Top 10 Stories

Smart meters are 'dangerously insecure', according to researcher Netanel Rubin, with insecure encryption and known-pwned protocols - and, worryingly, attacks reach all the way to making them explode. The utility hacker and founder of Vaultra derided global governmental efforts to install the meters as reckless, saying the "dangerous" devices are a risk to all connected smart home devices. Smart meters can communicate with devices inside homes, such as air conditioners, fridges, and the like. A...

Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted authority. If a user opens Google in their browser, for example, the certificate will appear to come from Kaspersky Anti-Virus Personal Root. The problem Ormandy identified is...

It took a year from proof of concept to in-the-wild attack, but ransomware for Android-based smart TVs is now here. As one victim discovered this Christmas, figuring out how to clean such an infection can be quite difficult. Ransomware for Android phones has already been around for several years and security experts have warned in the past that it’s only a matter of time until such malicious programs start affecting smart TVs, especially since some of them...

Sensitive details of health workers employed by the US military's Special Operations Command (Socom) have been exposed in a data breach. The 11GB of data included social security numbers, names, addresses and salaries of some Socom staff. All the workers, including some with top secret clearances, were employed by subcontractor Potomac Healthcare. The company has now removed the data and said it was investigating the breach. View full story ORIGINAL SOURCE: BBC

Smart home devices, including fridges, washing machines, lightbulbs and coffee-makers may soon provide police forces across the UK with critical data, linked to criminal investigations. Authorities believe that the internet-of-things (IoT) devices could potentially be used by detectives to gather digital crime scene evidence. According to Scotland Yard's digital forensics chief Mark Stokes, IoT devices are likely to revolutionise crime-scene investigation. Detectives are being trained to identify digital footprints, which may help track events, in turn allowing authorities to...

WikiLeaks took to Twitter to hint at potential massive leaks in 2017. The whistleblowing site is believed to have played a key role in the 2016 US presidential elections. WikiLeaks' email dumps, which reportedly came from hacked emails of Clinton campaign chief John Podesta, as well as the emails from the Democratic National Congress (DNC), are widely considered to have delivered a major blow to the Clinton campaign and the Democratic Party. WikiLeaks' tweet reads: "If you thought 2016 was...

Hackers claiming to be a part of the notorious international hacktivist group Anonymous have defaced Victoria's Human Rights Commission website with a lengthy message about its social network AnonPlus. The Guardian reports that the organisation's website and pages were replaced with a message regarding its social network called AnonPlus, claiming they are "non-criminal" and only the "home page was chanced." It also claimed that no data was affected, stolen or deleted in the breach. View full story ORIGINAL...

Russian hackers have not penetrated America's electricity grid, in spite of an end-of-year media flurry saying they did. The story was triggered because an anonymous source told the Washington Post miscreants had infiltrated the grid, when in fact – as the story was later amended to read – one Burlington Electric Department laptop was infected with Russian-attributed malware. Burlington Electric flat-out denied that its control systems were compromised. Rather, the company says in a home page statement, a single laptop was infected...

Websites using PHPMailer for forms are at risk from a critical-rated remote code execution zero day bug. Legal Hackers researcher Dawid Golunski found the vulnerability (CVE-2016-10074) in the much-used library, found in the world's most popular content management systems and addons. The bug also affects the Zend Mailer and SwiftMailer . A patch was issued for the vulnerability but it can be bypassed, Golunski says, reopening the avenue for attack. View full story ORIGINAL SOURCE: The Register

The company behind many sports and other trading cards, Topps, has disclosed a data breach. According to a notice sent to Topps customers, the company became aware of the breach in mid-October 2016, something that triggered an investigation revealing that ‘one or more intruders’ possibly stole some customer data. That data could include credit and debit card numbers, names, email addresses, and more. Potentially affected customers are those who placed an order with Topps between...