They recently learned that literally -all- Yahoo accounts were compromised.
Not the POS system from their stores themselves, but from the taprooms and restaurants in their stores.
Researchers from Duo discovered that about 4.2% of Mac's don't have the EFI firmware version they should have, leaving the machine potentially vulnerable to nasty malware. One model had this problem in as much as 43% of the tested machines.
They released a tool to see if yours is affected too.
Even if your on their free plan, they will always protect you against DDoS attacks without charging anything extra. Quite an amazing announcement. This Wired article has some more background.
HSTS is a mechanism that forces visitors to connect using HTTPS instead of HTTP.
Google is the registrar for a bunch of top-level domains, like .dev, .app and .how. It has announced that it will enable HSTS on all of those.
Awesome blogpost from Cloudflare on how they mitigate various kinds of DDoS attacks, and how they wrote Gatebot to automate much of it.
Update all the things
This is never an exhaustive list of course, but just a few things that hit my radar.
- Google has discovered a bunch of vulnerabilities in DNSMasq, a widely used service for DNS, DHCP, router advertisements and network boot. If you use it, make sure to install patches. (link)
- Android fixed 14 bugs, five of which critical, in its October update. (link)
- Netgear released 50 patches for its devices, 20 of which rated critical. (link)
Fun read on how France used to have 'message towers' to relay messages from one end of France to the other, and how it was subverted for profit by two brothers.
Only two days left on this one, I'm sorry for only catching it this late :/ If you read this in time, there is some great stuff in there.