Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  Why Hackers Love Healthcare (Apr 29)
 

Much like the rest of the world, healthcare organizations are shifting work to cloud services in order to improve accessibility and patient care. However, the migration of these workloads and moving valuable information such as PHI (personal health information) and PII (personally identifiable information) to the cloud has also led to cybercriminals taking a particular interest in the industry.
  Fedora 28 "Cutting Edge" Linux Distro Released With New Features (May 2)
 

Red Hat-sponsored Fedora operating system is known for its bleeding features and leading the way for other Linux distros. Very often Fedora makes way for technologies that are often adopted by other distro developers.
  Security Holes Make Home Routers Vulnerable (May 4)
 

Security threats abound on the internet, which is why ethical hackers and security researchers spend much of their time in search of these issues. As part of the work that they do to keep the internet safe, researchers at vpnMentor announced that they have found an RCE vulnerability in the majority of gigabit-capable passive optical network (GPON) home routers.
  A critical security flaw in popular industrial software put power plants at risk (May 2)
 

A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure.
  (Apr 30)
 

On the eve of a historic summit with its rival neighbor South Korea and possible subsequent talks with the US President Donald Trump in the coming weeks, North Korea continues full-steam ahead in its mission to gather intelligence and generate income for the regime via its notorious nation-state hacking machine.
  What to do after a data breach: 5 steps to minimize risk (May 3)
 

It happened again. Another major web service lost control of its database, and now you're scrambling to stay ahead of the bad guys.
  (Apr 30)
 

In response to findings from the UK Cyber Security Breaches Survey, IT security experts commented below.
  (May 1)
 

The City of London police force has launched a new initiative designed to share threat intelligence and best practice advice on how to improve cyber-defense for the countless businesses in the Square Mile.
  (May 3)
 

A Kent man is facing several years behind bars after pleading guilty to running a large-scale phishing operation against Just Eat customers several year ago.
  Cloud Misconceptions Are Pervasive Across Enterprises (Apr 29)
 

Everyone understands the benefits of the cloud, and the recent iboss 2018 Enterprise Cloud Trends Report shows adoption is increasing, with IT decision makers (ITDMS) planning to increase their SaaS spend from 21% of the overall IT budget to 28% over the next year. Despite this vote of confidence in the cloud from IT, the findings indicate that there is still a fundamental misunderstanding about the cloud that's creating a disconnect – and misplaced concerns – among office workers and ITDMs.
  A Quarter of UK CNI Firms Have Suffered Cyber-Attack Outages (May 1)
 

Over a third of critical infrastructure (CNI) outages in the UK over the past year were down to cyber-attacks, according to a new Freedom of Information request.
  Hackers Leverage GDPR to Target Airbnb Customers (May 4)
 

A new phishing scam capitalizes on the upcoming General Data Protection Regulation (GDPR) to trick Airbnb customers into sharing personal and financial data, Redscan reports. The scale of the campaign is unknown, though it likely targets email addresses taken from the open Web.