The breach happened in 2012. Disqus did not know about it until Troy Hunt found out and notified them this week. About a third of the accounts also include SHA1-hashed passwords (with a salt).
Credit where it's due, they are getting a lot of kudos for handling this breach exemplary, as Troy describes in this post.
Quite a 'woops' moment for Apple. The linked article has a video demonstrating. An update has been pushed out to High Sierra that fixes this.
Time to run them Windows updates. The zero day vulnerability affects Office and is being exploited in the wild. Other fixes include a DNS vulnerability that can trigger remote code execution.
The Border Gateway Protocol is used by large networks to communicate where certain traffic needs to be sent. It is often 'hijacked', where rogue networks announce they want to receive all kinds of traffic that doesn't belong to them. It's a serious problem, and finally NIST and DHS are working to prevent it with an effort called Secure Inter-Domain Routing (SIDR).
Great post by Felix Krause on how it is much too easy to trick iOS users into giving their Apple ID credentials, since all of us are so well trained to enter it at random times anyway. The only way to know it's fake is to press the home button and see if it stays up. He argues these prompts should only be presented in the Settings screen.
According to Accenture the logs indicate that it wasn't accessed by anyone apart from the researcher that found it.
It's run as malware-as-a-service. This article looks at how it works and what the malware authors charge.
Avast researchers are still learning more about the malware campaign surrounding CCleaner (which is owned by Avast). It's a good deep dive for those interested.
Very interesting articles of how a csv can be abused. The author shows examples on how to launch calc.exe from a csv import to Excel, or pulling in data from other spreadsheets or other sources in Google Sheets.