Just a head's up that the extensions hacking is still ongoing. Latest victims are Chrometana, Infinity New Tab, Web Paint, Social Fixer, TouchVPN and Betternet VPN. Google is adding countermeasures to Chrome that detect malicious behaviour by extensions.
It's the same group, called OurMine, that also hacked HBO's accounts recently. They claim to also have a copy of the PSN (Sony Playstation Network) database, but no evidence of that has been seen yet.
P.S.: If you want to keep track of what happens with HBO, here's a helpful timeline.
Recently a number of attacks have been spotted where DDoS attacks go from 0 to 300+ Gbps in a matter of seconds, then go off again. It shows a high level of control, and is probably used to attack multiple targets simultaneously.
That processor manages cryptographic operations, separately from the rest of iOS. No user data is at risk at this time, it just allows researchers to take a look at the processor up close to look for vulnerabilities.
The cyber warfare division used to exist as a subgroup under the 'Strategic Command' military body, but it is now upgraded to its own stand-alone Cyber Command, making the importance of it in future military operations clear.
This is for Chromebooks that are used in an enterprise context. It features compatibility with on-premise Active Directory infrastructure and more fine-grained IT and security controls.
The lock screen allows for more access (notifications, replies, etc) should you want that. Keychain is more prevalent. And more granularity of location services being forced on apps. The article doesn't include another feature, which is to tap the power button five times to disable Touch ID.
The detection algorithm has a surprisingly low false positive rate. I'm very interested to see if this evolves in to some kind of tool that any of us might use.
Two vulnerabilities were found in the Foxit PDF reader. However, they didn't want to patch because the exploits could be stopped by turning on their 'Safe Reading Mode' feature. This caused a bit of a stir, and now they have said they will fix it after all.
In a this-will-surprise-no-one study, IOActive researchers took a look at various robots that are used to work with humans or industrial equipment. They can easily be exploited in various ways, which includes causing physical harm.
This post looks at the various options for hardware-based 2fa devices, like Yubikey and HyperFido. Hackernews discussion here.
Interesting proposal for a robots.txt-like format where you can describe things like security contacts, allowed scope for security researchers, bounty payments, etc.
A nice, down to earth post that describes basic personal security practices like 2fa, hard drive encryption, password managers, etc. It's worth looking at as inspiration on what you'll teach your family next :-)