Top 10 Stories

The Register: Facebook wasn't the first to offer security researchers bounties for reporting vulnerabilities – but the social network reports it paid out $1.5m in 2013 for bug reports, and says it is increasing the amount of cash on offer in the coming year. According to the advertising giant, it received 14,763 reports of suspected flaws last year, an increase of 246 per cent on the 2012 figure. Unfortunately for Facebook's security team there were...

Softpedia: Juniper Networks will lay off around 6% of its employees as part of the company’s integrated operating plan (IOP). Some changes are also being made to the company’s product portfolio. The decision to axe 6% of the close to 9,400 workers is expected to result in charges of around $35 million (€25 million) in the first fiscal quarter or 2014. The money represents severance and other expenses related to employee termination. Most of those who will...

Darknet: Security researches from the Polish firm Security Explorations have released a massive slew of PoC code and technical details on 30 Oracle Java Cloud Service Vulnerabilities. It seems like they had already reported them to Oracle, but weren’t happy with how things were handled, so have decided to go public with the weaknesses. They gave them a fair amount of time too, over 2 months to address the issues in the cloud data centers. As...

BBC: Internet giant Yahoo said in a blog post that all of the traffic to its data centres is now encrypted. The company said it also planned to introduce additional security to other services, including Yahoo Messenger. Last November, Yahoo chief executive Marissa Mayer announced the company's security measures in the wake of US surveillance disclosures.  

We Live Security: Next Tuesday, April 8 2014, Microsoft will release the last ever security patches for Windows XP. And if you look at the figures from Net Market Share, things aren’t looking too good. Net Market Share keeps a tally on worldwide operating system and browser usage by measuing the hits on websites and – according to them – Windows XP is still powering some 27.69% of worldwide PCs. The truth is that in much...

Krebs on Security: I recently encountered a botnet targeting Android smartphone users who bank at financial institutions in the Middle East. The crude yet remarkably effective mobile bot that powers this whole operation comes disguised as one of several online banking apps, has infected more than 2,700 phones, and has intercepted at least 28,000 text messages. The botnet — which I’ve affectionately dubbed “Sandroid” — comes bundled with Android apps made to look like mobile two-factor authentication...

  Fox Business: Federal regulators on Wednesday issued a warning to banks that an increasing number of cyber-attacks are targeting ATM machines. The attacks, which the U.S. Secret Service have classified as unlimited operations, allow fraudsters to withdraw funds beyond the cash balance in customer accounts or other limits applied to ATM withdrawals. The cyber-attacks include the use of malware installed on a bank’s network. Once ATM settings are changed, stolen PIN numbers and other...

Russia Today: A computer security instructor says he's discovered that hackers have been able to infiltrate standard security cameras and then use that hardware to mine for bitcoin, the anonymous digital cryptocurrency. Johannes Ullrich, a teacher at the computer security SANS Technology Institute, announced last Friday that he found malicious software on Hikvision digital video recorders (DVRs), which are used to record video from surveillance cameras. The virus seems to spread from device to device...

The Register: A controversial browser plug-in that offered to reveal LinkedIn users’ private email addresses has been withdrawn by its developers, at least for now. Sell Hack added a “Hack In” button to LinkedIn profiles, which sometimes (but not always) displayed email addresses that supposedly allowed users to contact LinkedIn users directly by email. The behaviour of the app unsurprisingly earned the ire of LinkedIn's lawyers, who sent a cease-and-desist letter.  

Arstechnica: The past few days have revealed new data that suggests the recent upsurge in malware targeting routers—as Ars has chronicled here, here, and here—is not only continuing, but it's spreading to digital video recorders (DVRs). Exhibit A came Monday from researchers at security training institute Sans, which unearthed a Bitcoin-mining trojan that has infected DVRs. The researchers found the infection while researching the source of an automated script they observed scanning the Internet for data storage devicesmade by...