"Don't Use Hardcoded Keys" -- DUHK -- The DUHK Attack: Two researchers at the University of Pennsylvania, and the Johns Hopkins University's prolific Matthew Green uncovered a significant implementation error in at least 12 commercial VPN implementations. https://duhkattack.com/
Kaspersky Lab to open software to review, says nothing to hide: In their announcement, Kaspersky did not name the outside reviewers, but said they would have strong software security credentials and be able to conduct technical audits, source code reviews and vulnerability assessments as well as examine Kaspersky's business practices and software development methodology.
AI Bot that mimics human eye breaks reCAPTCHAs with 66.6% accuracy: Computer scientists have created an AI algorithm that works on the same principles of the human eye, and that can break various CAPTCHA systems with accuracies of over 50%. More specifically, this new system solved Google reCAPTCHAs with 66.6% accuracy, BotDetect with 64.4%, Yahoo with 57.4%, and PayPal image challenges with 57.1%. http://science.sciencemag.org/content/early/2017/10/26/science.aag2612.full
Bad Rabbit Ransomware outbreak also used NSA exploit: While it was believed that the ransomware spread from the initial victim to nearby computers using a custom scanning mechanism that relied on the SMB protocol, new research published today by Cisco Talos and F-Secure reveals the Bad Rabbit ransomware also used a modified version of an NSA exploit to bolster its spread. http://blog.talosintelligence.com/2017/10/bad-rabbit.html
Bug in mobile app lets hackers control of LG Smart devices: The vulnerability affects the LG SmartThinQ app used to control all of LG's "smart" home appliances, a list that includes devices such as smart ovens, vacuums, dishwashers, refrigerators, washing machines, dryers, air conditioners, and more. The good news is that the vulnerability is now patched, and even if users still use older app versions, the vulnerability is not easy to exploit.
Backdoor account found in popular ship satellite communications system: A popular satellite communications (SATCOM) system installed on ships across the world is affected by two serious security flaws — a hidden backdoor account with full system privileges access and an SQL injection in the login form.
Millennials are twice as likely to fall for phishing scams: One in ten subjects aged 18-24 admitted to falling victim to phishing, compared to only one in twenty subjects aged 55 or older.
Celeb plastic surgery uncovered by hackers: The London Bridge Plastic Surgery clinic, with clients such as Katie Price amongst others, has confirmed in a statement that it has been the victim of a cyber attack. The alleged culprit is a well-known hacker using the moniker The Dark Overlord.
Third Man charged with having celebrities' iCloud and Gmail accounts: A federal court charged an Illinois man with hacking into hundreds of iCloud and Gmail accounts, some of which belonged to celebrities, after duping them into sharing their log-in information via a phishing scheme, according to the Department of Justice.
27 October 2017