Top 10 Stories

Google could be forced to pay £2.7bn in compensation after it was accused of selling the data of more than five million iPhone users without their consent. A class action has been launched against the search engine giant over claims it harvested the browsing histories of users of Apple's device by using an algorithm bypassing the default privacy settings on the iPhone. This released data from default browser, Safari and is known as the 'Safari...

Facebook, the world's largest social network, has confirmed that it is attempting to "catch suspicious activity" by making users upload selfies to help prove they are real humans. A screenshot widely-shared across Twitter suggested the platform was now using a new checkpoint system in place of the traditional "captcha" verification process. "Facebook is now locking users out of account features, then demanding that those users 'verify' their account to get back in by scanning an image of their face,"...

UK shipping giant Clarksons confirmed that it was hit by hackers, who appear to have been successful in stealing sensitive and confidential corporate data. The firm said that it suspects that the hackers may soon leak the stolen data, likely in retaliation to the company refusing to meet the cybercriminals' ransom demand. Clarksons said that the hackers had managed to access the company's computer systems by compromising a "single and isolated user account," which has since been disabled. The...

New Ursnif variants being tested in the wild are using redirection attacks to target Australian banks and malicious TLS callback techniques to achieve process injection.  The malware is based on the same code as the original Ursnif trojan, aka Gozi ISFB, but features modifications to the code injection level and to attack tactics, IBM Executive Security Advisor Limor Kessem said in a Nov. 28 blog post. View full story ORIGINAL SOURCE:

A study of 90 cryptocurrency mobile applications available on Google Play found that 90 percent of them contain security vulnerabilities or privacy risks. Web security company High-Tech Bridge conducted the research, using dynamic, static, and interactive testing to search mobile apps for weaknesses, including the top ten mobile flaws listed by the Open Web Application Security Project (OWASP). View full story ORIGINAL SOURCE: SC Magazine

The number of reported software flaws took off in 2017 and is on track for a record-breaking year, according to two organizations that track vulnerability disclosures. The National Vulnerability Database, managed by the U.S. National Institute of Standards and Technology, has documented more than 13,400 vulnerabilities so far this year, more than double the database logged in all of 2016. View full story ORIGINAL SOURCE: eWeek

A vulnerability in the free, open source electronic medical record and medical practice management software OpenEMR can be exploited to steal patients’ medical records and other personally identifiable information, Risk Based Security warns. View full story ORIGINAL SOURCE: Help Net Security

In a bid to keep up with the times, the CIA began cloud adoption in 2013 by leveraging Amazon Web Services (AWS) and today are currently "overachieving" where the cloud is concerned. View Full Story ORIGINAL SOURCE: ZDNet

Footage has emerged of burglars stealing a Mercedes from the owners driveway within a matter of minutes after the thieves used a relay box to transfer the signal from the transmission key, which was inside the house, to unlock the car. View Full Story ORIGINAL SOURCE: The Mirror

Security researchers have brought to light a Microsoft Office flaw that existed for 17 years was being exploited by hackers who were delivering malware that had the capabilities of commanding infected systems. View Full Story ORIGINAL SOURCE: IBTimes UK