Top 10 Stories

Arstechnica: An alarming number of servers containing motherboards manufactured by Supermicro continue to expose administrator passwords despite the release of an update that patches the critical vulnerability, an advisory published Thursday warned. The threat resides in the baseboard management controller (BMC), a motherboard component that allows administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. Unpatched BMCs in Supermicro motherboards contain a binary...

Softpedia: Zuk Avraham, CEO of Zimperium mobile security startup, presented a method that would allow a cybercriminal to gain full control of a LinkedIn user’s account by using a man-in-the-middle attack that takes advantage of an SSL stripping technique.   SSL stripping consists of the attacker interposing between the user and the service they try to access and to replace HTTPS (HTTP Secure) requests with insecure HTTP ones, allowing reading of the intercepted information in...

Arstechnica: Google has a surprise for us today in the form of a new (minor) version of Android. Android 4.4.4 is rolling out to Nexus devices and is available for download on the Nexus Factory Image page. A changelog available over at Sprint lists nothing other than "security fixes."

ZDNet: The US Department of Justice has charged a man who allegedly participated in high-profile cyberattacks against corporations, universities and government agencies. In a statement released Wednesday, the DoJ said Timothy French, 20, was arrested in Tennessee last week and is being charged with "federal computer hacking for allegedly conspiring to launch cyber attacks on two universities and three companies" as part of the hacktivist collective called NullCrew.

The Register: Last year Edward Snowden leaked the NSA's Advanced Network Technology catalog, a listing of the hardware and software tools the agency makes available to agents for spying. Now enterprising security experts are using the catalog to build similar tools using available electronics. The team, led by Michael Ossmann of Great Scott Gadgets, examined the leaked catalog and found that a number of the devices the NSA developed can be very simple to recreate.

CNBC: In an audacious and sophisticated attack, cybercriminals acting in late 2013 installed a malicious computer program on the servers of a large hedge fund, crippling its high-speed trading strategy and sending information about its trades to unknown offsite computers, CNBC has learned. The attack, which was thwarted this year by technicians at BAE Systems Applied Intelligence, has not been previously disclosed. It represents a new level of intrusions against some of the world's most...

Krebs on Security: California oil company that sued its bank after being robbed of $350,000 in a 2011 cyberheist has won a settlement that effectively reimbursed the firm for the stolen funds. TRC Operating Co. Inc., an oil production firm based in Taft, Calif., had its online accounts hijacked after an account takeover that started late in the day on Friday, November 10, 2011. In the ensuing five days, the thieves would send a dozen fraudulent wires...

The Register: Microsoft's top lawyer says the fallout of the NSA spying scandal is "getting worse," and carries grim implications for US tech companies. In a speech at the GigaOm Structure conference in San Francisco on Thursday, Microsoft general counsel Brad Smith warned attendees that unless the US political establishment figures out how to rein in its spy agencies, there could be heavy repercussions for tech companies

Russia Today: The New York Police Department is teaming up with federal authorities to create a new anti-terrorism task force, but it isn’t Al-Qaeda they’re after. A new division announced on Thursday will instead aim to take down computer hackers.

Threapost:Google and Microsoft will incorporate remote kill switch features into the default builds of their respective mobile operating systems for the first time. Oddly enough, the announcement comes in a joint press release issued by New York Attorney General, Eric Schneiderman, and San Francisco District Attorney, George Gascón.