Top 10 Stories

After delaying patches in February, Microsoft today released 18 security bulletins, eight of them critical, patching vulnerabilities in server and desktop software. “This month's Patch Tuesday updates are particularly important due to the delayed release of February's planned fixes,” Greg Wiseman, Rapid7 senior security researcher, said in comments emailed to SC Media, who said the delay in February patches resulted in “more updates than usual' in March. “Included, are three separate vulnerabilities that were disclosed by external vendors over the past...

Facebook and Instagram have banned developers from using their data for surveillance with a new privacy policy that civil rights activists have long sought to curb spying by law enforcement. Following revelations last year that police departments had gained special access to the social networks to track protesters, Facebook, which owns Instagram, announced on Monday that it had updated its rules to state that developers could not “use data obtained from us to provide tools that are used for surveillance”. The...

Despite high profile breaches of user information and passwords from LinkedIn and Yahoo in recent years, many business users refuse to create passwords that offer adequate protection against cybercriminals, according to a new study from Preempt. Last year, LinkedIn revealed that email addresses and passwords of more than 164 million users were stolen in a massive hack in 2012. The company had originally reported that only 6.46 million accounts had been compromised. Preempt compared how many passwords compromised in the...

The US military has been hit with a massive data leak which freely exposed thousands of classified documents from the US Air Force to anyone on the internet. The leak reportedly contains sensitive and personal information on high-ranking and senior officials, some of whom have "top secret" security clearance and access to highly sensitive material, which is only allegedly made available via codeword-level clearance. Personal information of over 4,000 officers, including names, ranks, addresses and social security numbers...

In the latest settlement of legal claims arising out of a massive 2014 data breach at Home Depot, the retailer has agreed to pay $27.25 million to affected financial institutions. Illustrating the real-world impact of poor security practices, a two-and-a-half-year-old data breach is ultimately going to cost the DIY purveyor as much as $179 million, and possibly much more once legal fees and any other undisclosed payouts are taken into account. The 2014 incident, which is the...

SMART phones, watches, televisions, and fitness trackers could be targeted by cyber criminals seeking to hold users to ransom over their personal data, cyber security chiefs have warned. The rise of internet-connected devices gives attackers more opportunity to deploy their increasingly "aggressive" and "confrontational" tactics, says a joint report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). It highlights the huge amount of personal information on consumer gadgets which could...

Version 57 of the Google Chrome for Android, Chrome OS, Linux, Mac, and Windows is available for download, or update, using the browser's built-in update feature. View full story Original source: Bleeping Computer

The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities. View full story Original source: IT World

In the March 2017 Android Security Bulletin, Google released a patch to CVE-2017-0510, a critical severity vulnerability in Nexus 9 we discovered and responsiblity disclosed a few months ago. This vulnerability has a very unusual attack vector – headphones. By exploiting this vulnerability we managed to leak stack canaries, derandomize ASLR, conduct a factory reset, and even access HBOOT, allowing for communication with internal System-on-Chips (SoCs) View full story Original source: Aleph Security

Google’s CAPTCHA service now allows human users to pass through and access a website without seeing the “I’m not a robot” checkbox. View full story Original source: State of Security