The flaw was in Parity's handling of multi-sig wallets (accounts that operate under the control of multiple people). $75M more was 'stolen' out of vulnerable wallets by the good guys in order to prevent them from being stolen by the bad guys, throwing up quite a bit of controversy. This article dives into the technical details.
And while writing this issue another Ethereum hack came to light, this time of $8.4M during Veritaseum's ICO.
It's time to run your updates. iOS 10.3.3 resolves 47 flaws, including several remote code execution vulnerabilities and the previously reported BroadPwn vulnerability. MacOS, WatchOS, Safari, iTunes and iCloud also got their fill.
There was already a bug bounty project, but it was invite only. It's now open to anyone on the HackerOne platform. Bounties go up to $4.000.
Google security efforts seem to be on a roll. The article above has more details on what Google Play Protect will do, both in Android O and in older versions of Android. For example: continuously scanning apps for malicious actions, and providing a 'Find My Device' feature. Google's own landing page here.
Google also added an 'unverified app' screen when applications that haven't been verified yet are installed.
Speaking of Google, something to keep an eye on in your own company: researchers found hundreds of Google Groups misconfigured as public, showing them PII data, salary information, and more from a couple of well known companies.
A post by Talos, the Cisco security group. Last year they found three high-level vulnerabilities in Memcached. A little under a year later they find that 79% of servers weren't patched yet, and 78% don't even have authentication enabled, leaving their memcached open to all.
It's essentially a fuzzer-as-a-service platform. They're also releasing a Linux-based version.
Dark Reading writes a fun and short article on who Sabu, the 'leader' of Anonymous, was, and how he was caught.
A very technical article (to me, at least), providing a well written overview of various ways that malware can inject itself into a process.