Google's "APP" -- Advanced Protection Program -- goes live: Google already provides various advanced features such as login alerts and two-factor authentication to keep your Google account secure. However, if you are extra paranoid, Google has just introduced its strongest ever security feature, called "Advanced Protection," which makes it easier for users who are usually at high risk of targeted online attacks to lock down their Google accounts like never before. https://9to5google.com/2017/10/17/google-announces-advanced-protection-program/
IT Admin trashes railroad company's network in act of vengeance: A federal jury in Minneapolis, Minnesota found a local man guilty of intentionally damaging his former employer's network before leaving the company.
Anubi Ransomware in the wild: A new type of ransomware called Anubi was discovered by Malwarebytes security researcher S!Ri that appends the .[[email protected]].anubi extension to encrypted files. At present, not much is known about how this ransomware is distributed.
Wifi networks are vulnerable to WPA KRACK attack: Boffins have discovered several key management flaws in the core of the Wi-Fi Protected Access II (WPA2) protocol that could be exploited by an attacker to hack into Wi-Fi networks, eavesdrop and steal sensitive information (i.e. credit card numbers, passwords, chat messages, emails, and pictures). https://papers.mathyvanhoef.com/ccs2017.pdf
Iranian hackers compromised Theresa May’s email account along with 9,000 others: According to intelligence officials, the cyberattack “bombarded parliamentary email accounts” but only compromised about 1 percent of the accounts it affected. The attack was initially thought to be the result of amateur hackers and not a nation-state. http://securityaffairs.co/wordpress/64340/intelligence/iranian-hackers-email-hack.html
GDPR Compliance: 5 early steps to get laggards going: Although the European Union's General Data Protection Regulation (GDPR) has been in effect since 2016, and despite enforcement kicking off a mere seven months from now, many companies didn't really appreciate the magnitude of the new privacy legislation until the Equifax breach.
ROCA vulnerability (CVE-2017-15361) allows attackers to recover users’ private RSA keys: The vulnerability, tracked as CVE-2017-15361, affects the implementation of RSA key pair generation by Infineon’s Trusted Platform Module (TPM). Infineon TPM is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and helps to shield against unauthorized access to the data stored by improving the system integrity. https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Russia fines Telegram $14,000 for refusing to give up encryption backdoor: Russia has fined Telegram 800,000 Russian rubles — approximately $14,000 — for failing to comply with a government order that required the company to provide access to encrypted conversations to Russian intelligence agency FSB.
Video of latest ATM malware sold on the Dark Web: A hacker or hacker group is selling a strain of ATM malware that can make ATMs spit out cash just by connecting to its USB port and running the malware.
20 October 2017