Technical

General Topics
1941

Go spy, GO! Popular app with 200M+ users crosses the red line
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/

1942

What a wrong update could have as a result, Dutch posters making posts in Swedish via MS Outlook: https://www.security.nl/posting/531515/Ansikte+id+på+din+smartphone+är+a%3A

Funny if the Microsoft Update Release Management was not that tragically wrong. :o

polonus

1943

Ransomware or Wiper? RedBoot Encrypts Files but also Modifies Partition Table
https://www.bleepingcomputer.com/news/security/ransomware-or-wiper-redboot-encrypts-files-but-also-modifies-partition-table/

1944

Additional information regarding the recent CCleaner APT security incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident

1945

CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf

1946

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/

1947

Illusion Gap – Antivirus Bypass Part 1
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/

1948

Broadening HSTS to secure more of the Web
https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html

1949

PrivateBin
PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data
https://privatebin.info/

1950

Internet Explorer bug leaks whatever you type in the address bar
https://arstechnica.com/information-technology/2017/09/bug-in-fully-patched-internet-explorer-leaks-text-in-address-bar/
http://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/

1951

Fake Plugins, Fake Security
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html

1952

Inside the CCleaner Backdoor Attack
https://threatpost.com/inside-the-ccleaner-backdoor-attack/128283/

1953

Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://github.com/google/security-research-pocs/tree/master/vulnerabilities/dnsmasq

1954

New macOS High Sierra vulnerability exposes the password of an encrypted APFS container
https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79

1955

The October 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/10/10/the-october-2017-security-update-review

1956

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets
https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html

1957

System Shock: How A Cloud Leak Exposed Accenture’s Business
https://www.upguard.com/breaches/cloud-leak-accenture
http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/

1958

Downplaying a Hack only makes the company look more guilt once all the facts are released.
When will companies learn ??? The sooner you reveal the truth, the better off you’ll be in the long run.

1959

Equifax website borked again, this time to redirect to fake Flash update
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/

1960

Ladies and Gentlemen, prepare your CPU—web browser mining is coming
https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming