Top 10 Stories

Google has revealed its emergency patching efforts to fix a widespread and “pernicious” software vulnerability that affected thousands of open source projects in 2015. View full story Original source: Naked Security

Cyber4Sight has analyzed the malware distributed via the compromised Polish Financial Supervision Authority webpage and used in targeted attacks against a number of large banks and telecommunication companies. Cyber4Sight has identified a potential link to Russian developers, although this could easily be a false flag,  and has created detection logic in the form of YARA rules for known and potentially new but related samples of the malware. Finally, although some researchers have claimed a connection between...

In an unmistakeable about-face -- and a victory for common sense -- Windows 10 will no longer automatically take control of your computer, and flip the reset switch, at the worst moments imaginable. View full story Original source: CNet

WikiLeaks released access to its hugely hyped Vault 7 on Tuesday morning, an hour earlier than anticipated. The passphrase was supposed to be released at 9 a.m. Eastern, but WikiLeaks released it an hour early at 8 a.m. instead, when it was originally scheduled to have a press conference about the release. It turns out that Vault 7 is about a global hacking program being covertly operated by the CIA. Today’s release was just the first...

According to the 'Accenture Security Index', only 34 per cent of the organisation has the ability required to monitor for threats to critical parts of their businesses. View full story ORIGINAL SOURCE: Indian Express

Google said it had given Microsoft 90 days to fix the issue and, as it hadn't, the Chocolate Factory went public with both the flaw and a proof-of-concept exploit. Now Slovenia-based Arcos Security says it's managed to produce a patch and has released it, via its 0patch tool, for those who want to give it a try. View full story ORIGINAL SOURCE: The Register

A quartet of Kaspersky researchers say the “StoneDrill” malware sits in a victim's browser, and wipes any physical or logical path accessible with the target user's privileges. View full story ORIGINAL SOURCE: The Register

More than two in five (43%) businesses who were victim to a distributed denial of service (DDoS) attack on their IT system believe their competitors were behind it. View full story ORIGINAL SOURCE: Networks Asia

Bug hunters, rejoice: both Google and Microsoft have announced a considerable increase of the amount they will pay out for information about bugs in their products. View full story ORIGINAL SOURCE: Help Net Security

Investors in the cloudy app security biz Veracode are going to be celebrating after CA Technologies agreed to buy it up for $614m in cash. View full story Original source: The Register