Top 10 Stories

Search Security: Add psychology to the long list of topics CISOs must know in order to secure their organizations. According to one Gartner Inc. analyst, unless security leaders know the right techniques to get inside users' heads, they'll never be able to eliminate bad security behaviors. Speaking to attendees about user security strategies this week at the 2014 Gartner Security & Risk Management Summit, Research Vice President Andrew Walls said many organizations fail in their efforts to improve...

In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company’s recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software. Last week, Microsoft sent the following notice to IT professionals and others who have signed up to receive email notices of security updates:

Tripwire: Bugcrowd, the innovator in crowdsourced security testing, has announced the public availability of the company’s Flex Bounty security testing program, allowing any company to leverage Bugcrowd’s worldwide network of over 9,500 security researchers for customized bug bounty programs. “Flex bounties are the best way for organizations to dip their toes into the bug bounty pool, and they allow organizations to take advantage of crowdsourcing with a fixed budget and a fixed timeline,” said Jonathan...

The Verge: The National Security Agency has posted its first full transparency report. Posted on the official agency Tumblr, the report breaks out the total number of orders for 2013, broken out into FISA orders, National Security Letters, and government requests for business records. The office of the Director of National Intelligence said the report was part of a larger push for transparency within the agency, and would continue in the future. "We are releasing information related...

Arstechnica: Researchers have warned of a vulnerability present on an estimated 86 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. The vulnerability resides in the Android KeyStore, a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM...

Venture Beat: An incredibly complex malware virus masquerading as a legitimate ad network and traced to Australia has infected thousands of computers by directing people clicking on the sites to malicious ones. Once you click on the sites, the malware, sequestered in a Flash or Adobe Reader file, then encrypts all the files on your machine. “The only way to decrypt your files is to pay a ransom. When you pay it, you’re given a key that decrypts...

Reuters:Fledging cooperation between the United States andChina on fighting cyber crime has ground to a halt since the recent U.S. indictment of Chinese military officials on hacking charges, a senior U.S. security official said on Thursday.  At the same time, there has been no decline in Chinese hackers' efforts to break into U.S. networks, the official said.  

Gigaom:Not content to remake the server, Facebook’s engineers have taken on the humble switch, building their own version of the networking box and the software to go with it. The resulting switch, dubbed Wedge, and the software called FBOSS will be provided to the Open Compute Foundation as an open source design for others to emulate. Facebook is already testing it with production traffic in its data centers.  

AV Club: Scientists at Facebook have published a paper showing that they manipulated the content seen by more than 600,000 users in an attempt to determine whether this would affect their emotional state. The paper, “Experimental evidence of massive-scale emotional contagion through social networks,” was published inThe Proceedings Of The National Academy Of Sciences. It shows how Facebook data scientists tweaked the algorithm that determines which posts appear on users’ news feeds—specifically, researchers skewed the number of positive or negative...

PC World: Malicious software that swaps itself for legitimate online banking applications is striking users in South Korea, with thousands of devices infected in the last week, according to a Chinese mobile security company. Cheetah Mobile, formerly known as Kingsoft Internet Security Software, wrote that the banking malware masquerades as a popular game or tool on third-party Android application markets.