Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

A Critical Exim Vulnerability, Lilocked Ransomware on the Rise, but Linux Not to Blame - Exim may be the Internets most popular email server, but the MTAs recent history with security vulnerabilities is concerning to say the least. This past Friday, the Exim team warned about a critical flaw in its software , affecting all Exim servers running version 4.92.1 and before. When exploited, the bug enables attackers to run malicious code with root privileges. Exim released version 4.92.2 on Friday, September 6, to address the issue, and recommends that users running a prior version of Exim update immediately.

Which Linux Distros Are Most Focused On Privacy? - With over 200 distros to choose from, which one actually offers the most privacy-oriented experience?

  Google fixes Chromebook 2FA flaw in ‘built-in security key’ (Sep 16)
 

Are you a Chromebook user? Google has discovered a serious flaw in a Chromebook security feature which allows owners to press their devices power button to initiate U2F two-factor authentication (2FA). Learn more:
  How Cloud-Based Automation Can Keep Business Operations Secure (Sep 16)
 

Cloud computing has the potential to greatly improve an organization's security posture; however, many companies have the tendency to become overly-reliant on cloud computing services like Amazon Web Services to oversee all aspects of security, instead of taking full responsibility for their data security. Learn more:
  Talking to machines: Lisp and the origins of AI (Sep 17)
 

This articleexplores the invention of Lisp and the rise of thinking computers powered by open-source software:
  Russia reportedly breached encrypted FBI comms in 2010 (Sep 17)
 

Are you aware that Russia reportedlybreached FBI communications starting in 2010?The Obama administration seized two US compounds in response. Learn more:
  Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions (Sep 18)
 

Are you a phpMyAdmin user? A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin"one of the most popular applications for managing the MySQL and MariaDB databases. Learn more:
  Is $100 million enough to save the web from ads? (Sep 18)
 

After years of going nowhere, could web micropayments be the next big enabler for user privacy? Learn more in a great Naked Security article:
  GitHub acquires Semmle to help developers spot security vulnerabilities (Sep 19)
 

Popular software hosting service GitHub has acquired Semmle , a code analysis platform that helps product developers and security researchers discover potential zero-days and critical vulnerabilities in largecodebases. Learn more in a great The Next Web article:
  IBM will soon launch a 53-qubit quantum computer (Sep 18)
 

IBM continues to push its quantum computing efforts forward and today announced that it will soon make a 53-qubit quantum computer available to clients of its IBM Q Network . The new system, which is scheduled to go online in the middle of next month, will be the largest universal quantum computer available for external use yet.
  Server-squashing zero-day published for phpMyAdmin tool (Sep 20)
 

Are you a phpMyAdmin user? A researcher has just published a zero-day security bug in one of the webs most popular database administration software packages. Learn more:
  Patch now: 1,300 Harbor cloud registries open to attack (Sep 19)
 

Have you heard that a severe critical privilege escalation vulnerability has been found in Harbor open-source registry software? Learn more:
  IBM’s new 53-qubit quantum ‘mainframe’ is live in the cloud (Sep 20)
 

IBM has boosted its growing stable of quantum computers with a new 53-quantum bit (qubit) device, the most powerful ever offered for commercial use. Learn more in a great Naked Security article:
  CISA’s Krebs seeks more measured approach to election security heading into 2020 (Sep 23)
 

Heading into 2020, the Cybersecurity and Infrastructure Security Agency director says overhyped concern about election security is a problem, while election officials say they reap the benefits of improved communications. Learn more in a great CSO article:
  7 Ways VPNs Can Turn from Ally to Threat (Sep 21)
 

VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN: