Twitter employee 'deactivated' Trump account on last day: US president Donald Trump’s Twitter account disappeared for 11 minutes yesterday, in a final act of farewell by an employee leaving the company. In response Donald Trump has said that ‘the word’ must finally be getting out and having an impact. Speculation is rife as to what that word might be, with none of the suggestions suitable to publish here. http://www.bbc.co.uk/news/world-us-canada-41854482
Windows 10 tip: turn on the new anti-ransomware features in the Fall Creators Update: Win10 Fall Creators Update adds a powerful and apparently effective anti-cryptomalware feature known as "Controlled Folder Access". http://www.zdnet.com/article/windows-10-tip-turn-on-the-new-anti-ransomware-features-in-the/
59% of employees hit by ransomware at work paid out of their own pockets: A survey of more than 1,000 office workers carried out by business cloud services provider Intermedia has revealed that 59% of employees that had their computer hit by ransomware paid the ransom demand out of their own pockets. https://www.intermedia.net/report/datavulnerability2017
Hackers using default SSH creds to take over Ethereum mining equipment: A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials.
Undetectable ATM shimmers used to steal chip based cards worldwide: As crooks continue to use skimmers in payment card frauds, these devices are becoming even more sophisticated. The number of cyber-attacks against ATMs involving so-called ‘insert skimmers’ is increasing. Insert Skimmers are wafer-thin fraud devices designed to fit invisibly inside the ATM card slot.
WordPress releases version 4.8.3 to address serious SQL injection vulnerability: WordPress developers fixed a serious SQL injection vulnerability that was reported by the researcher Anthony Ferrara, VP of engineering at Lingo Live. The issue was addressed on Tuesday with the release of version 4.8.3.The vulnerability can be exploited via WordPress plugins and themes, an attacker can take over vulnerable websites by powering an SQL injection attack. https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
FireEye releases GoCrack, a free managed password cracking tool: FireEye has released a managed password cracking tool, dubbed GoCrack, that is able to execute tasks across multiple GPU servers. GoCrack is an open source tool developed by FireEye’s Innovation and Custom Engineering (ICE) team that implements an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks.
iPhone 7, Samsung Galaxy S8 and others hacked in Pwn2Own: Participants in the Mobile Pwn2Own 2017 competition successfully hacked into Apple's iPhone 7, Samsung's Galaxy S8, and Huawei's Mate 9 Pro during the first day of competition, according to event organizer Trend Micro's Zero Day Initiative (ZDI). https://www.darkreading.com/mobile/iphone-7-samsung-galaxy-s8-others-hacked-in-pwn2own/d/d-id/1330296?
Office 365 missed 34,000 phishing emails last month: Microsoft Office 365 missed 9.3% of emails containing spam, phishing, and malware from the beginning of September through early October, report Cyren researchers, who analysed 10.7 million messages.
Highly critical flaw (CVSS Score 10) lets hackers hijack Oracle Identity Manager: A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control of affected systems.
New VibWrite system uses finger vibrations to authenticate users: Rutgers engineers have created a new type of user authentication system that relies on transmitting vibrations through a surface and having the user touch the surface to generate a unique signature. This signature is then used to approve or deny a user access to an app, room or building.
Investigation underway at Heathrow after USB containing sensitive documents found on pavement: An unnamed man, on his way to the library, spotted a thumb drive on the sidewalk in Queen’s Park, West London. He pocketed the USB drive and continued on his way. A few days later he returned to the library to view its contents. Recognizing the sensitive nature of the information, he then turned the USB drive over to The Sunday Mirror.
3 November 2017