sec

Naked Security

• Feds secretly subpoenaed encrypted chat app Signal
• Me-OUCH! Facebook shuts accounts over image of cat wearing suit and tie
• Mirai “internet of things” malware from Krebs DDoS attack goes open source
• Unmasking Tor users with DNS
• Did Yahoo spy on its users’ emails for the NSA?

Office of Inadequate Security

• CA: Apria Healthcare notifies patients of breach
• Contracting in the Cloud: Who Pays for a Data Breach?
• Man arrested for streaming porn to electronic billboard
• TalkTalk gets record £400,000 fine for failing to prevent October 2015 attack

SANS Internet Storm Center, InfoCON: green

• October 2016 Issue of Securing the Human "Ouch!" Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016, (Wed, Oct 5th)
• ISC Stormcast For Thursday, October 6th 2016 https://isc.sans.edu/podcastdetail.html?id=5197, (Thu, Oct 6th)

Full Disclosure

• Clean Master v1.0 - Unquoted Path Privilege Escalation
• Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability
• Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability
• KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service
• KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
• KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion
• KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access

Dark Reading:

• Yahoo Reportedly Complied With US Intel Request To Search All Customer Emails
• Black Hat Europe 2016 Sponsor Content: What's In Your Armoury For Discovering Software Vulnerabilities?
• OTA Issues Checklist For Securing IoT Devices
• Cybersecurity Economics In Government -- Is Funding The Real Problem?
• FBI Arrests NSA Contractor For Alleged Code Theft
• 20 Questions To Explore With Security-as-a-Service Providers
• Half Of Cybersecurity Pros Solicited Weekly About A New Job