Yet another problem with Lastpass was discovered, and it's a major one, allowing passwords to be stolen by a malicious website. It was yet again discovered by Tavis Ormandy from Project Zero.
Google has publicly 'shamed' Symantec's work as a CA Root Authority, saying it has seen up to 30.000 certificates that were not properly validated. Google will take various measures to decrease the trust that Chrome gives to the CA.
Apple released a new white paper on iOS security, and this article highlights some of the things that have been added. If you want a deep dive in the white paper itself, go nuts.
Google released a detailed report on Android security, which states that they are making progress but still have a huge pile of work left to do. Especially on patching and prevention of malicious apps. The report itself can be found here.
Last week an arrest was made for a Lithuanian man who tricked two large tech companies in wiring a total of $100 million to his own accounts, by impersonating an Asian hardware manufacturer that they were both working with.
A bot was discovered that tries to find valid gift-card codes for various websites through brute force. Once validated, the attackers can use the gift cards to purchase all kinds of goods.
It turns out a lot of users of the docs.com service didn't realise that documents are public by default. Through simple searches on the website or through search engines, one can find things like passwords and medical data.
Instagram (finally) released 2fa functionality to its platform, which seems very well implemented with regards to usability.
Time to update your devices. Apple released updates that fix a total of 223 bugs across iOS, macOS, and other products. Of those bugs, 70 could lead to arbitrary code execution.
Sucuri, a provider for website security tools, has been acquired by GoDaddy.
A newly introduced bill would require publicly traded companies to disclose whether any members of the board of directors have cybersecurity experience.