Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.
Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)
Another Flash emergency already? More SEA hacking? Why have the password "changeme" if you don't? How big a fine for a 20,000,000 record breach?
It'll only take you a minute to find out!
Which webmail service has the smartest users? And are they getting smarter over time?
Paul Ducklin tries to use the password data from the Forbes hack to find the answers...
Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.
Why did Brazilian hackers target NASA? What happens to doxers? How much does it cost to get started in card skimming? And how much is a copy of your fingerprint worth?
Watch 60 Second Security and find out!
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Ubuntu Forums has been hacked.
As well as leaving behind an AK-waving penguin, the hackers also took away millions of usernames, email addresses and password hashes.
Sony has thrown in the towel on its appeal of a £250,000 fine ($377,500) imposed after its PlayStation Network was hacked in April 2011, losing data such as names, addresses, email addresses, dates of birth and account passwords of millions of users.
Out of that splatter, 24,000 bogus login tries struck the jackpot, exposing names, addresses, phone numbers and other personal details of corresponding Club Nintendo customers.
Satirical news publication The Onion has gone into detail about how hackers managed to steal its passwords, access its internal emails, and hijack its Twitter account.
Adrian-Tiberiu Oprea, a Romanian national and the alleged ringleader of the gang responsible for a multimillion-dollar hack of the Subway fast-food chain, has pleaded guilty.
Fortunately, the few passwords that were nabbed were salted and hashed. Also, the company doesn't request sensitive information such as Social Security Numbers and doesn't store financial data such as credit card numbers or bank accounts.
Kudos for good security practices, guys.
Do you usually shy away from legal documents?
Well, here's one that's well worth reading: it deals very interestingly with the zone in which busting cybercrooks and protecting privacy intersect...
Security researchers have identified a security hole in Viber that can be exploited to bypass Android smartphones' lock screen and gain full access to the device.
After a widely publicised hack or data breach, you'll often find "password check" sites springing up.
Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...
With just under two million followers, AP's Twitter account has a wide reach, and is influential.
Influential enough, it seems, that a false rumour from the AP feed can have a visible affect on the stock market.
The Syrian Electronic Army appears to have hacked into accounts belonging to the NPR media network, and defaced news stories.