Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

A Critical Exim Vulnerability, Lilocked Ransomware on the Rise, but Linux Not to Blame - Exim may be the Internets most popular email server, but the MTAs recent history with security vulnerabilities is concerning to say the least. This past Friday, the Exim team warned about a critical flaw in its software , affecting all Exim servers running version 4.92.1 and before. When exploited, the bug enables attackers to run malicious code with root privileges. Exim released version 4.92.2 on Friday, September 6, to address the issue, and recommends that users running a prior version of Exim update immediately.

Which Linux Distros Are Most Focused On Privacy? - With over 200 distros to choose from, which one actually offers the most privacy-oriented experience?

  Cloudflare has a new plan to fight bots — and climate change (Sep 23)
 

Have you heard that Cloudflare is ratcheting up its fight against bots with a new fight mode, which it says will frustrate and disincentivize bot operators from their malicious activity? Learn more:
  CISA’s Krebs seeks more measured approach to election security heading into 2020 (Sep 23)
 

Heading into 2020, the Cybersecurity and Infrastructure Security Agency director says overhyped concern about election security is a problem, while election officials say they reap the benefits of improved communications. Learn more in a great CSO article:
  Some Voting Machines Still Have Decade-Old Vulnerabilities (Sep 26)
 

The results of the 2019 Defcon Voting Village are in"and they paint an ugly picture for voting machine security. Learn more in an interesting Wired article:
  Alibaba unveils Hanguang 800, an AI inference chip it says significantly increases the speed of machine learning tasks (Sep 25)
 

Alibaba Group introduced its first AI inference chip today, a neural processing unit called Hanguang 800 that it says makes performing machine learning tasks dramatically faster and more energy-efficient. Learn more in an interesting TechCrunch article:
  Hackers are infecting WordPress sites via a defunct plug-in (Sep 26)
 

If youre a WordPress admin using a plug-in called Rich Reviews, youll want to uninstall it. Now. Learn more:
  Social engineering explained: How criminals exploit human behavior (Sep 25)
 

Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. Learn how to spot the signs in a great CSO article:
  Secure DevOps Practices Expected to Increase for Cloud Apps (Sep 26)
 

Very few companies are securing the majority of their cloud-native apps with DevSecOps practices, according to new research. Get the details:
  What does an open source AI future look like? (Sep 27)
 

Placing the fundamental building blocks of AI in the hands of the open source community is advancing AI in multiple industries. Learn more:
  Privacy advocates worry that consumer license plate readers are creating a nosier neighborhood watch (Sep 30)
 

I have a problem with this. These cameras don't just record license plates, but people, bicycles and animals.Itindiscriminately records everything, not just traffic accidents. Cameras should not be a substitute for police doing their job. This data is being sold to and used by anyone who wants it - ICE, private citizens, and other government agencies. If you had a detective on the street corner or in front of your house 24/7 recording every vehicle passing by, the time it passed every day in perpetuity and people in the car, people would see that as an invasion of privacy. "I have nothing to hide" is something said by someone in a position of privilege - our landscapers, housekeepers, and others in our neighborhood in the wrong place at the wrong time are being targeted. Please comment below - we'd love to hear what you think.
  New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released (Sep 30)
 

Are you an Exim user? A critical security vulnerability has been discovered and fixed in the popular open-sourceEximemail server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Learn more about the vulnerability in a great The Hacker News article:
  New PDFex attack can exfiltrate data from encrypted PDF files (Sep 30)
 

Have you heard about the new attack that German academics have developed that can extract and steal data from encrypted PDF files, sometimes without user interaction? Learn more: