Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

What we Can Learn from the Recent VLC Security Vulnerability Fiasco: A Conversation with VideoLAN President Jean-Baptiste Kempf - About a week ago, the LinuxSecurity staff started tracking a security issue related to VLC , the popular open source media player. Security vulnerabilities are a regular part of the software development lifecycle. These vulnerabilities are identified, then a solution is created and distributed to its users. In this case, it wasnt completely clear whether thats what happened, though. We decided to find out.

LinuxSecurity.com Launches New site, Celebrates 20 Years of Following Open Source Security News and Resources - LinuxSecurity.com, the open-source communitys go-to source for security news and information, has revealed a completely new site design and a renewed focus on providing timely, authoritative industry content. LinuxSecurity.com is a valuable resource for the open-source community, informing Linux users of the latest cyber security-related news, trends and advisories.

  All Microsoft Certified Drivers from Intel, Nvidia, AMD, Others Are Vulnerable (Aug 12)
 

All major BIOS vendors, along with the likes of AMD, Nvidia, Intel, Huawei, and many others, are offering drivers that have serious security issues. A new report, called Screwed Drivers, from Eclypsium, revealed the worrying extent of the problem.
  16 million Americans will vote on hackable paperless machines (Aug 13)
 

Experts agree that paper ballots are needed, but eight American states will use completely paperless machines in the 2020 elections regardless. What are your thoughts on this? Comment below.
  GDPR privacy can be defeated using right of access requests (Aug 12)
 

A British researcher has uncovered an ironic security hole in the EUs General Data Protection Regulation (GDPR) " right of access requests.
  Certificate Giant Slams Plan to Shorten HTTPS Lifespans (Aug 13)
 

Industry stakeholders are considering reducing the lifespan of HTTPS certificates to just 13 months, around half of the current duration, in order to improve security.
  Beware: This fake iPhone charging cable can hijack your computer (Aug 13)
 

Have you heard about the new fake iPhone charging cable developed by security researcher Mike Groverwhich allows attackers to take over Linux, Mac and Windows computers as soon as they are plugged in? Learn more in this interesting PCMag article:
  Moving on Up: Ready to Climb to the Cloud? (Aug 13)
 

Among the complications: traditional security tools work poorly or not at all in the cloud, and if a company screws up, the whole Internet will know.
  The best and worst of Black Hat 2019 (Aug 16)
 

Black Hat hit high notes and low last week in Vegas. Check out this awesome CSO article for a summary of what you missed.
  Hacking forum spills rival’s 321,000 member database (Aug 15)
 

Have you heard about the recent leak affecting the hacking forum Cracked.to? Last Friday the forum's database of 321,000 members and 749,161 unique email addresses was leaked on rival site, RaidForums. Learn the details in this interesting article:
  Multiple HTTP/2 DoS flaws found by Netflix (Aug 19)
 

Have you heard that Netflix has identified several denial of service (DoS) flaws in numerous implementations of HTTP/2, a popular network protocol that underpins large parts of the web? Exploiting them could make servers grind to a halt. These vulnerabilities affect various Linux distributions and open-source vendors and projects. Learn the details in this article:
  61 impacted versions of Apache Struts left off security advisories (Aug 19)
 

Are you an Apache Struts user who follows security advisories? If so, they may be giving you a false sense of security.