Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats - Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.

You've Been Pwned! Best Practices to Prevent Your Email Account from Being Compromised in a Data Breach - An Interview with Dave Wreski, CEO of Guardian Digital

  60 percent of enterprise codebases contain open-source vulnerabilities (Apr 30)
 

Up to 60 percent of all codebases used in the enterprise contain at least one vulnerability originating from open-source components, new research suggests.
  The Microsoft Outlook hackers are stealing victims’ Bitcoin (Apr 30)
 

Earlier this month, hackers accessed the emails of numerous Microsoft Outlook users after snatching the credentials of one of the company's customer support reps. But now it turns out the hackers were also able to steal users' cryptocurrency.
  A Rear-View Look at GDPR: Compliance Has No Brakes (Apr 29)
 

There is no denying the impact of the European Union General Data Protection Regulation (GDPR), which went into effect on May 25, 2018. We were all witness -- or victim -- to the flurry of updated privacy policy emails and cookie consent banners that descended upon us. It was such a zeitgeist moment that "we've updated our privacy policy" became a punchline.
  This password-stealing malware just evolved a new tactic to remain hidden (May 3)
 

A well-known form of malware which has been stealing login credentials and finances from enterprises for over a decade has once again been updated with new tricks to make it more effective at avoiding detection.
  Encryption technology: 11 potential next big things (May 3)
 

As enterprise infrastructure and advancements in technology grow businesses, encryption capabilities are accelerating to keep up. Yet, knowing which new technologies are going to take off is extremely difficult.
  Microsoft: We promise you'll get better controls over how we use your data (May 1)
 

Earlier this month the European Data Protection Supervisor (EDPS) announced a new investigation into Microsoft's contracts with EU institutions, to check for potential violations of General Data Protection Rules (GDPR).
  Three out of five IT workers share sensitive information by email (Apr 28)
 

Bosses should be worried about their employee behaviour around sensitive documents according to a recent report. With the high volume of data that IT teams handle, communicating efficiently and securely is essential to preventing a breach.
  Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware (May 1)
 

Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.
  Extortionists leak data of huge firms after IT provider refuses to pay (May 2)
 

Financial data from some the world's biggest companies including Porsche, Oracle, Toshiba and more has been stolen and published in a ransomware attack on the large, Germany-based IT provider Citicorp.
  Mozilla announces ban on Firefox extensions containing obfuscated code (May 2)
 

Mozilla announced plans today to ban Firefox extensions from its Add-ons portal if the extension contains obfuscated code.
  Google rolling out auto-delete for your location and activity history (May 3)
 

You may be pleased, or perhaps underwhelmed, by the news that you no longer have to remember to log in and delete the stuff you didn't know Google was tracking about you.
  Real-World Use, Risk of Open Source Code (May 2)
 

Open source code is vital to software development at most organizations, but that doesn't mean that enterprises have figured out how to use open source without inadvertently introducing vulnerabilities into their code.
  Security Depends on Careful Design (May 2)
 

The need for security is not new. We've seen devastating cyberattacks across every industry and type of organization, from the breach of millions of consumer logins to state-sponsored cyberwarfare against the military. But these events don't occur because of a blatant lack of security; actually, most organizations do have some form of cybersecurity.
  Nearly Half of US Orgs Not Ready for CCPA (May 4)
 

In advance of the California Consumer Privacy Act (CCPA) going into effect January 1, 2020, researchers analyzed how prepared US organizations are for the new regulations and found that nearly half of all companies will not be ready to comply with CCPA.
  Looking Ahead To Red Hat Enterprise Linux 8.0 News During Red Hat Summit 2019 Week (May 6)
 

Kicking off Tuesday in Boston is Red Hat Summit 2019 where Red Hat Enterprise Linux 8.0 could be released or at least hearing more about the company's plans for releasing this next major installment of RHEL.
  The GitHub extortion victims are outsmarting their Bitcoin scammers (May 6)
 

Blackmailers have been wiping GitHub repositories and withholding code to extort Bitcoin BTC from their victims. Over 390 respos have been affected, but so far, the attackers haven't made enough to even buy a coffee.