Top 10 Stories

IB Times: Attackers can obtain access privileges and access protected data by using nothing more than knowledge of common Windows protocols, basic social engineering and readily-available software. Research by Imperva has found that data breaches which are commonly called Advanced Persistent Threats (APTs) are often achieved by relatively simple (and commonly available) means, requiring very basic technical skills.  

Al Jazeera: Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. governmentthan was implied by Silicon Valley brass after last year’s revelations about NSA spying. Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the...

Techworld: Security researchers have discovered a crude malware Trojan targeting Android smartphone users using the same ‘police ransom’ tactics that scammed large numbers PC users three years ago. Using a traffic direction system (TDS), the latest campaign directs users to different types of police ransom malware depending on the platform and browser encountered.  

Wall Street Journal: Symantec invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure. Antivirus "is dead," says Brian Dye, Symantec's senior vice president for information security. "We don't think of antivirus as a moneymaker in any way."  

  TUAW: According to Apple's own support documentation, iOS provides data protection on all devices that offer hardware encryption -- specifically the iPhone 3GS and later, all iPads, and the third-generation iPod touch and later. By adding a passcode to your device, data protection "enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode" and "provides an additional layer of protection for your email messages, attachments, and third-party applications." According to security...

Infosecurity: Yahoo has decided to abandon support for do not track (DNT) functionality, despite originally being one of its biggest fans. Beginning immediately, web browser DNT settings will no longer be enabled.   Users can still manage their privacy on the service, however – it will just be a manual process. “We encourage our users to tailor their online experience through the variety of privacy tools we offer within our own platform, accessible via our Yahoo...

  ComputerWorld: Web users and developers should take new steps to avoid surveillance by the U.S. National Security Agency and other spy organizations, a group of privacy and digital rights advocates said Monday. The 30-plus groups, including Fight for the Future, Demand Progress, Reddit, Free Press and the Libertarian Party, have set June 5 as the day to "reset the 'Net" by deploying new privacy tools. June 5 is the anniversary of the first news...

Reuters: Target Corp's decision to oust Gregg Steinhafel as chairman and chief executive some five months after a massive data breach has triggered concerns the No. 3 U.S. retailer might have even more bad news for investors. The board of directors removed Steinhafel on Monday, saying it wants new leadership to help restore consumer confidence in the No. 2 U.S. discount retailer.  

Hackread: Last year John McAfee, the founder of world renowned McAfee antivirus software had promised his followers for a new device that would defeat the NSA and protect user’s privacy. The device is not here but a solution tosurveillance has arrived in shape of a new messaging application which will keep your communications under wraps so that only the intended recipient gets to read the message.  

Geeky Shows: Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. In a Cross Site Request Forgery...