Weekly Cyber Security News 25/11/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

A while back I highlighted the cunning IoT breach of an overly sensitive iPad microphone detecting someone outside triggering a door release, well, a team has gone one step further by turning some headphones into a microphone! Time to unplug and cap those speakers!

• Researchers create crazy new malware that spies on you through your headphones (Yahoo Security)
• Researchers Demo Method For Turning A PC Into An Eavesdropping Device
• Your Headphones Can Be Hijacked And Used To Spy On You (Forbes)

The other news

• Santa sabotaged: Mass data theft from children’s letters to Father Frost in Russia RT reports
• CompSci boffins offer new bug-rating system to get you home on time (The Register)
• Deliver-oops! Takeaway pusher’s customers burger-ed by hijackers (The Register)
• Elegant 0-day unicorn underscores serious concerns about Linux security (ArsTechnica)
• EU rules to stem payment fraud may disrupt six billion euros of e-commerce: Visa (Yahoo Security)
• Hackers electrocute selves in quest to turn secure doors inside out (The Register)
• Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking (The Register)
• Microsoft plans St Valentine’s Day massacre for SHA1 (The Register)
• Oracle Announces Acquisition Of Dyn Oracle says purchase of the recently DDoSed DNS service is aimed expanding the company’s cloud computing platform.
• Recruitment Site Scraped, Leaked 8 Million GitHub Profiles (SecurityWeek)
• Several DoS Vulnerabilities Patched in NTP (SecurityWeek)
• Signal security revealed: a triple-Diffie-Hellman with a double ratchet (The Register)
• Six in Philippines May Face Charges Over Bangladesh Bank Heist Charges (SecurityWeek)
• Talking Turkey about IoT Security
• How To Avoid Wi-Fi Scams During The Holiday Shopping Season (Forbes)
• Fake ISP Complaint Emails Distribute Locky Ransomware Variant
• Telegram API ransomware wrecked three weeks after launch (The Register)
• Hacker dishes advanced phishing kit to hook clever staff in 10 mins (The Register)
• CERT tells Microsoft to keep EMET alive because it’s better than Win 10’s own security (The Register)
• iPhone Call Logs Quietly Synced to iCloud, Forensics Firm Warns
• Palo Alto Networks Patches Flaws Found by Google Researcher (SecurityWeek)
• WordPress auto-update server had flaw allowing anyone to add anything to the CMS (The Register)