Top 10 Stories

We Live Security: Google’s Nest thermostat can be hacked in under a minute, according to a blog post and video posted by GTV Hacker. The hack, to be demonstrated in public at this year’s Def Con conference in August, would allow attackers complete control over the device and access to the user’s home network. Nest, purchased by Google for $3.2 billion, is a “smart” thermostat which can be controlled via smartphone app, and which can connect to other devices...

Security Magazine: With an estimated viewing audience of over 3.2 billion globally (roughly 50 percent of the world’s population), not only does the 2014 World Cup provide that shared experience, it draws a large amount of viewers to television screens around the world and a fair amount of advertisers as well. Given all of this rich history and fervor, it’s no surprise that this makes a great venue for idealistic (and perhaps nefarious) actors, such...

The Register: When Buzzfeed first began to offer the world a constant free stream of inane listicles, cat pics and funny fail GIFs, it seemed too good to be true. Yet it turns out that the world's biggest content aggregator isn't just shiny and happy – it's curious too. In fact, according to a digital marketer, Big Buzzfeed is watching us all.    

Belfast Telegraph: Criminal gangs across Northern Ireland are increasingly turning to their keyboards and rural areas to make millions of pounds. The gangs, many of which are strongly linked to republican and loyalist paramilitaries, have switched their attention to lower-risk but highly lucrative crimes, according to an annual report.    

Infosecurity: The UK’s police forces could do much better in terms of their compliance with the Data Protection Act, according to a new report from watchdog the Information Commissioner’s Office (ICO). The ICO audited 17 police forces from April 2013 to April 2014, rating them in three of six scope areas as “high”, “reasonable”, “limited” or “very limited”.  

IT Security Guru: More focus should be placed upon the techniques and ecosystem used to compromise businesses by attackers than why they are attacking in the first place. Speaking in the opening keynote at the OWASP conference, Jacob West, CTO of HP Enterprise Security Products, said that in the last decade we have seen security become an accepted key requirement of software, not one that is sprinkled around, but this has left the industry on a downward...

Reuters: Police can order an accused criminal to decrypt his computer without violating his constitutional right against self-incrimination, Massachusetts' top court said on Wednesday. In the latest U.S. ruling on the contentious issue, the 5-2 ruling by the Massachusetts Supreme Judicial Court reverses a lower court’s finding that police could not force Leon Gelfgatt, charged with mortgage fraud, to decrypt four computers seized in an investigation, since doing so would violate his Fifth Amendment right.  

F-Secure: During the past year, we've been keeping a close eye on the Havex malware family and the group behind it. Havex is known to be used in targeted attacks against different industry sectors, and it was earlier reported to have specific interest in the energy sector. The main components of Havex are a general purpose Remote Access Trojan (RAT) and a server written in PHP. The name "Havex" is clearly visible in the server source code:...

Dark Reading: PayPal has temporarily disabled two-factor authentication for its mobile apps while it works on a patch for a newly discovered flaw that bypasses the security feature. Independent researcher Dan Saltman in March reported to PayPal that he had discovered a way to bypass two-factor authentication in Apple iOS, but after getting no response from PayPal, Saltman in April went to friends at mobile security firm Duo Security to help him reproduce the security...

Computer Weekly: Wearable technology is creating new privacy headaches for employers, a leading law firm has warned. Technologies such as Google Glass and smart watches are gradually making their way into the workplace. But the intrusive nature of these devices, which could be used by employees to take clandestine photographs or videos, are ringing alarm bells among some employers.