Thank you for subscribing to our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week’s most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.

Today’s newsletter highlights our two most recent feature articles: Know the Enemy: Upgrade Your Threat Detection Strategy with Honeynets and New Report: Severe Flaws in Cyberoam’s Firewall and VPN Technology Left at Least 86,000 Networks Vulnerable to Exploit. We also examine various topics including the Universal Serial Bus (USB) - a new tool for testing USB drivers and identifying vulnerabilities in widely used operating systems including Linux, an emerging strain of malware, dubbed “Octopus Scanner” targeting developers on Github and an Exim flaw that has been exploited by Russian hackers since August 2019. Happy Monday - and happy reading!

New Report: Severe Flaws in Cyberoams Firewall and VPN Technology Left At Least 86,000 Networks Vulnerable to Exploit - A new report published by vpnMentor examines two critical vulnerabilities in cybersecurity provider Cyberoam s firewall and VPN technology, which - both independently and combined - could be exploited by malicious actors to access the companys email quarantine system without authentication and remotely execute arbitrary commands. These flaws were discovered by different security researchers working independently, and have both been patched by Sophos .

Know The Enemy: Upgrade Your Threat Detection Strategy with Honeynets - Honeynets are an invaluable offensive security tool for learning the tactics and motives of the blackhat community and sharing the information and insights gathered. This article will explore what a Honeynet is, its value, how it works and the risks involved with deploying a Honeynet. It will also examine some great open-source honeynet options your organization may wish to consider.

  Mozilla, Twitter, Reddit join forces in effort to block browsing data from warrantless access (May 25)
 

Seven Internet giants including Mozilla, Twitter and Reddit have asked the US House of Representatives to protect users' privacy online and prohibit the warrantless collection of Internet search and browsing history when it considers the USA FREEDOM Reauthorization Act.
  National Security Agency Exposes Tool Used By Russian Hackers (May 29)
 

The National Security Agency (NSA) has publicly accused Sandworm, an infamous Russian hacking group, of exploiting a flaw in Exim software commonly found in Linux computers.
  Linux Creator Linus Torvalds Ditches Intel CPU Over AMD Threadripper (May 27)
 

Have you heard that Linux creatorLinus Torvalds has upgradedhis personal desktop,replacing his previous Intel CPU with the AMD Threadripper 3970x?
  This Linux laptop hack could be vital to protecting your privacy (May 26)
 

It turns out that nail polish on screws is an unusual, but effective way to protect Linux laptops from tampering while in transit and protect users' privacy.
  Google sued by Arizona for tracking users’ locations in spite of settings (May 29)
 

Have you heard that Arizona has filed suit against Google over the violation of users' privacy by tracking locations even after theyve turned tracking off? Arizona State Attorney General Mark Brnovich claims that the advertising-fueled tech titan has a complex web of settings and purported consents' that enable it to furtively milk us for sweet, sweet ad dollars.
  Linux Kodachi 7.0 ‘Katana’ Released: Browse The Internet Anonymously (May 27)
 

Are you familiar with Linux Kodachi? Linux Kodachi is one of the most secure operating systems that offer complete privacy and anonymity. Now with the latest full system update, Warith Al Maawali, developer of Linux Kodachi, has released a new point version Linux Kodachi 7.0.
  New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD (May 28)
 

A new fuzzing tool, USBFuzz, has identified 18 USB bugs impacting Linux.Eleven have already been patched.
  Removing A False Sense Of (open source) Security (May 28)
 

The value of OSS is undeniable. OSS offers organisations greater flexibility and cost savings. However, it needs to be understood that no software is completely bullet proof and OSS shares the same inherent risks as traditional software.
  New software security tool to detect bugs in OS (Jun 1)
 

Have you heard about the Universal Serial Bus (USB) - a portable, flexible, and modular framework for fuzz testing USB drivers? It can be used toidentify vulnerabilities in the USB driver stacks of widely used operating systems, including Linux.
  Github uncovers malicious ‘Octopus Scanner’ targeting developers (Jun 1)
 

Have you heard about 'Octopus Scanner', a dangerous strain of malware targeting developers on Github? Github has stated: "Since the primary-infected users are developers, the access that is gained is of high interest to attackers since developers generally have access to additional projects, production environments, database passwords, and other critical assets. There is a huge potential for escalation of access, which is a core attacker objective in most cases."