“You should be able to buy the things that you need without risking your identity, your credit score or your savings,” Mr. Obama said during an appearance at the Consumer Financial Protection Bureau before signing the directive. The order requires government agencies and offices to upgrade the technologies they use to protect consumer data. That might mean using payment terminals and cards that have difficult-to-clone microchips and that use personal identification number verification.

Upgrades Are Ordered To Protect People’s Data - NYTimes.com

Mr Holcomb’s investigation revealed 30 separate undocumented vulnerabilities in the NAS devices. Many of these, if exploited, would give an attacker complete control over a device letting them plunder the data on it, or use it as a way to get at other devices on that home network and spy on what people did online. Most of the exploitable problems he found were in the web-based interface typically used to administer these devices. “I took the series of exploits I found and wrapped them into a software package that’s in essence self-replicating,” said Mr Holcomb. The worm runs on an infected system and once it has taken control uses that system’s resources to scan net addresses seeking out other vulnerable devices.

BBC News - Malicious worm seeks vulnerable home data stores

The belief we have is that all of this should be public. It shouldn’t be held back. So we’re releasing everything we’ve got,” Caudill told the Derbycon audience on Friday. “This was largely inspired by the fact that [SR Labs] didn’t release their material. If you’re going to prove that there’s a flaw, you need to release the material so people can defend against it.

The Unpatchable Malware That Infects USBs Is Now on the Loose | WIRED

President Vladimir V. Putin appeared on Wednesday to throw his support behind a plan to isolate the Russian Internet from the rest of the World Wide Web, but said the Russian government was “not even considering” censoring Internet sites. In a speech to the Russian National Security Council, Mr. Putin said the plan was intended to build a backup system to keep websites in the Russian domains — those ending in .ru and .rf — online in a national emergency.

Putin Backs Plan to Isolate Russian Internet as Security Measure - NYTimes.com

While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.

Security Experts Expect ‘Shellshock’ Software Bug in Bash to Be Significant - NYTimes.com

There are less than a couple hundred people who are involved in the most significant attacks, and [they’re] almost all Russian-speaking," he says. "There’s a tremendous amount of organizational and hierarchical structure with a robust economy of scale that delivers both data mining, carding [credit card sale dumps] and other services which exists as quasi-untouchables in a way almost unheard of since Al Capone and his gangs in the 1920s.

What’s really driving cyberattacks against retailers - The Washington Post

The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyberattack. The motivation and origin of the attacks are not yet clear, according to investigators. The F.B.I. is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.

JPMorgan and Other Banks Struck by Hackers - NYTimes.com

More worrying is the ability of an attacker to engage in a type of denial-of-service attack on controlled intersections by triggering each intersection’s malfunction management unit, which would put the lights into a failure mode—like all directions blinking red—until physically reset. This would, according to the paper, let “an adversary… disable traffic lights faster than technicians can be sent to repair them.”

Researchers find it’s terrifyingly easy to hack traffic lights | Ars Technica

The assumption has always been that these apps can’t interfere with each other easily," said Zhiyun Qian, an associate professor at UC Riverside. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.

Researchers find way to hack Gmail with 92 percent success rate - CNET

Building on cutting edge machine-learning and data-mining techniques, a pair of Carnegie Mellon University researchers have built a new tool designed to accurately predict which Web servers will be hacked before any hacking actually takes place. Call it pre-cybercrime. Kyle Soska and Nicolas Christin, the academics behind the new classification algorithm (they call it a “classifier”), say they trained their tool on 444,519 websites archived using the WayBack Machine, which contains over 4.9 million Web pages. The classifier correctly predicted 66 percent of future hacks in a one-year period with a false positive rate of 17 percent.

New cybersecurity tool lets us predict website hacks before they happen