Top 10 Stories

IB Times: A new security bug has been found in OpenSSL, the cryptographic library that secures most of the internet's websites, and Yahoo is one of the of the most well-known domains known to have been compromised. Security researchers are very concerned as the bug - dubbed Heartbleed - has been around for two years and affects encryption of data sent over the internet, meaning users' passwords and other sensitive data are open to being...

  The Verge: Monday afternoon, the IT world got a very nasty wakeup call, an emergency security advisory from the OpenSSL project warning about an open bug called "Heartbleed." The bug could be used to pull a chunk of working memory from any server running their current software. There was an emergency patch, but until it was installed, tens of millions of servers were exposed. Anyone running a server was suddenly in crisis mode. If the "Heartbleed" name sounds...

Register: The NSA acted as a barrier to the rollout of encryption as standard from the very inception of the internet back in the mid 1970s. Engineers had wanted to add a network encryption layer as part of the original specifications for TCP/IP. Whitfield Diffie and Martin Hellman had published a paper on public key cryptography systems, so the kernel of a technology to make the internet secure was already there. However the algorithms that...

The Hacker News: Germany has confirmed its biggest Data theft in the country's history with usernames and passwords of some 18 million email accounts stolen and compromised by hackers. The Story broke by the German press, Der Spiegel on Thursday, when German Authorities revealed another mass hacking of private data belonged to German citizens and major Internet companies both in Germany and abroad.    

Threatpost: The maintainers of the OpenSSL library, one of the more widely deployed cryptographic libraries on the Web, have fixed a serious vulnerability that could have resulted in the revelation of 64 KB of memory to any client or server that was connected. The details of the vulnerability, fixed in version 1.0.1g of OpenSSL, are somewhat scarce.  

IT Security Guru: Businesses and Governments who have developed cyber espionage tools are turning to them for business advantage, and often require them as part of everyday business. Stephen Bonner, partner in the information protection and business resilience at KPMG, told IT Security Guru that once a rogue nation of business has built a cyber espionage tool, it becomes cost effective to use it for other things.  

Sky News: Hacking attacks which lodge child abuse images and malware on a computer user's hard drive are on the rise, it has been warned. In its annual report, the Internet Watch Foundation (IWF) said there has been a significant increase in the number of legitimate websites being compromised. First, the hackers infiltrate a site before planting the child abuse images and malware in folders on a hidden URL.  

Business Week: Hackers who raided the credit-card payment system of Neiman Marcus Group Ltd. belong to a sophisticated Russian syndicate that has stolen more than 160 million credit-card numbers from retailers over seven years, according to people with knowledge of the matter. The Russian group is well known to U.S. authorities, who have indicted several members and linked it to pillaging more than 100 companies, including Citigroup and JC Penney.  

Metasploit: US blasts Europe’s plan for anti-snooping network as ‘unfair advantage’: US officials on Friday slammed plans to construct an EU-centric communication system, designed to prevent emails and phone calls from being swept up by the NSA, warning that such a move is a violation of trade laws. Calling Europe’s proposal to build its own integrated communication system “draconian,” the office of the US Trade Representative (USTR) said American tech companies, which are worth an...

  Threatpost: Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic. The attack on the unnamed site involved the use of injected Javascript on the site which would execute in a user’s browser whenever he views a profile image that contains the Javascript. Once the code runs, it...