Top 10 Stories

Softpedia: A stack buffer overflow vulnerability that has been eliminated in the KitKat edition of Android is still affecting previous versions of the mobile operating system. By exploiting this vulnerability, an attacker could gain access to important information, such as the device’s lock credentials, encrypted and decrypted master keys, data, and hardware-backed key identifiers from the memory, as well as the ability to perform crypto operations on behalf of the user.

The Hacker News: This FIFA World Cup, the security has been really going well and yet no calamitous incident reported so far, other than the security company who is responsible to keep an eye on the event’s security, itself tweeted a photograph of their state-of-the-art monitoring centre that exposed the World Cup security centre's internal Wi-Fi password to the whole world. Israel-based security firm RISCO is providing security management at the soccer stadium and very...

IT News: Fledging co-operation between the United States and China on fighting cyber crime has ground to a halt since the recent US indictment of Chinese military officials on hacking charges, a senior US security official said today. In May, the Justice Department charged five Chinese military members with hacking the systems of US companies to steal trade secrets, prompting Beijing to suspend a Sino-US working group on cyber issues. China denies the charges and has...

PC World: Google hasn't been shy in the past about its desire to kill the password, and at Google I/O, the company started throwing punches. The next version of Android will include several ways to unlock a smartphone without having to enter a PIN or lockscreen pattern, a feature dubbed "personal unlocking." If the user is wearing an Android Wear smartwatch, the phone will unlock automatically, and you'll be able to set up trusted locations,...

Arstechnica: A zero-day vulnerability in the popular TimThumb plugin for WordPress leaves many websites vulnerable to exploits that allow unauthorized attackers to execute malicious code, security researchers have warned. The vulnerability, which was disclosed Tuesday on the Full Disclosure mailing list, affects WordPress sites that have TimThumb installed with the webshot option enabled. Fortunately, it is disabled by default, and sites that are hosted on WordPress.com are also not susceptible. Still, at press time, there was...

BBC: A group of 40 UK-based tech firms has developed a way to help apps and machines communicate in a bid to spur on smart cities and smart homes. Hypercat is a new specification that effectively acts as an address book for data hubs holding information transmitted by net-connected devices.

The Register: UK consumers have lost more than £21m to "social engineering" scams where fraudsters impersonated bank employees and tech support since the beginning of the year, according to GetSafeOnline. A range of tactics including phishing emails, fraudulent phone calls asking for personal or financial information or phone calls from fraudsters impersonating computer technical support agents have been used to defraud punters. So-called voicemail phishing (or visiting) in particular is having a big impact.

Krebs on Security: The year 2014 may well go down in the history books as the year that extortion attacks went mainstream. Fueled largely by the emergence of the anonymous online currency Bitcoin, these shakedowns are blurring the lines between online and offline fraud, and giving novice computer users a crash course in modern-day cybercrime. At least four businesses recently reported receiving “Notice of Extortion” letters in the U.S. mail. The letters say the recipient has...

Reuters: The German Government has cancelled a contract with U.S. telecoms firm Verizon Communications Inc VZ.N as part of an overhaul of its internal communications, prompted by revelations last year of U.S. government spying. Reports based on disclosures by former U.S. intelligence contractor Edward Snowden alleged Washington had conducted mass surveillance in Germany and had even eavesdropped on Chancellor Angela Merkel's mobile phone.

Netcraft: An ongoing series of phishing attacks against the Steam gaming community is making effective use of look-alike domains to trick users into surrendering their usernames and passwords. The fraudsters behind these attacks then attempt to bypass Steam's two-factor authentication with a malicious executable that is deceptively named SteamGuard.exe.