A vulnerability was found in Samba, the Linux SMB equivalent. Better patch up. The second part of this article explains nicely how the exploit is used.
This one isn't as bad as the one from a few weeks back, but still plenty important for an out-of-band update to be issued. It was found yet again by Project Zero, this time through fuzzing.
All you need is a high-res picture of the user's iris, a laser printer and a contact lens.
They call it the 'Wine of the Month Club'.
The settlement is for a data breach in 2013, affecting 110 million customers. On top of that Target has spent $202 million on legal fees and related costs. Ouch.
The researchers make use of two legitimate permissions to overlay the user screen with their own window to enable click-jacking, password stealing, etc. This video shows it in action. Google responds with a "won't fix", pointing instead to Android O.
The paper looked at pacemaker programmers, devices used to set pacemaker parameters and monitor their functions. They focused especially on those using radio frequencies for remote control.
They were called the Cron gang, after the malware they used. Quite fascinating to read how to operated.
Good example of using hacking skills in an illegal way, I'm surprised this doesn't show up more. This hacker broke into a set of press companies and looked at press releases that were going out soon. He then used this information to buy or sell stocks, making roughly $30 million.
Lastpass has added a cloud backup option for their multifactor authentication. Sophos tries to see if that makes any sense from a security point of view.
Trend Micro set up four honeypots simulating cybercrime activity. They monitored attacks by competitors, of which there were many.
An interview with Tatu Ylonen, inventor of SSH, on how the lack of care given to SSH keys poses a huge risk in pretty much every company using servers.