Security Alerts & News
by Tymoteusz A. Góral

#101 Azure Stack, Microsoft’s on-premises cloud service, is now available as a preview
Microsoft today released a preview of Azure Stack, a version of the Azure services and infrastructure that you can run in your own datacenters.
#100 Google tells the FCC its secret airborne network is nothing to worry about
In an FCC filing, Google has told the US government that it believes its secret airborne network won't interfere with any existing networks and won't harm any people or animals. Google has been hoping to perform a "two-year nationwide test" of the network and recently addressed some concerns people had raised about it.
#99 Video: PulseSecure VP says multi-factor authentication won't kill the password
In an interview with ZDNet, Pulse Secure VP of Strategy Kevin Sapp talks about balancing security risks and user access to protect networks.
#98 NSA, GCHQ used open source software to spy on Israeli, Syrian drones
Documents provided to The Intercept by National Security Agency whistleblower Edward Snowden show new evidence of a long-running surveillance campaign against drones flown by the Israelis, Syrians, and other nations in the region. The operation by the United Kingdom's Government Communications Headquarters (GCHQ) signals intelligence organization, with the assistance of the NSA, intercepted scrambled analog video feeds from remotely piloted aircraft and tracked the movement of drones.
#97 HSBC fights off DoS attack on its internet banking systems
HSBC has confirmed that it fought off a denial of service attack on its internet banking systems this morning.

A spokesperson for HSBC said: HSBC internet banking came under a denial of service attack this morning, which affected personal banking websites in the UK.
#96 Android bugs made up 10 percent of Google's $2m bounty payouts - in just five months
Google paid out over $2m to security researchers last year for reporting flaws in Google products, of which $200,000 went on bugs in Android in just five months.
#95 CenterPOS: An Evolving POS Threat
There has been no shortage of point-of-sale (POS) threats in the past couple of years. This type of malicious software has gained widespread notoriety in recent time due to its use in high-profile breaches, some of which involved well-known brick and mortar retailers and led to the compromise of millions of payment cards. Our investigation into these threats has led to the analysis of a relatively newer POS malware known as CenterPOS.
#94 Kaspersky DDoS Intelligence Report for Q4 2015
Of all the Q4 2015 events in the world of DDoS attacks and the tools used to launch them, we picked out those that, in our opinion, best illustrate the main trends behind the evolution of these threats.
#93 Mozilla Firefox 44 update fixes critical vulnerabilities
In an advisory posted Tuesday, the tech giant said the latest incarnation of the Firefox browser, version 44, includes fixes for a total of 12 security bugs.

Three of the flaws are deemed critical, two are high-risk, six have a "moderate" security risk and one is considered a minor issue.
#92 LG closes data-theft hole affecting millions of G3 smartphones
LG is closing a security hole that makes it possible for attackers to steal chat histories and other sensitive data stored on an estimated 10 million G3 phones.
#91 Putting the spotlight on firmware malware
Firmware malware has been a hot topic ever since Snowden's leaks revealed NSA's efforts to infect BIOS firmware. However, BIOS malware is no longer something exclusive to the NSA, Lenovo's Service Engine or Hacking Team's UEFI rootkit are examples of why the security industry should put some focus on this strain of badness.
#90 Huawei upgrading Danish cable broadband network to 1Gbps by 2017
Chinese technology giant Huawei has announced that it will be upgrading Denmark's fixed broadband network to deliver download speeds of up to 1 gigabit per second by the end of 2017 thanks to a deal signed with Tele Danmark Communications (TDC).

Under the deal, Denmark will become the first nation to upgrade a broadband network in its entirety to Giga Coax technology, with the upgrade to begin in June 2016.
#89 High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic
Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels.

While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met.
#88 Microsoft Edge InPrivate mode may not be as private as you thought
It seems like the browser’s InPrivate browsing feature may not be as ‘private’ as we’re lead to believe. Researcher Ashish Singh discovered that users' full browsing history was being stored on their hard drives, noting that “even the private browsing isn’t as private as it seems” in his report, published on Forensic Focus. He added that "websites visited in private mode are also stored in the browser’s WebCache file.”
#86 Android security: Samsung plugs six OS and seven Galaxy-specific bugs
Following Google's monthly fixes for its own Nexus devices in early January, Samsung has now disclosed details of the bugs it will be patching to remedy vulnerabilities in its flagship hardware. The update contains a blend of bugs in Google's update and others that Samsung has addressed independently.
#85 Google Chrome gets ready to mark all HTTP sites as 'bad'
Google's push for all websites to be HTTPS has so far been all carrot. But the company is now using its big stick: a large red cross through every website that doesn't offer an encrypted connection.
#84 Tails 2.0 is out
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.

It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.
#83 Hot or Not? The Benefits and Risks of iOS Remote Hot Patching
FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem.
#82 Apple Safari crashes: Mystery bug floors browser on iOS and Macs
The mystery bug surfaced on Wednesday with multiple reports on Reddit, Twitter and Apple's support pages of Safari crashing when the address bar is used to search.
#81 Android ransomware variant uses clickjacking to become device administrator
Symantec has found an Android ransomware variant (Android.Lockdroid.E) that uses new tactics, involving a fake package installation, to trick users into giving the malware device administrator rights. As well as encrypting files found on the compromised device, if administrator rights are obtained, the malware can lock the device, change the device PIN, and even delete all user data through a factory reset.
#80 Java browser plugin to be sent to death row in September
Oracle has announced that the days of the Java browser plugin are numbered, with its deprecation set for the upcoming Java Development Kit 9 release and its removal slated for a future release.
#79 Windows exploitation in 2015 (PDF)
New security features in Google Chrome and Microsoft Edge, information about
Hacking Team exploits, and new features of Microsoft's Enhanced Mitigation Experience Toolkit (EMET)
#78 The best antivirus software for Windows Client Business User (TEST)
#77 Moment of truth: Feds must say if they used backdoored Juniper firewalls
Congressional oversight leaders are requiring most federal agencies to audit their networks to see if they use Juniper-manufactured firewalls that for four years contained an unauthorized backdoor for eavesdropping on encrypted communications.
#76 Privilege Escalation (SYSTEM) via Dolby’s DAX2_API Service (Windows 10)
Dolby’s DAX2 API ships with insecure file permissions giving the ability to get SYSTEM on (in this case), Windows 10 on a Lenovo Thinkpad.
#75 Amazon’s customer service backdoor
The attacker gave Amazon fake details from a whois query, and got real address and phone number in exchange. Now they had enough to bounce around a few services, even convincing a bank to issue them a new copy of Credit Card.
#74 Israel's electric grid targeted by malware, energy minister says
Israel's Minister of Infrastructure, Energy and Water, Yuval Steinitz, told CyberTech 2016 attendees on Tuesday that the country's Public Utility Authority had been targeted by malware, and that some systems were still not working properly. "Yesterday we identified one of the largest cyber attacks that we have experienced," Steinitz said.
#73 Secret SSH backdoor in Fortinet hardware found in more products
A recently identified backdoor in hardware sold by security company Fortinet has been found in several new products, many that were running current software, the company warned this week. The undocumented account with a hard-coded password came to light last week when attack code exploiting the backdoor was posted online.
#72 PayPal Remote Code Execution Vulnerability
In December of 2015 a critical vulnerability has been found in one of PayPal business websites ( that allowed to execute arbitrary shell commands on PayPal web servers via unsafe JAVA object deserialization and get access to production databases. The bug was immediately reported to PayPal security team and it was quickly fixed after that.
#71 Skype Now Hides Your Internet Address
“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users,” Microsoft’s Skype team wrote in a blog post about the latest version, v. for most users. “This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address.”
#70 Bug in Magento puts millions of e-commerce sites at risk of takeover
The stored cross-site scripting (XSS) bug is present in virtually all versions of Magento Community Edition and Enterprise Edition prior to and, respectively, according to researchers from Sucuri, the website security firm that discovered and privately reported the vulnerability.
#69 Apple Can Still See Your iMessages If You Enable iCloud
It turns out the privacy benefits Apple likes to talk about (and the FBI likes to complain about) basically disappear when iCloud Backup is enabled. Your messages, photos and whatnot are still protected while on your device and encrypted end-to-end while in transit. But you're also telling your device to CC Apple on everything. Those copies are encrypted on iCloud using a key controlled by Apple, not you, allowing the company (and thus anyone who gets access to your account) to see their content
#68 Now California state wants to ban sale of encrypted smartphones
California assembly member Jim Cooper (D-9th) introduced the legislation -- bill 1681 -- which requires any smartphone manufactured "on or after January 1, 2017, and sold in California after that date" to be "capable of being decrypted and unlocked by its manufacturer or its operating system provider."
#67 Anti - Virus Comparative - Summary Report 2015 (PDF)
At the end of every year, AV-Comparatives released a summary report to comment on the various anti-virus products tested over the year, and to highlight the high-scoring products of the various tests that took place over the course of the year.
#66 TeslaCrypt flaw opens the door to free file decryption
Security researcher Lawrence Abrams explained in a blog post this week that a number of former victims and researchers have been working together for the past month to exploit a flaw in TeslaCrypt's encryption key storage algorithm. While this was kept quiet to prevent the malware's creator catching on and patching the flaw, now TeslaCrypt 3.0 has been released, the group have decided to release their findings.
#65 New Magic Ransomware developed from open source EDA2 Ransomware
A new ransomware dubbed the Magic Ransomware has been discovered that encrypts your data using AES encryption, adds the .magic extension to encrypted files, and then demands 1 bitcoin to get the data back. This ransomware is created in C# and when decompiled quickly become apparent that it is almost an exact copy of the open-source ransomware called eda2.
#64 Tor Project raises over $200,000 in attempt to “diversify” its funding
As a result of its recent crowdfunding campaign, the Tor Project announced Thursday that it had raised over $200,000 from more than 5,000 individuals over nearly two months.
#63 Risk Assessment / Security & Hacktivism Internet of Things security is so bad, there’s a search engine for sleeping kids
The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.
#62 Facebook Now the Subject of New Malware Attack
Researchers at the Threat Research Lab have identified a phishing campaign targeted at businesses and consumers who use Facebook – most likely designed by the same cyber criminals who developed the WhatsApp malware.
#61 FBI May Have Hacked Innocent TorMail Users
Researchers suspected the agency had also deployed a network investigative technique (NIT)—the FBI's term for a hacking tool—to infect users of the site. Now, confirmation of that hacking campaign has come about buried in a Washington Post report on the FBI's recent NIT usage.
#60 Media devices sold to feds have hidden backdoor with sniffing functions
A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers said.
#59 Cisco fixes critical flaws in digital encoder, unified computing manager and security appliance
Cisco Systems has released software updates to fix critical issues that could allow attackers to compromise digital encoders, unified computing system management servers and Firepower 9000 series security appliances.
#58 Oracle Critical Patch Update Advisory - January 2016
A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities.
#57 Operation Emmental Revisited: Malicious Apps Lock Users Out
Imagine getting a notification from your bank, asking for your cooperation in installing an updated version of their mobile app. After downloading the app, it asks for administrator privileges. The notification you received said it would indeed prompt the question and so you allowed it. You try the app out and it works fine. You were even able to do a transaction without a hitch.
#56 Dridex Launches Dyre-Like Attacks in UK, Intensifies Focus on Business Accounts
IBM X-Force researchers have been following new developments in the Dridex Trojan’s attack methodologies. In their latest alert, researchers divulged a new modus operandi launched by Evil Corp, the cybercrime group that owns and operates the Dridex banking Trojan.
#55 List of Sec talks/videos
A curated list of awesome Security talks
#54 Introducing the Security Survival Guide for Growing Businesses
A growing business today would have to be operating out of a cave on Mars not to realize the importance of information security. Attackers don't discriminate by company size, so it would be foolish to brush aside the importance of protection.
#53 The Asacub Trojan: from spyware to banking malware
The most recent versions of Asacub – detected in September 2015 or later – have functionality that is more focused on stealing banking information than earlier versions. While earlier versions only used a bank logo in an icon, in the more recent versions we found several phishing screens with bank logos.
#52 Shared Cookie Stores Bug Fixed in iOS 9.2.1
The new vulnerability identified by Skycure involves the way iOS handles Cookie Stores when dealing with Captive Portals. When iOS users connect to a captive-enabled network (commonly used in most of the free and paid Wi-Fi networks at hotels, airports, cafes, etc.), a window is shown automatically on users’ screens, allowing them to use an embedded browser to log in to the network via an HTTP interface. As part of Skycure’s continuous research on network-based attacks against mobile devices, we
#51 Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets).
#50 Major security flaw found in Intel driver software
The company has advised those who use the Intel Driver Update Utility to download an updated version of the software, which mitigates a vulnerability in how the software requests new drivers from Intel's servers.
#49 Which countries have the worst data retention laws?
Over the last two years it has become apparent that many influential governments, including those in Australia, the UK, the US, Russia, and others, have brought in measures to retain data on a mass scale.
#48 Facebook Android App Update Makes It Easier to Connect Through Tor
Facebook, a company based on publicly sharing details about yourself, continues to make it easier for users to maintain some privacy when they visit the site. On Tuesday, Facebook announced additional support for using the Tor anonymity network with the Android version of its app.
#47 About the OS X El Capitan v10.11.3 Update
The OS X El Capitan v10.11.3 Update improves the stability, compatibility, and security of your Mac, and is recommended for all users.
#46 These are the 25 worst passwords of 2015
There’s one good thing that comes out of all those website breaches every year: Security researchers get to comb through all those lists of usernames and passwords to remind us just how bad most of our passwords are.
#45 Linux bug imperils tens of millions of PCs, servers, and Android phones
For almost three years, millions of servers and smaller devices running Linux have been vulnerable to attacks that allow an unprivileged app or user to gain nearly unfettered root access. Major Linux distributors are expected to fix the privilege escalation bug this week, but the difficulty of releasing updates for Android handsets and embedded devices means many people may remain susceptible for months or years.
#44 Targeted Mobile Implants in the Age of Cyber-Espionage
Android-based phones are more affordable and, consequently, more popular worldwide. That is why threat actors responsible for targeted attacks have Android phones as their #1 priority and have developed implants for this operating system in particular.
#43 'Teens' Who Hacked CIA Director Also Hit White House Official
This time, the victim is President Barack Obama’s senior advisor on science and technology John Holdren, Motherboard has learned. One of the cybercriminals linked to the group that hacked Brennan broke into Holdren’s home telephone and email account and set it so that all the calls would get forwarded to the Free Palestine Movement.
#42 Apple asked widow for court order when she sought late husband’s password
A woman whose husband died has spent months trying to gain access to his Apple account, according to a Canadian Broadcasting Corporation report today. Apple initially told the woman that she would have to provide a will and death certificate, but once she provided those documents the company reportedly asked for something else—a court order.
#41 Encryption backdoors by law? France says 'non'
A proposed amendment to France's Digital Republic Bill, suggesting mandatory hardware backdoors to bypass encryption, has been rejected by the government.
#40 Ukraine blames Russia for cyber-attack on airport
The Ukrainian government said that Russia is behind cyber-attacks that have left its largest airport infected with the Black Energy malware.
#39 LastPass Phishing Attack Lets Hackers Get All Your Passwords
Using a new phishing attack developed by security researcher Sean Cassidy, attackers could gain access to all passwords stored by a user of LastPass, including accounts protected by strong security measures like two-factor authentication.
#38 Hyatt Card Breach Hit 250 Hotels in 50 Nations
If you stayed, ate or played at a Hyatt hotel between Aug. 13 and Dec. 8, 2015, there’s a good chance your credit or debit card data was stolen by unknown cyber thieves who infiltrated many of the hotel chain’s payment systems.
#37 How malware developers could bypass Mac’s Gatekeeper without really trying
In September, Ars reported a drop-dead simple exploit that completely bypassed an OS X security feature known as Gatekeeper. Apple shipped a fix, but now the security researcher who discovered the original vulnerability said he found an equally obvious work-around.
#36 Waledac takes pot shot with pump and dump stock spam
In a recent analysis of Waledac (W32.Waledac) activity, Symantec observed a pump and dump stock spam campaign that potentially led to a 100 percent gain in the targeted stock price. The targeted stock in this case was Indie Growers Association (stock symbol: UPOT), a company linked to the cultivation of marijuana and carefully chosen for its historical skyrocketing stock price.
#35 A Case of Too Much Information: Ransomware Code Shared Publicly for “Educational Purposes”, Used Maliciously Anyway
In mid-August 2015, in an attempt to educate people, Turkish security group Otku Sen published an open source code for ransomware dubbed “Hidden Tear” and made it available for everyone at github. Hidden Tear uses AES encryption and can evade common AV platforms because it’s a new malware. Otku Sen also published a short video demonstrating how ransomware worked.
#34 Cisco patched critical bugs; would allow device takeover
Cisco patched multiple vulnerabilities affecting its wireless LAN Controller software, Identity Services Engine software, and Aironet access points. Two of the vulnerabilities are considered critical – including a bug that the United States Computer Emergency Readiness Team (US-CERT) warned could be exploited by a remote attacker to take over devices and an access point hardcoded password.
#33 Ransomware a Threat to Cloud Services, Too
Ransomware — malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.
#32 Bug that can leak crypto keys just fixed in widely used OpenSSH
A critical bug that can leak secret cryptographic keys has just just been fixed in OpenSSH, one of the more widely used implementations of the secure shell (SSH) protocol.
#31 NETFLIX: Evolving Proxy Detection as a Global Service
David Fullagar, Vice President of Content Delivery Architecture at Netflix says: We will continue to respect and enforce content licensing by geographic location.
#30 Hack turns cheap D-Link webcam into a network backdoor
US security firm Vectra Networks has hacked a ‘tiny' D-Link web camera and turned it into a persistent backdoor into corporate networks.
#29 US Intelligence director’s personal e-mail, phone hacked
The same individual or group claiming to be behind a recent breach of the personal e-mail account of CIA Director John Brennan now claims to be behind the hijacking of the accounts of Director of National Intelligence James Clapper.
#28 Think, Learn, Act – Training for aspiring cyber criminals in the Brazilian underground
Various kinds of cybrecrime training courses and how-to guides are available online. For a relatively small fee, anyone can learn how to commit fraud and become a criminal.
#27 Android.Bankosy: All ears on voice call-based 2FA
An information stealing Android threat (detected by Symantec as Android.Bankosy) added functionality to its code that can enable it to deceive voice call-based two-factor authorization (2FA) systems.
#26 Simple eBay security flaw exposed millions of users to spear phishing campaigns
Only after threat of public exposure has eBay patched a severe XSS security vulnerability which exposed potentially millions of users to phishing campaigns and subsequent data theft.
#25 Turkish hacker receives record 334 years in prison over data theft
Turkish national Onur Kopçak will likely spend the rest of his life behind bars for dabbling in credit card seizure and phishing campaign promotion, having landed a record 334-year prison sentence.
#24 Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears
Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company's NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet.
#23 Microsoft security bulletin summary for January 2016
Six critical vulnerabilities patched by Microsoft in January, and more.
#22 Online security conferences
Every month there are numerous cyber security conferences all around the world. Many of them post their talks on YouTube after the conference. The article lists talks from numerous security conferences. Go on, attend a free security conference from the comfort of your home or office!
