Threat Post: WordPress 5.0 Patched to Fix Serious Bugs. “WordPress 5.0 users are being urged to update their CMS software to fix a number of serious bugs. The update (WordPress 5.0.1) addresses seven flaws and was issued Thursday, less than a week after WordPress 5.0 was released.”
security
ZDNet: Facebook bug exposed private photos of 6.8 million users
ZDNet: Facebook bug exposed private photos of 6.8 million users. “Facebook announced today another security incident affecting millions of its customers. This time, the company said that a bug in one of its APIs exposed the private photos of nearly 6.8 million users. Facebook blamed this new leak on a Photo API bug that was present in its backend code between September 13 to September 25, 2018.”
CNET: The worst passwords of 2018 are just as dumb as you’d expect
CNET: The worst passwords of 2018 are just as dumb as you’d expect . “It doesn’t look like we’re getting any smarter about our passwords. On Thursday, software company SplashData released its annual list of the Top 100 worst passwords, and it includes some pretty obvious blunders. Coming in at No. 1 is, you guessed it, ‘123456,’ and in second place is, yup, ‘password.’ This is the fifth year in a row these passwords have held the top two spots. “
Misconfigured server exposed half of all Brazilian taxpayer ID numbers: report (Cyberscoop)
Cyberscoop: Misconfigured server exposed half of all Brazilian taxpayer ID numbers: report. “A database containing personally identifying information of 120 million Brazilian citizens and residents was accessible on the open web for some time, according to a report published Tuesday by cybersecurity company InfoArmor.”
TechCrunch: France’s Ministry of Foreign Affairs says emergency contact information database has been breached
TechCrunch: France’s Ministry of Foreign Affairs says emergency contact information database has been breached. “The Ministry of Europe and Foreign Affairs in France has released a statement announcing that personal information has been stolen in a data breach. Around 540,000 records have been stolen — those records contained names, phone numbers and email addresses.”
Ars Technica: Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail
Ars Technica: Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail. “A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.”
Neowin: Windows 10 logs your activities to the cloud even when you tell it not to
Neowin: Windows 10 logs your activities to the cloud even when you tell it not to . “Although Microsoft appeared to answer critics, and even lawmakers at the beginning of the year by incorporating even more privacy controls into Windows 10 (which really just adds to the flood of settings you now have to be mindful of) it would appear that the toggles do little to nothing in reality.”
