Two Critical RCE Bugs Patched in Drupal 7 and 8

Drupal’s advisory also included three patches for “moderately critical" bugs.

Link: https://threatpost.com/two-critical-rce-bugs-patched-in-drupal-7-and-8/138468/

New APT Could Signal Reemergence of Notorious Comment Crew

A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew’s proprietary code.

Link: https://threatpost.com/new-apt-could-signal-reemergence-of-notorious-comment-crew/138440/

Tumblr Privacy Bug Could Have Exposed Sensitive Account Data

Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed.

Link: https://threatpost.com/tumblr-privacy-bug-could-have-exposed-sensitive-account-data/138415/

Oracle Fixes 301 Flaws in October Critical Patch Update

The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.

Link: https://threatpost.com/oracle-fixes-301-flaws-in-october-critical-patch-update/138407/

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.

Link: https://threatpost.com/libssh-authentication-bypass-makes-it-trivial-to-pwn-rafts-of-servers/138399/

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

The update also features 23 security fixes.

Link: https://threatpost.com/on-heels-of-criticism-newly-released-google-chrome-70-prioritizes-privacy/138368/

As End of Life Nears, More Than Half of Websites Still Use PHP V5

Support for PHP 5.6 drops on December 31 – but a recent report found that almost 62 percent of websites are still using version 5.

Link: https://threatpost.com/as-end-of-life-nears-more-than-half-of-websites-still-use-php-v5/138352/

Facebook Expands Efforts to Squash Voter Suppression

The social network will crack down on those spreading disinformation in an effort to keep people away from the polls.

Link: https://threatpost.com/facebook-expands-efforts-to-squash-voter-suppression/138315/

ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident

Deloitte estimates cybercrime costs to reach $6 trillion annually — but companies still lag in preparedness.

Link: https://threatpost.com/threatlist-half-of-execs-feel-unprepared-to-respond-to-a-cyber-incident/138320/

Facebook Offers Details on ‘View As’ Breach, Revises Numbers

Facebook’s VP of product management was able to discuss more specifics about how the breach itself occurred.

Link: https://threatpost.com/facebook-updates-view-as-breach-numbers-as-fbi-investigates-30-million-users-impacted-by-recent-breach/138280/