Researchers from IOActive have identified 10 security issues across 20 Linksys devices. Owners are advised to disable their guest network while waiting for patches. The original IOActive post can be found here.
The anti-virus application Webroot widely identified regular Windows files as malware and started to quarantine them, which hasn't quite endeared them to their customers.
Atlassian has executed a service-wide password reset for HipChat, saying that a breach might have happened due to an insecure third-party library. Passwords might have leaked, which fortunately were hashed with bcrypt.
An interesting attack on Samsung Smart TV's uses a manipulated radio signal to trigger an exploit in the built-in browser through the DVB receiver. Being radio waves, it can potentially be done on a large scale.
Interpol, together with investigators of various countries and private companies, has identified 8.800 command & control servers in South-East Asia used to host malware, launch DDOS attacks, and more. Reports were given to the proper authorities in the hopes of taking them down.
The NSA backdoor exploit called DoublePulsar, leaked by the Shadow Group recently, has been used by others to infect between 30.000 and 100.000 Windows computers. A tool was also released to disinfect a remote computer, with our without the owner's consent.
The US Air Force has launched a bug bounty program, "Hack the Air Force", following the similar programs "Hack the Army" and "Hack the Pentagon". The programs are managed by bug bounty platform HackerOne.
Facebook and Github teamed up a while ago around 'Delegated Recovery', a way to regain access to Github through your Facebook account. Facebook has now released a beta SDK to let other services try it out too.
Brian Krebs writes the backstory of Roman Seleznev, a hacker and credit card thief who just received 27 years in prison in the US, the most severe hacking-related sentence to date.
An interesting look at what the author (a bit theatrically) refers to as the 'line of death', the divide in a browser window between what the website controls and what the browser itself controls, and how it can impact user security.
A good high-level overview of which security concerns either improve or become worse by deploying code to 'serverless' infrastructure (think Ironworker, AWS Lambda).
Very interesting writeup on mistakes that developers often make with regards to crypto.