Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email - Apache SpamAssassin celebrates its 18th birthday this year, a huge accomplishment for everyone who has contributed to the open-source project for nearly the past two decades. SpamAssassin, a renowned and respected open-source anti-spam platform, provides a secure, reliable framework upon which companies can build highly effective spam filtering and email security solutions.

A Critical Exim Vulnerability, Lilocked Ransomware on the Rise, but Linux Not to Blame - Exim may be the Internets most popular email server, but the MTAs recent history with security vulnerabilities is concerning to say the least. This past Friday, the Exim team warned about a critical flaw in its software , affecting all Exim servers running version 4.92.1 and before. When exploited, the bug enables attackers to run malicious code with root privileges. Exim released version 4.92.2 on Friday, September 6, to address the issue, and recommends that users running a prior version of Exim update immediately.

  Google and Amazon approved home speaker apps that spied on users (Oct 21)
 

Privacy is a hot topic in the realm of smart speakers, from employees listening in on recordings and auditors accessing user locations . Now, another issue regarding speakers has been raised, after security researchers revealed that apps accepted by the Amazon Alexa and Google Home platforms could be used to phish users and to eavesdrop on them. Learn more in an interesting Engadget article:
  Mind your own business! CEOs who misuse data could end up in jail (Oct 21)
 

CEOs who lie about misusing consumers data could face up to 20 years in jail under a new piece of US legislation proposed last week. What are your thoughts on this? Learn more about this bill and its potential implications:
  Alexa and Google Home abused to eavesdrop and phish passwords (Oct 22)
 

Have you heard that Amazon- and Google-approved apps are turning voice-controlled devices into "smart spies"? Learn more about this serious privacy threat:
  AWS Left Reeling After Eight-Hour DDoS (Oct 24)
 

Are you aware that Amazon Web Services (AWS) customers were hit by severe outages yesterday after an apparent DDoS attack took S3 and other services offline for up to eight hours? Learn more about the attack:
  Calculating the Benefits of the Advanced Encryption Standard (Oct 22)
 

"NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard." Learn Bruce Schneier's opinion on AES in an interesting article:
  Mozilla's Firefox 70 is out: Privacy reports reveal whose cookies are tracking you (Oct 23)
 

Are you a Firefox user?Mozilla has doubled down on privacy to counter confusing online third-party tracking consent forms. Learn more:
  New York City Considers Legislation To Regulate Facial Recognition Use By Businesses, Property Owners (Oct 25)
 

New York City lawmakers are not advocating an outright ban of facial recognition technology, but say that regulation is necessary to know how police and business owners are using the software. What is your opinion on this? We'd love to hear your thoughts. Learn more in a great Security Today article:
  Axon adds license plate recognition to police dash cams, but heeds ethics board’s concerns (Oct 23)
 

Law enforcement tech outfitter Axon has announced that it will include automated license plate recognition in its next generation of dash cams. But its independent ethics board has simultaneously released a report warning of the dire consequences should this technology be deployed irresponsibly. We'd love to hear your opinion on this. Let's have a discussion! Learn more about this privacy threat in a great TechCrunch article:
  5 cloud security basics and best practices (Oct 24)
 

How much do you know about cloud security? Companies that move to the cloud have to assume new responsibilities, develop new skill sets and implement new processes. The first step to better cloud security is to assume you have no security. Learn more in a great CSO article:
  Dark Web Site Taken Down without Breaking Encryption (Oct 28)
 

The US government has successfully taken down a dark web site without any encryption backdoors, demonstrating that backdoors in communications systems which compromise cryptography for everyone are not necessary to combat crime. Learn more in a great Schneier on Security article:
  BBC News Goes Dark with Censor-Busting Tor Site (Oct 28)
 

Have you heard that the BBC has launched a Tor-based version of its news website, to help circumvent state efforts to censor the free flow of informationaround the world? This announcement highlights the benefits of the dark web to many users around the world. Learn more:
  NordVPN Breached (Oct 28)
 

NordVPN suffered a breach nineteen months ago, which has only recently been disclosed to the public. VPN security in general is questionable. What VPNs do you use, and why should they be considered trustworthy? Learn more about the NordVPN breach in an interesting Schneier on Security article: