Researcher: I Hacked Trump’s Twitter by Guessing Password
Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.
Source: Threadpost
Facebook, News and XSS Underpin Complex Browser Locker Attack
A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting (XSS) vulnerability on...
Microsoft Teams Phishing Attack Targets Office 365 Users
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.
Source: Threadpost
Chrome 86 Aims to Bar Abusive Notification Content
Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.
Source: Threadpost
Feds: Iran Behind ‘Proud Boys’ Email Attacks on Democratic Voters
Messages that threaten people to ‘vote for Trump or else’ are part of foreign adversaries’ attempts to interfere with the Nov. 3 election, according to feds.
Source: Threadpost
On the trail of the XMRig miner
As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our...
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.
Source: Threadpost
Cisco Warns of Severe DoS Flaws in Network Security Software
The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.
Source: Threadpost
Oracle Kills 402 Bugs in Massive October Patch Update
Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.
Source: Threadpost
Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data."
Source: Threadpost