Android Stagefright, Carphone Warehouse hack and an Oracle rant: The week in security

The top security news of last week from the V3 newsdesk

Last week was dominated by news of data breaches and bug fixes. Stagefright is still a threat to Android devices, Lenovo has been installing bloatware in its systems, and research indicated that UK councils have suffered up to 4,000 data breaches over three years.

A blog post by Oracle CTO Mary Ann Davidson, meanwhile, whipped up a storm after she made negative comments about security researchers, and the ICO announced an investigation into the cyber attack on Carphone Warehouse.

V3 counts down the top security news of last week:

Windows 10 sends data to Microsoft servers, even when told not to

Privacy-conscious Windows 10 users were warned that a number of features transmit data to Microsoft servers even when they have been turned off and privacy systems are activated.

950 million Android devices still at risk as Google Stagefright patch fails

Millions of Android users are are still at risk from the Stagefright vulnerability after Google rolled out a flawed security patch, according to researchers at Exodus Intelligence.

Lenovo caught installing bloatware again with Windows BIOS backdoor

Lenovo backtracked over the use a little known Windows BIOS trick that installs persistent software on the firm's systems without the consent of the user, even if they wipe the entire operating system to try to remove it.

Dropbox tightens security with two-factor USB authentication

Dropbox announced the addition of USB key authentication as an extra layer of protection for customers of the cloud service. The firm said that the introduction of Universal Second Factor authentication will store a second layer of security on a dedicated USB device rather than using the traditional six-digit text option.

Hacking group busted as US police charge 32 for stock manipulation

US authorities charged 32 members of an alleged international cybercrime operation that netted millions of dollars by targeting newswire services to profit from stock market trading.

Oracle distances itself from CSO's anti-security blog rant

Oracle distanced itself from a corporate blog post published by chief security officer Mary Ann Davidson that ranted against security researchers, bug bounties and third parties that reverse engineer Oracle code to find security vulnerabilities.

UK councils suffer over 4,000 sensitive data breaches in three years

UK councils recorded over 4,000 data breaches over the past three years, according to a report released by privacy group Big Brother Watch. The report was compiled using Freedom of Information requests, and found 4,236 incidents of sensitive data breaches between April 2011 and April 2014, a rate of almost four a day.

UK privacy watchdog ICO officially probing Carphone Warehouse hack

The Information Commissioner's Office confirmed that it is investigating the cyber attack on Carphone Warehouse after 2.4 million customer details and up to 90,000 credit card records were stolen.

Android devices criticised for storing unencrypted fingerprint data

Android devices including the HTC One Max and the Samsung S5 came under fire after FireEye researchers uncovered evidence that fingerprint data used to provide access to smartphones is being stored in an unencrypted image format.

UK cyber security demonstration centre aims to promote SMB innovations to the world

V3 visited the Cyber Demonstration Centre set up to give small to medium businesses a platform to show off their cyber security products. The business suite in Westminster has three 4K video monitors and state-of-the-art Cisco video conferencing systems. The set-up is compatible with older technology and can be linked with laptops and smartphones in real time.