Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

A Critical Exim Vulnerability, Lilocked Ransomware on the Rise, but Linux Not to Blame - Exim may be the Internets most popular email server, but the MTAs recent history with security vulnerabilities is concerning to say the least. This past Friday, the Exim team warned about a critical flaw in its software , affecting all Exim servers running version 4.92.1 and before. When exploited, the bug enables attackers to run malicious code with root privileges. Exim released version 4.92.2 on Friday, September 6, to address the issue, and recommends that users running a prior version of Exim update immediately.

Which Linux Distros Are Most Focused On Privacy? - With over 200 distros to choose from, which one actually offers the most privacy-oriented experience?

  DNS-over-HTTPS causes more problems than it solves, experts say (Oct 7)
 

Several experts, companies, and national entities have voiced very convincing concerns about DoH and its features. What is your opinion on DoH?
  Russian hackers modify Chrome and Firefox to track secure web traffic (Oct 7)
 

Have you heard that Russian hackers are infecting systems with RATs and using them to modify Chrome and Firefox browsers,adding a fingerprint to every TLS action and passively track encrypted traffic? Learn more in an interesting Engadget article:
  Zero-day published for old Joomla CMS versions (Oct 8)
 

Are you a Joomla user? Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites. Learn more in a great ZDNet article:
  Nationwide facial recognition ID program underway in France (Oct 8)
 

A nationwide facial recognition ID program is underway in France, in spite of a lawsuit and the data regulator's protests about lack of consent, data security and privacy. We'd love to hear your thoughts on this. Learn more:
  MIT-IBM developed a faster way to train video recognition AI (Oct 9)
 

A team from MIT-IBM has developed a faster way to train video recognition AI, whichcould make it easier to run machine learning on mobile devices.
  A Controversial Plan to Encrypt More of the Internet (Oct 9)
 

The road to routing all Domain Name System lookups through HTTPS is pocked with disagreements over just how much it will help. What is your opinion on this? Learn the details in an informative Wired article:
  #SecTorCa: Millions of Phones Leaking Information Via Tor (Oct 11)
 

There is a privacy threat lurking on perhaps hundreds of millions of devices, that could enable potential attackers to track and profile users, by using information leaked via the Tor network, even if the users never intentionally installed Tor in the first place. Learn more in an informative article:
  OpenSUSE Expanding Encryption Options For Its Installer (Oct 10)
 

Have you heard that while Ubuntu developers are busy adding experimental ZFS support to their installer , the SUSE developers working on their YaST installer are working on offering better security options for their platform by beefing up the encryption capabilities at install-time? Learn more:
  UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked (Oct 11)
 

Have you heard that Unix co-founder Ken Thompson's 39-year old BSD password has finally been cracked? Learn more in an interesting The Hacker News article:
  Hackers bypassing some types of 2FA security FBI warns (Oct 11)
 

Are you aware that hackers are bypassing some types of 2FA security? Get the details:
  California outlaws facial recognition in police bodycams (Oct 10)
 

On Tuesday, California passed into law a three-year block of the use of facial recognition in police bodycams that turns them into biometric surveillance devices. What are your thoughts on this? Learn more in a great Naked Security article:
  Soldering spy chips inside firewalls is now a cheap hack, shows researcher (Oct 14)
 

The tiny ATtiny85 chip doesnt look like the next big cyberthreat facing the world, but sneaking one on to a firewall motherboard would be bad news for security were it to happen. Learn more in an interesting Naked Security article:
  Computing enthusiast cracks ancient Unix code (Oct 14)
 

Old passwords never die " they just become easier to decode. Thats the message from a tight-knit community of tech history enthusiasts who have been diligently cracking the passwords used by some of the original Unix engineers four decades ago. Learn more: