Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

A Critical Exim Vulnerability, Lilocked Ransomware on the Rise, but Linux Not to Blame - Exim may be the Internets most popular email server, but the MTAs recent history with security vulnerabilities is concerning to say the least. This past Friday, the Exim team warned about a critical flaw in its software , affecting all Exim servers running version 4.92.1 and before. When exploited, the bug enables attackers to run malicious code with root privileges. Exim released version 4.92.2 on Friday, September 6, to address the issue, and recommends that users running a prior version of Exim update immediately.

Which Linux Distros Are Most Focused On Privacy? - With over 200 distros to choose from, which one actually offers the most privacy-oriented experience?

  Soldering spy chips inside firewalls is now a cheap hack, shows researcher (Oct 14)
 

The tiny ATtiny85 chip doesnt look like the next big cyberthreat facing the world, but sneaking one on to a firewall motherboard would be bad news for security were it to happen. Learn more in an interesting Naked Security article:
  Computing enthusiast cracks ancient Unix code (Oct 14)
 

Old passwords never die " they just become easier to decode. Thats the message from a tight-knit community of tech history enthusiasts who have been diligently cracking the passwords used by some of the original Unix engineers four decades ago. Learn more:
  What is the Tor Browser? How it works and how it can help you protect your identity online (Oct 15)
 

Tor Browser offers the best anonymous web browsing available today, and researchers are hard at work improving Tor's anonymity properties. Learn how Tor can help protect your privacy online in a great CSO article:
  350+ hackers hunt down missing people in first such hackathon (Oct 15)
 

More than 350 ethical hackers got together in cities across Australia on Friday for a hackathon in which they worked to cyber trace a missing face, in the first-ever capture the flag event devoted to finding missing persons. Learn more about this hackathon:
  Secret Court Rules That the FBI’s “Backdoor Searches” of Americans Violated the Fourth Amendment (Oct 17)
 

A series of newly unsealed rulings from the federal district and appellate courts state that the FBI's "Backdoor Searches" of Americans are a violation of privacy and constitutional rights. What are your thoughts on this? Let's have a discussion. Learn more in a great EFF article:
  Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root (Oct 16)
 

A Linux Sudo bug whichallows users to run some restricted commands as root without permission has been discovered. Learn more about this security vulnerability in an informative Techworm article:
  This is how CIOs should approach ethics and privacy (Oct 15)
 

Ethics checks and balances within an organization lower risks for everyone involved. Learn more in an interesting The Next Web article:
  Germany's cyber-security agency recommends Firefox as most secure browser (Oct 17)
 

Germany's BSI tested Firefox, Chrome, IE, and Edge. Firefox was only browser to pass all minimum requirements for mandatory security features. Learn more:
  5 ways to contribute to open source during Hacktoberfest (Oct 16)
 

Here are a few strategies to make the most of participating in the month-long celebration of open source software. Learn how you can get involved:
  Massachusetts: Tell Your Lawmakers to Press Pause on Government Face Surveillance (Oct 18)
 

Are you a Massachusetts resident? Face surveillance by government poses a threat to our privacy, chills protest in public places, and amplifies historical biases in our criminal justice system. Massachusetts has the opportunity to become the first state to stop government use of this troubling technology, from Provincetown to Pittsfield. Learn more:
  New US Privacy Bill Would Intro Jail Time for CEOs (Oct 18)
 

A US senator has introduced a new privacy bill which he claims goes further than the EUs GDPR, introducing prison sentences for culpable CEOs. What is your opinion on this bill? Learn more:
  Google and Amazon approved home speaker apps that spied on users (Oct 21)
 

Privacy is a hot topic in the realm of smart speakers, from employees listening in on recordings and auditors accessing user locations . Now, another issue regarding speakers has been raised, after security researchers revealed that apps accepted by the Amazon Alexa and Google Home platforms could be used to phish users and to eavesdrop on them. Learn more in an interesting Engadget article:
  Mind your own business! CEOs who misuse data could end up in jail (Oct 21)
 

CEOs who lie about misusing consumers data could face up to 20 years in jail under a new piece of US legislation proposed last week. What are your thoughts on this? Learn more about this bill and its potential implications: