Thank you for subscribing to our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week’s most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.


Today’s newsletter highlights our two most recent feature articles: Know the Enemy: Upgrade Your Threat Detection Strategy with Honeynets and New Report: Severe Flaws in Cyberoam’s Firewall and VPN Technology Left at Least 86,000 Networks Vulnerable to Exploit. We also examine various topics including the release of Kali Linux 2020.2, a buggy Linux kernel patch submitted by a Huawei employee and how to set up a firewall with UFW on Ubuntu 20.04 - explained in a detailed tutorial. Happy Monday - and happy reading!

New Report: Severe Flaws in Cyberoams Firewall and VPN Technology Left At Least 86,000 Networks Vulnerable to Exploit - A new report published by vpnMentor examines two critical vulnerabilities in cybersecurity provider Cyberoam s firewall and VPN technology, which - both independently and combined - could be exploited by malicious actors to access the companys email quarantine system without authentication and remotely execute arbitrary commands. These flaws were discovered by different security researchers working independently, and have both been patched by Sophos .

Know The Enemy: Upgrade Your Threat Detection Strategy with Honeynets - Honeynets are an invaluable offensive security tool for learning the tactics and motives of the blackhat community and sharing the information and insights gathered. This article will explore what a Honeynet is, its value, how it works and the risks involved with deploying a Honeynet. It will also examine some great open-source honeynet options your organization may wish to consider.

  The US Senate just voted to let the FBI access your browser history without a warrant (May 14)
 

In a major blow to citizens privacy, the US Senate voted today to give law enforcement agencies suchas the FBI and CIA the power to look into your browser history without a warrant. How do you feel about this?
  Abandoned Open Source Code Heightens Commercial Software Security Risks (May 13)
 

Adopting open-source software and technology has the potential to improve an organizations' security posture if this technology is properly monitored and maintained. A new report from Synopsys indicates that many organizations are falling down on the job, resulting in serious security issues.
  Securing Linux's master sysadmin command: Sudo (May 14)
 

Have you heard about the new release of the open-source Linux command sudo? It comes with improved auditing, logging, and security.
  Huawei denies involvement in buggy Linux kernel patch proposal (May 13)
 

Huawei has denied having any official involvement in an insecure patch submitted to the Linux kernel project over the weekend, which introduced a "trivially exploitable" vulnerability. According to the tech giant, anemployee submitted code as part of a personal project, not on behalf of the company.
  Black Hat USA and DEF CON Cancelled Due to #COVID19 (May 11)
 

Both Black Hat USA and DEF CON have been cancelled due to COVID-19, turning a notorious DEF CON joke on its head.
  Kali Linux 2020.2 Released, Download Now!!! (May 15)
 

Are you a security researcher, pen-tester or ethical hacker? If so, you will definitely want to check out Kali Linux 2020.2. This release includes infrastructure improvements, PowerShell by Default, changes with login and other great features.