When logging in to a Microsoft account you'll get a prompt on your mobile device. No password is needed, you just need to tap 'Approve'.
A rather old-school attack resurfaced where phishing sites seem to be on a valid and secured domain, like apple.com, but actually the domain name is a set of Unicode characters that just look a lot like our regular alphabet.
For a more elaborate explanation of the PunyCode mechanism that the article mentions and how browsers fight it off, check out this blogpost from Sophos.
Akamai has released an advisory on a new type of amplification DDOS attacks, based on Connectionless LDAP. Their original report can be found here.
It turns out that the siren hack in Dallas wasn't a network-based intrusion, but rather a spoof of radio signals used to control the alarm system.
Interesting article on a yearly 'tournament', where students of various military academies need to defend their network against experienced hackers.
Researchers have released their findings on creating a set of 'master keys' for fingerprints, based on the fact that we often only need partial fingerprints to authenticate successfully.
Microsoft continues on its crusade for a 'digital Geneva convention' to regulate cyber warfare. It published three documents outlining the rules and framework.
Built from spare parts of a computer recycling program, some Ohio inmates built a couple of hidden computers to go online with and perform various acts of mischief.
Rather embarrassingly, the LinkedIn page of McAfee was hacked this week. Turns out someone re-used their password, and didn't enable two-factor authentication.
A well written technical article by O'Reilly on what HSTS is and why it is useful from a security and performance perspective.