#21 Researchers find two flaws in OAuth 2.0
Security researchers from the University of Trier have discovered a couple of vulnerabilities in the OAuth 2.0 authentication protocol that could enable hackers to subvert single sign-on systems. The protocol is widely used on social networking sites, such as Facebook and Google+, to authenticate users.
#20 Confirmation of a coordinated attack on the Ukrainian power grid
After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine.
#19 Trend Micro password manager had remote command execution holes and dumped data to anyone
Google's Project Zero discovered multiple trivial remote code execution vulnerabilities sitting within a password manager installed by Trend Micro as default alongside its AntiVirus product. An attacker could thereby obtain an unecnrypted dump of all stored logins and passwords.
#18 According to Akamai there were 1500 DDoS attacks in 2015 - an increase of 180%
Akamai reports that 2015 saw about 1500 DDoS attacks, an increase of 180% as compared with the previous year. However, the attacks were shorter and smaller than in the past. The average DDoS attack lasted 18 hours, which is less than the 22 hour average in 2014. Nevertheless, we can still expect attacks that last as long as a few days.
#17 GM embraces white-hat hackers with public vulnerability disclosure program
General Motors quietly flipped the switch on Detroit's first public security vulnerability disclosure program, launched in partnership with the bug bounty and disclosure portal provider HackerOne.
#16 Malvertising campaign via Pop-under Ads sends CryptoWall 4
A new malvertising campaign on the PopAds network launching the Magnitude exploit kit via pop-under ads distributes CryptoWall 4.
#15 Star Wars BB-8 IoT toy hacked
Awesome fun, but the lack of SSL for firmware upgrades allows for rougue firmware to be loaded, turning the toy to the Dark Side.
#14 Malware on the Smart TV?
A Smart TV can be equally vulnerable as any device connected to the Internet. Has the time come for firewalls on TVs?
#13 Juniper drops NSA-developed code following new backdoor revelations
Claims by Juniper in 2013 that its Netscreen encryption couldn't be subverted have been contradicted by researchers at the Real World Cryptography conference. The NetScreen line of firewalls contains unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks. As a result, Juniper said it will remove the National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping.
#12 How Nvidia breaks Chrome Incognito
A bug in Nvidia GPU drivers opens a vulnerability in Chrome's Incognito mode, allowing the contents of one application to leak into another.
#10 LastPass 4.0 gives others access to your password vault in emergencies
LastPass announced that LastPass 4.0, a password management system, has been developed with general users in mind, and offers an interesting new feature that gives access to vaults to trusted contacts in case of emergency.
#9 What about Canada, eh? – The Canadian threat landscape
Given that there are very few threat reports that focus on or cover Canada, Trend Micro delves into the threats awaiting users on the Canadaian Internet landscape.
#8 Best 6 free DNS services 2016 – boost Internet performance and security
Making use of popular and free DNS services may protect against the effects of attacks against wired and wireless routers and local operators.
#6 Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC
If you thought MD5 was banished from HTTPS encryption, you'd be wrong. It turns out that the fatally weak cryptographic hash function, along with its SHA1 cousin, are still widely used in the TLS protocol that underpins HTTPS. Researchers have devised a series of attacks that exploit the weaknesses to break or degrade key protection provided not only by HTTPS but also other encryption protocols, including IPsec and SSH.
#4 Brain Test re-emerges: 13 apps found in Google Play
The Brain Test malware family has unfortunately made a comeback on Google Play. Variants attempt to gain root privileges, and resist factory resets and other efforts to remove them, especially on rooted devices.
#3 Let’s Encrypt now being abused by malvertisers
An SSL certificate from the free and open authority Let's Encrypt has been used in a malware campaign for the first time.
#2 Time Warner Cable says 320,000 customers may have been breached
Time Warner Cable admits that the personal details of over 320,000 customers may have been leaked. However, the company said there are "no indications" its systems were breached, and pointed the finger at third-party firms that may have stored customer information.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12