A week in security (December 10 – 16) (

A roundup of last week's security news from December 10–16, including facial recognition technology, abandoned USB sticks, even more trouble at Facebook, Google bugs, and more.

Automotive Security: It’s More Than Just What’s Under The Hood (

True auto safety can only be achieved by knowing what every piece of code and hardware is that goes into the car.

Charming Kitten Iranian Espionage Campaign Thwarts 2FA (

The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists.

PewDiePie Hackers Launch Second Printer Siege, According to Reports (

The hackers behind the attack said they have targeted 100,000 more printers in the latest attack dubbed #PrinterHack2.

New Shamoon Variant (

A new variant of the Shamoon malware has destroyed signifigant amounts of data at a UAE "heavy engineering company" and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no idea if this new variant is also Iranian in origin,...

Worst passwords list is out, but this time we’re not scolding users (

This is on you, makers of sites and services that allow users to create passwords like "password." You can do better!

Lax Controls Leave Fortune 500 Overexposed On the Net (

The largest companies in the world have an average of 500 servers and devices accessible from the Internet - and many leave thousands of systems open to attack.

Former rave kingpin back in jail for bizarre bank heist (

A former acid house rave kingpin has been sentenced to 20 months for using a bizarre home-built machine to pilfer £500,000 from banking customers.

Fake face fools fones (

Forbes has added to the ever-growing pantheon of ways to trick biometrics by printing a 3D head and using it to break into Android phones.

Facebook: Photo API Bug Exposed 6.8M User Photos (

The flaw let developers access images that users may not have shared publicly, including those they started to upload but didn't post.