Google+
Google is shutting down its social-media network after belatedly
disclosing a data breach that exposed the data of 500,000 users. An
API enabled third-party developers to access user names, email
addresses and other personal information. To read more: https://thehackernews.com/2018/10/google-plus-shutdown.html
Grey-hat hacker
A grey-hat hacker is breaking into people’s MikroTik routers and
patching the devices so they can’t be abused. The hacker claims to
have disinfected more than 100,000 routers. To read more: https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/
Pentagon
Pentagon officials said that the Department of Defense had suffered
a security breach at the hands of a third-party contractor. Roughly
30,000 DoD military and civilian personnel are thought to be
affected. To read more: https://www.zdnet.com/article/pentagon-discloses-card-breach/
FitMetrix
The data of an unknown number of FitMetrix users were left exposed
online. The fitness-and-health software company’s servers were not
secured with an access password, which enabled anyone who knew
their IP address to access the information. To read more: https://www.zdnet.com/article/fitmetrix-user-data-exposed-via-passwordless-elasticsearch-server-cluster/
Assassin’s Creed Odyssey
Assassin’s Creed Odyssey, a video game, was hit by a DDoS attack
last Friday. To read more: https://www.grahamcluley.com/assassins-creed-odyssey-suffers-ddos-attack-at-launch/
MikroTik router
A researcher from Tenable Research released a proof-of-concept
remote-command-execution attack for an old directory-traversal
vulnerability that was discovered and patched in April. The
vulnerability is considered critical because the RCE attack enables
attackers to remotely execute code on affected devices and gain
full root access. To read more: https://thehackernews.com/2018/10/router-hacking-exploit.html
Adobe
Adobe’s latest security update addresses 11 vulnerabilities in
Adobe Digital Editions, Framemaker and Technical Communications
Suite. Four of the vulnerabilities are rated critical. To read
more: https://thehackernews.com/2018/10/adobe-security-updates.html
WhatsApp
A security researcher found a critical vulnerability in WhatsApp
messenger that could enable hackers to take remote control of the
app via a video call. The vulnerability is a memory heap overflow
issue that is triggered when a user receives a specially crafted
malformed real-time transport protocol packet. To read more:
https://thehackernews.com/2018/10/hack-whatsapp-account-chats.html
Microsoft JET
A vulnerability in Microsoft JET’s database engine is still open
even after Microsoft shipped patches earlier last week. The
vulnerability was a zero-day and is critical because JET is
included in all versions of Windows. To read more: https://www.zdnet.com/article/microsoft-jet-vulnerability-still-open-to-attacks-despite-recent-patch/
Google Play trojan
A new trojan that passes itself off as Google Play on Android
smartphones was discovered by researchers. To read more: https://www.zdnet.com/article/this-trojan-masquerades-as-google-play-to-hide-on-your-phone/
Sign up below and receive these reports and more directly in your inbox.