity Framework, scheduled for release later this year, should provide some welcome new advice for organizations struggling to manage cyber-risk in the current threat environment.
  Web Application Firewalls: Choosing the Right WAF for Server Security (Mar 5)
 

Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly.
  Chrome 65 rolls out: You're getting a stronger redirect blocker, 45 security fixes (Mar 7)
 

Google has released Chrome 65 for Android, Linux, Mac, and Windows, bringing security enhancements and 45 fixes for security flaws.
  (Mar 6)
 

Last week, the code repository GitHub was taken off air in a 1.3Tbps denial of service attack. We predicted then that there would be more such attacks and it seems we were right.
  6 Questions to Ask Your Cloud Provider Right Now (Mar 6)
 

The cloud is fairly new territory for many organizations and, consequently, it's an area where mistakes are made stemming from confusion around the role cloud service providers play in security, and how companies should work with them.
  (Mar 8)
 

In privacy-focused, anti-establishment corners of the internet, going open source can earn you a certain amount of street cred. It signals that you not only have nothing to hide, but also welcome the rest of the world to help make your project better.
  UK Cops Tried ‘DDoS-Style' Tactics on Drug Dealers' Phones (Mar 6)
 

UK police have trialed a new tactic designed to disrupt the drug trade by remotely disabling dealers' phones, according to comments made by law enforcement officials during a recent police conference.
  (Mar 8)
 

The 1Tbps-plus memcached amplification attacks that hammered GitHub and other networks over the past week can be disarmed with a "practical kill switch", according to DDoS protection firm Corero.
  Hacking operation uses malicious Word documents to target aid organisations (Mar 5)
 

A newly uncovered 'nation-state level' cyber espionage operation has targeted humanitarian aid organisations around the globe via the use of backdoors hidden within malicious Word documents.
  Open-source Exim remote attack bug: 400,000 servers still vulnerable, patch now (Mar 7)
 

Admins are being urged to update email server program Exim, patched in February, to close a remote execution flaw.
  (Mar 9)
 

We'll show you, how to rename multiple files on Linux . Every operating system in the modern world comes with several ways to interact with its file system. Whether it's creating files, renaming them, copying them, or deleting them, they all come with functionality to efficiently carry out all of these tasks.
  Homeland Security's IT security continues to fall short (Mar 9)
 

The Office of Inspector General (OIG) has released its "Evaluation of DHS' Information Security Program for Fiscal Year 2017" (pdf). In short, the Department of Homeland Security (DHS) is running outdated software, has unpatched critical vulnerabilities -- including the flaw to allow WannaCry ransomware -- and some workstation security patches haven't been deployed for years.