Related to but not the same as "Drupalgeddon2". Make sure you patch ASAP, since only five hours after the announcement the first exploit attempts were already seen. Meanwhile there are several botnets racing to attack as many Drupal sites as possible with the Drupalgeddon2 exploit: link
It's quite a hefty attack: they hijacked BGP routes to redirect DNS traffic going to Amazon's Route53. Then they man-in-the-middled all traffic for MyEtherWallet to their own phishing site to trick users into giving their private keys. Cloudflare explains more on the BGP leak here.
They're a bit odd in my eyes, but there you go. You've got self-destruction emails, password-lockable emails, and the ability to restrict forwarding, downloading or printing.
One of the fixes tackles the QR code spoofing bug that made some news the last few weeks.
Autofill is a feature that third-party website can integrate to allows users to quickly fill forms with a single click. This researcher discovered however that any site can trick that feature to activate and as such receive personal information from those visitors. It was disclosed to LinkedIn and fixed.
Their framework gets used quite a lot as a blueprint for securing critical infrastructure, and also serves as inspiration for large and small enterprises. Direct link here.
A lot of people found e-mails sent by them, to them, in their Gmail folders, making them to think their account was hacked. It turns out it's a nifty, but 'regular' spam trick, no accounts were compromised.
Altaba, the parts of Yahoo that Verizon didn't buy, was charged with failing to disclose the massive 2014 cybersecurity and has agreed to pay up. At the same time, one of the four hackers arrested for that breach might receive eight years in prison.
It allows a website to enable a setting where their cookies are never forwarded at the request of another site, essentially stopping CSRF attacks. Chrome has this feature too, others are still to follow. This post from Scott Helme explains it well.
Yet another tale of the glorious world of electronic health implants. Belgian researchers showed the possibility of hacking neurostimulators, which are used to treat Parkinson symptoms.
Very good read on how the author handles internal security training at PagerDuty for non-engineering teams.
From the creator of other Mac security tools, like OverSight and Ransomwhere, comes Do Not Disturb. An interesting app that notifies you when the lid of your Macbook is opened. You can find it here.