Researchers at Duo Security have released results of their inquiry into Mac firmware vulnerabilities. They conclude that a large number of systems, including some running the most recent versions of MacOS, are susceptible to exploitation. Evidently the Extensible Firmware Interface (EFI) in many devices was not actually installing the security updates users thought they'd applied. Duo notes that firmware exploitation isn't easy, and requires a relatively high level of sophistication on the attackers' part, but the vulnerability is nonetheless a serious one. Some observers think it likely the problem extends into the Windows and Linux worlds as well.
Cyber Ark has found an "illusion gap" technique that could enable attackers to bypass Windows Defender. Microsoft says the danger is exaggerated: you'd have to click through lots of warnings to fall victim.
Skyhigh Networks' research has led it to believe that about 7% of AWS S3 servers worldwide are exposed.
Whole Foods has disclosed it's been hit with a breach that exposed customer paycard data.
ISIS and the Taliban have each released new inspirational videos online as reverses on the ground push the terrorist organizations into cyberspace.
Turkish hacktivist group Aslan Neferler Tim claimed responsibility for Wednesday's takedown of sites belonging to Denmark's Ministry of Immigration and Ministry of Foreign Affairs. The attacks were apparent retaliation for the Immigration Minister's remarks praising Kurt Westergaard’s famous cartoon depicting the prophet Mohammed wearing a bomb as a turban.
India has asked that country's telcos to come up with more effective security measures.