Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Emerging Technology and Privacy: What You Need to Know - As technology evolves and the use of Artificial Intelligence and Machine Learning becomes increasingly mainstream, consumers are more concerned than ever before about protecting their privacy. Awareness surrounding how activities are being tracked and how personal information is being accessed and used is growing. The worlds biggest companies are frequently being challenged on the ways that they collect and utilize peoples data.

An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email - Apache SpamAssassin celebrates its 18th birthday this year, a huge accomplishment for everyone who has contributed to the open-source project for nearly the past two decades. SpamAssassin, a renowned and respected open-source anti-spam platform, provides a secure, reliable framework upon which companies can build highly effective spam filtering and email security solutions.

  India is going ahead with its facial recognition program despite privacy concerns (Nov 11)
 

The Indian government has played down fears of mass surveillance in response to concerns that its proposed facial recognition system lacks adequate oversight. What are your thoughts on this system and the privacy concerns surrounding it? Learn more in a great The Next Web article:
  Canonical Outs Major Linux Kernel Security Updates for All Supported Ubuntu OSes (Nov 14)
 

Are you an Ubuntu user? Canonical has released a new batch of Linux kernel security updates for all of its supported Ubuntu Linux releases to address the latest Intel CPU vulnerabilities, as well as other important flaws. Learn more:
  We’ve got to regulate the application of AI — not the tech itself (Nov 11)
 

We agree with Asheesh Mehra ofThe Next Web that regulating the application of AI, not the technology itself, will keep the use of AI fair and ethical while still fostering innovation with AI. What is your opinion on this approach? Learn more:
  Linux vs. Zombieland v2: The security battle continues (Nov 14)
 

Have you heard about the latest Intel CPU bug, Zombieland v2? Learn more about this security vulnerability and what Red Hat and other Linux vendors are doing about it in an informative ZDNet article:
  Virtual(ly) Private Network: NordVPN’s Breach and the Limitations of VPNs (Nov 12)
 

The popular VPN provider, NordVPN, recently announced a server breach at a third-party data center. This breach has led many users to question what the best strategy is for protecting their privacy and security online. Learn about VPNs and how VPN services can better protect their users in a great EFF article:
  Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers (Nov 13)
 

Are you a Ring doorbell owner? Have you heard about the security bug that researchers discovered in Ring doorbells that sent Wi-Fi passwords over the network in plain HTTP rather than being encrypted? Learn more:
  Fooling Voice Assistants with Lasers (Nov 12)
 

Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones. Learn more in an interesting Schneier on Security blog post:
  Intel, Mozilla, Red Hat, and Fastly partner to make WebAssembly a cross-platform runtime (Nov 13)
 

Intel, Mozilla, Red Hat, and Fastly announced today the creation of the Bytecode Alliance , an open-source foundation that will work to make WebAssembly into a cross-platform runtime that can be used on native mobile, desktop, and server environments, and not just inside browsers. The Bytecode Alliance's main goal is to promote the use of security-hardened WebAssembly tools. Learn more in an interesting ZDNet article:
  Technology and Policymakers (Nov 14)
 

Technology should not be separated from policy; however, in reality there is very little intersection between the two. "Policymakers need to recognize this danger, and to welcome a new generation of technologists to help solve the socio-technical policy problems of the 21st century.We need to create ways to speak tech to power -- and power needs to open the door and let technologists in." Read more about this issue and how it can be remedied in a great Schneier on Security article:
  Brave 1.0 launches, extends ad-watching payouts to iOS (Nov 15)
 

Nearly four years after the Brave browser inserted its we-will-pay-for-your attention pitch into the adblockers v. publishers war , its finally showtime. Brave 1.0 promises privacy, security, speed and ad-watching payouts. Are you using Brave 1.0? If so, we'd love to hear what you think of the browser. Learn more:
  GitHub launches 'Security Lab' to help secure open source ecosystem (Nov 15)
 

In GitHub's new 'Security Lab', fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects. Learn more in an interesting ZDNet article:
  How the Linux kernel balances the risks of public bug disclosure (Nov 18)
 

A serious Wi-Fi vulnerability has shown how Linux handles security in plain sight. Learn more about this security bug, as well as how the Linux kernel balances the risks of public bug disclosure:
  NSA won’t collect phone location data, promises US government (Nov 18)
 

Are you concerned that the collection of phone location data is compromising your privacy? Have you heard that US intelligence agencies haven't been harvesting US residents geolocation data since last summer and won't be doing so in future investigations? What are your thoughts on this? Learn more: