Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

How SQL / NoSQL Databases Enable Blockchain Applications to Become GDPR Compliant - Blockchain, being a decentralized & dis-intermediated data store, is being considered for rapid adoption, in several industries like Supply Chain Management, P2P Global Transactions, Internet of Things, Electoral Voting, Stock Exchanges etc...

Email Security FAQs Answered by Guardian Digital - With email-related attacks becoming increasingly prevalent and serious, effectively securing your email accounts is more important than ever before.

  Personal Facebook Messages Of 81,000 Hacked Users Up For Sale (Nov 5)
 

Hackers have published private messages from the compromised accounts of some 81,000 Facebook users and put them up for sale on the internet, according to a BBC News report.
  FIFA Hacked Again, Gets Ready for New Stories Based on the Stolen Data (Nov 4)
 

FIFA President Gianni Infantino said in a statement to the press that the world football governing body's computer systems suffered a data breach for the second time this year. Moreover, both the Fédération Internationale de Football Association (FIFA) and Union of European Football Associations (UEFA) are both suspected of having suffered data breaches.
  (Nov 4)
 

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.
  Pentagon preps cyberattack in case Russia interferes with elections (Nov 4)
 

There may not be any immediate evidence of Russia directly meddling with the US midterm elections, but the Department of Defense is apparently ready to strike back if it happens. Anonymous officials talking to the Center for Public Integrity and the Daily Beast say the Pentagon and intelligence agencies have agreed on the core terms of a retaliatory cyberattack in the event Russia tries a bold move.
  Should company bosses face jail for mishandling your privacy? (Nov 5)
 

Mark Z, how do you feel about orange? Like, say, in a jumpsuit style?Kidding! No court has found that you, the Facebook CEO, has purposefully misled the government about how your company did/did not protect consumers' data during, say, the multifaceted, ever-unfolding, Cambridge Analytica privacy debacle.
  The Unprecedented Effort to Secure Election Day (Nov 6)
 

After Russia's misinformation campaign rattled the 2016 United States election season, scrutiny over this year's midterms has been intense. And while foreign cybersecurity threats have so far been relatively muted, an unclassified government report obtained by The Boston Globe this week indicates more than 160 suspected election-related incidents since the beginning of August, ranging from suspicious login attempts to compromised municipal networks.
  This MIT PhD Wants to Replace America's Broken Voting Machines with Open Source Software, Chromebook (Nov 7)
 

Tuesday morning, as millions of Americans lined up at their polling places to participate in the often quite literally broken democratic process, a new Twitter account tweeted a link to a short manifesto: "today's voting machines are often insecure, not particularly easy-to-use, and so expensive that they're often used much longer than they were designed for and election officials are forced to hunt for replacement parts on eBay. The market has failed us."
  (Nov 9)
 

An independent researcher who was disgruntled with traditional bug bounty methods took it upon himself to leak the details of an exploit in Oracle's Virtual Box without first informing Oracle.
  Canada Post leaked personal data, orders of thousands of cannabis smokers (Nov 8)
 

The decision to make recreational cannabis legal in Ontario, Canada, has been fraught with problems and now has been tarnished by a data breach at Canada Post.
  The OPM hack explained: Bad security practices meet China's Captain America (Nov 6)
 

In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government's civilian workforce, discovered that some of its personnel files had been hacked. Among the sensitive data that was exfiltrated were millions of SF-86 forms, which contain extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people's fingerprints.
  (Nov 10)
 

Hackers have exploited --and are currently continuing to exploit-- a now-patched zero-day vulnerability in a popular WordPress plugin to install backdoors and take over sites.
  (Nov 7)
 

The Apache Software Foundation released an advisory addressing a vulnerability in Apache Struts which could allow a remote attacker to take control of an affected system.