Top 10 Stories

Facebook has paid US$40,000 to vulnerability hunter Andrew Leonov for disclosing how the hacker gained remote code execution on its servers through the widely-reported ImageMagick flaw. Original source: The Register View full story

A sophisticated new phishing technique that composes convincing emails by analysing and mimicking past messages and attachments has been discovered by security experts. Original source: The Independent View full story

Recent versions of the Carbanak malware are now abusing several Google services to host command-and-control (C&C) infrastructure, which they use to manage infections and exfiltrate stolen data. Carbanak is the name of a financially-motivated cyber-criminal group that operates with the help of a custom-made malware family, also named Carbanak. Original source: Bleeping Computer View full story

BT has announced plans to tackle nuisance calls with a new service called BT Call Protect that could stop as many as 15 million nuisance calls a week. BT said the launch of the service has only become possible due to improvement in large processing power so that its systems can proactively divert calls before they reach a customer by recognising when a rogue number is making huge volumes of calls. Furthermore, the service will let...

POP and IMAP mailserver suite Dovecot has passed an extensive audit by hackers, who were able to find only three minor vulnerabilities. Dovecot is especially popular with service providers, so the news that four Cure53 researchers have given it a "thoroughly all-encompassing" audit and found the software to have "excellent security-standing" is welcome news. The Mozilla Mozilla Open Source Support-backed audit performed by Berlin-based Cure53 lasted 20 days and produced a report dubbing the server "near...

Mobile security experts with Intel Security (McAfee) have discovered a rash of Android apps available through the Google Play Store that were stealing Instagram credentials and uploading the data to a remote server. View full story Original source: Bleeping Computer

Advertisers are being targeted by City of London Police in a crackdown aimed at crippling websites involved in digital piracy. Many digital piracy sites are also a source of malware, viruses and click-through fraud, via malvertising scams, putting those who visit them at risk. Original source: SC Magazine UK View full story

The Rave Panic Button app, designed to allow businesses to summon emergency services, allows miscreants to easily 'swat' targets by making false reports of emergencies says security researcher Randy Westergren. The app, which has a small install base of up to 10,000 users, has shuttered the holes Westergren identified. The vulnerabilities allowed businesses to place a series of rapid 911 calls reporting active shooters, fires and other threats. Because it's aimed at businesses, the app...

A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service. Original source: The Guardian View full story

More than 1 million people from around the world have signed a petition urging President Barack Obama to pardon whistleblower Edward Snowden before he leaves office on 20 January. Original source: International Business Times UK View full story