IBM warns banks and corporate officers of a change to the dangerous Dyre banking Trojan that involves the phone scam used to bypass fraud detection, and a DDoS attack that distracts security teams away from big-money transfers.
Dennis Fisher and Mike Mimoso talk about Google’s decision to drop Chinese CA CNNIC from Chrome’s trust store, the scope of the malvertising threat and Verizon’s super cookie use.
Auditors performing a cryptanalysis of TrueCrypt found four vulnerabilities, but zero backdoors in the popular open source encryption software.
Google’s first Android Security Report puts some hard data behind the effectiveness of the security enhancements it has put into the OS.
A Russian security researcher discovered that he could delete any video on YouTube by sending a simple POST request in YouTube’s Creator Studio.
UPDATE–Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were misused. Mozilla followed suit on Thursday, also removing CNNIC from its trust store. Google officials announced the severe decision on Wednesday, saying that[…]
Pew Research Center survey finds that most Americans have done little or nothing to change their online behaviors nearly two years after the first NSA spying revelations emerged.
Students at St. Mary’s University in Canada released to open source a web-based threat modeling tool called Seasponge that they hope will provide an alternative to Microsoft’s free tool.
Verizon Wireless has made a change that now allows customers to opt out of the ad-targeting program that relies on the so-called supercookie identifier that was inserted into Web requests users send. The use of the identifier, known as a UIDH, drew the ire of privacy advocates and users when it was exposed last year.[…]