Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

A Critical Exim Vulnerability, Lilocked Ransomware on the Rise, but Linux Not to Blame - Exim may be the Internets most popular email server, but the MTAs recent history with security vulnerabilities is concerning to say the least. This past Friday, the Exim team warned about a critical flaw in its software , affecting all Exim servers running version 4.92.1 and before. When exploited, the bug enables attackers to run malicious code with root privileges. Exim released version 4.92.2 on Friday, September 6, to address the issue, and recommends that users running a prior version of Exim update immediately.

Which Linux Distros Are Most Focused On Privacy? - With over 200 distros to choose from, which one actually offers the most privacy-oriented experience?


  New PDFex attack can exfiltrate data from encrypted PDF files (Sep 30)
 

Have you heard about the new attack that German academics have developed that can extract and steal data from encrypted PDF files, sometimes without user interaction? Learn more:

  New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released (Sep 30)
 

Are you an Exim user? A critical security vulnerability has been discovered and fixed in the popular open-sourceEximemail server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Learn more about the vulnerability in a great The Hacker News article:

  Privacy advocates worry that consumer license plate readers are creating a nosier neighborhood watch (Sep 30)
 

I have a problem with this. These cameras don't just record license plates, but people, bicycles and animals.Itindiscriminately records everything, not just traffic accidents. Cameras should not be a substitute for police doing their job. This data is being sold to and used by anyone who wants it - ICE, private citizens, and other government agencies. If you had a detective on the street corner or in front of your house 24/7 recording every vehicle passing by, the time it passed every day in perpetuity and people in the car, people would see that as an invasion of privacy. "I have nothing to hide" is something said by someone in a position of privilege - our landscapers, housekeepers, and others in our neighborhood in the wrong place at the wrong time are being targeted. Please comment below - we'd love to hear what you think.

  5 Disruptive Trends Transforming Cybersecurity (Oct 1)
 

Everything about IT has changed, but our security measures are still built around how we used to design software and systems. Where does security need to catch up with digital transformation - and how? Learn more:

  Blind Spots in AI Just Might Help Protect Your Privacy (Oct 2)
 

Researchers have found a potential silver lining in so-called adversarial examples, using it to shield sensitive data from snoops. Learn more in an interesting Wired article:

  No federal privacy law will make it in the US this year, sources say (Oct 3)
 

You know about that one, much-hemmed-and-hawed-over, GDPR-ish, national, US privacy law? The one we dont have? The lack of which means the countrys data privacy landscape is made up of a crazy quilt of state laws?Not happening. Not this year. Learn how this impacts your privacy in a great NakedSecurity article:

  O.MG! Evil Lightning cable about to hit mass distribution (Oct 2)
 

Remember the O.MG cable? A project by self-taught electronics hacker _MG_ , its a malicious Lightning cable that looks just like the regular overpriced piece of wire that connects your iPhone to a computer. The cable is now about to hit mass distribution. Learn more:

  Ushering in a New Era (Oct 4)
 

Consumers are becoming increasingly concerned with how their activities are being tracked. This focus on privacy and data security is ushering in a new era of security. Learn more in an interesting SecurityToday article:

  PDF encryption standard weaknesses uncovered (Oct 3)
 

You would be forgiven for thinking that encrypting PDFs, before they are stored or sent via email, keeps their contents away from prying eyes.But according to researchers in Germany, it might be time to revisit that assumption after they discovered weaknesses in PDF encryption which could be exploited to reveal the contents of a file to an attacker. Learn more:

  Google launches leaked-password checker, will bake it into Chrome in December (Oct 4)
 

Google plans to add a hacked-password alert system into its browser by the end of year; Firefox aims to do much the same thing this month. Learn more in an informative Computerworld article:

  Exim suffers another ‘critical’ remote code execution flaw (Oct 2)
 

Remember the critical remote code execution (RCE) vulnerability in the Exim email server, CVE-2019-15846, from mid-September? Barely two weeks later, and the softwares maintainers have issued an advisory for another potentially troublesome bug, identified as CVE-2019-16928 , which has been given the same critical rating. Learn more in a great NakedSecurity article:

  Russian hackers modify Chrome and Firefox to track secure web traffic (Oct 7)
 

Have you heard that Russian hackers are infecting systems with RATs and using them to modify Chrome and Firefox browsers,adding a fingerprint to every TLS action and passively track encrypted traffic? Learn more in an interesting Engadget article:

  DNS-over-HTTPS causes more problems than it solves, experts say (Oct 7)
 

Several experts, companies, and national entities have voiced very convincing concerns about DoH and its features. What is your opinion on DoH?