A Windows-based botnet is spreading a Mirai variant that is also capable of spreading to Linux systems under certain conditions, Kaspersky Lab researchers said.

Security researcher Dino Dai Zovi talks about a new company he cofounded called Capsule8 that will help IT organizations counter threats to Linux infrastructures.

Debian developers are recommending that the Cryptkeeper Linux encryption app be pulled from the distribution after a universal password was found.

A remote code execution bug in Ubuntu Desktop was patched; the vulnerability affected all default installations of Quantal version 12.10 and later.

A local, race condition vulnerability in the af_packet implementation in Linux was patched this week. The bug allows a local attacker to execute code or crash a server.

A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems.

A privilege escalation vulnerability, nicknamed Dirty Cow and present in Linux since 2007, has been used in public attacks against web-facing Linux servers.

The dangers of Skyping and typing, the fingerprint warrant story, hiding credit card numbers in images, and more are discussed.

A Linux admin and open source developer has come up with a 48-character attack that crashes Linux servers, but experts argue the security implications of the bug.

Mike Mimoso, Tom Spring, and Chris Brook discuss the news of the week, including the MedSec/Muddy Waters story, how the Angler exploit kit was traced back to the Lurk Gang, Fairware hitting Linux servers, and the Bashlite IoT malware. Download: Threatpost_News_Wrap_September_2_2016.mp3 Music by Chris Gonsalves