When logging in to a Microsoft account you'll get a prompt on your mobile device. No password is needed, you just need to tap 'Approve'.
A rather old-school attack resurfaced where phishing sites seem to be on a valid and secured domain, like apple.com, but actually the domain name is a set of Unicode characters that just look a lot like our regular alphabet.
For a more elaborate explanation of the PunyCode mechanism that the article mentions and how browsers fight it off, check out this blogpost from Sophos.
Akamai has released an advisory on a new type of amplification DDOS attacks, based on Connectionless LDAP. Their original report can be found here.
It turns out that the siren hack in Dallas wasn't a network-based intrusion, but rather a spoof of radio signals used to control the alarm system.
Interesting article on a yearly 'tournament', where students of various military academies need to defend their network against experienced hackers.
Researchers have released their findings on creating a set of 'master keys' for fingerprints, based on the fact that we often only need partial fingerprints to authenticate successfully.
Microsoft continues on its crusade for a 'digital Geneva convention' to regulate cyber warfare. It published three documents outlining the rules and framework.
Prisoners built two PCs from parts, hid them in ceiling, connected to the state's network and did cybershenanigans
Built from spare parts of a computer recycling program, some Ohio inmates built a couple of hidden computers to go online with and perform various acts of mischief.
Rather embarrassingly, the LinkedIn page of McAfee was hacked this week. Turns out someone re-used their password, and didn't enable two-factor authentication.
A well written technical article by O'Reilly on what HSTS is and why it is useful from a security and performance perspective.