Against the background noise of Lizard Squad capers and Russian information operations, several vulnerabilities occupy security experts' attention.
A serious Linux flaw, "Ghost," has been found in the glibc library. The bug could allow an attacker to remotely execute malicious code on a vulnerable system. Qualys, which discovered the bug in Linux versions dating back to 2000, providently informed vendors before announcing the flaw publicly, and so patches are available.
Google doesn't dispute Core Security's report that Android Wi-Fi Direct is vulnerable to denial-of-service conditions, but it does dispute the severity of the flaw and doesn't plan to rush a patch.
Australian bug-hunter Mark Dowd has found a privacy hole in the otherwise highly private Blackphone — a specially configured text message can compromise the device.
G-DATA discerns a common hand behind Uroburos and the Project Cobra spyware campaign.
Bitdefender warns of malicious macros in MS Office documents. The documents are circulating via spam.
Apple's OS X update will address Thunderstrike and "evil maid" attacks.
In industry news, social media security start-up ZeroFOX announces its first acquisition: Vulnr — which is expected to enhance ZeroFOX's R&D capability. Darktrace thinks it's got the right metaphor for security — the human immune system — and that it's got the solutions to match the metaphor. IBM says reports of big layoffs are greatly exaggerated. Big Blue is also touting a newly developed cryptographic algorithm for identity protection.
As US cyber legislation works its way through Congress, Quartz suggests Estonia could teach the Americans a thing or two.