A former worker for the Transportation Security Administration was indicted by a federal grand jury in Denver last week, on charges of trying to damage a protected computer. According to the District of Colorado attorney's office, Douglas James Duchak tried to corrupt a TSA database in the Agency's Colorado Springs Operations Center (CSOC). 15 March 2010
Lawsuits from online crime more than doubled between 2008 and 2009, according to the latest figures released by the Internet Crime Complaint Center (IC3). The organization also received 22.3% more complaints about Internet crime in 2009, indicating that the average money lost in a single fraud case has increased. 15 March 2010
Researchers have used solid-state disk drives (SSDs) to crack passwords 100 times faster than using conventional hard drives. 15 March 2010
The US plays host to the largest number of malicious web servers, according to a study released by anti-malware company AVG. 13 March 2010
Health insurer Aetna has succeeded in having a class-action lawsuit over an alleged security breach dismissed. 12 March 2010
Researchers from web security firm Websense warned Facebook users earlier today to refrain from clicking on URLs posted on the pages of some famous celebrities – or even people on their friend list – as links to alleged videos were actually portals to malware infection. 12 March 2010
The latest monthly spam report shows that, regardless of the world economy, there is one item that is particularly hot this winter: Russian mail-order brides. This is according to newly released figures from McAfee. 11 March 2010
Yet another botnet suffered severe losses to its functionality this week, in what appears to be a growing campaign among the white hat community to take down these virulent networks. Troyak-AS, which was the upstream provider for the six worst Zeus hosting ISPs, has been taken offline. 11 March 2010
According to one security expert, anywhere from 14 to 35 pieces of legislation aiming to effect cybersecurity are in the works, depending on how one defines its role within the genre. These bills range from comprehensive to very focused, but, as some security experts claim, they all have common drawbacks. 10 March 2010
Identity theft protection company LifeLock will pay $12 million to settle charges of false claims made over its services. 10 March 2010
Popular micro blogging site Twitter has launched a service designed to stop phishing scams from victimizing its users. 10 March 2010
Computer games giant Ubisoft had to apologize to users after its online gaming service collapsed over the weekend. Ubisoft executives said that "exceptional demand" was to blame for the problem before the company blamed the downtime on an attack, the following day. 10 March 2010
IdentityFinder, the identity theft prevention company, are set to offer protection for social networking sites later this year. 10 March 2010
Almost one in five participants at the RSA conference last week believe that their companies' security policies are being effectively enforced, according to figures released by data center fabric company Brocade. That said, at least half of them seem to be unhappy with their companies' security technology solutions. 10 March 2010
Microsoft took customers through a fairly sedate patch Tuesday this week, releasing just two bulletins addressing issues in its applications. However, all did not go without a hitch, as yet another zero-day vulnerability emerged for Internet Explorer. 10 March 2010
The US government is still failing on cybersecurity thanks to a lack of clear definitions among different agencies, the US Government Accountability Office has warned. 09 March 2010
A husband-and-wife team from Coral Gables has been indicted for the second time in a year for the theft and sale of privacy data. Authorities claim that in both cases, the couple received payments from personal injury lawyers in exchange for patients’ personal privacy data from a local ambulance company. 09 March 2010
In further proof that the hospitality industry is becoming a prime target for hackers, The Westin Bonaventure Hotel and Suites has admitted a likely data security breach. 08 March 2010
Police are reviewing pictures from web cams in the Lower Merion School District spying case, it was revealed over the weekend, as two IT staff were put on leave pending further investigation. 08 March 2010
Infosecurity US rounds up the significant events from the last week. 08 March 2010
In what may have been the most star-studded event of last week’s RSA Conference in San Francisco, a panel of experts gathered during one keynote to discuss how governments can come together to combat cybersecurity threats without compromising individual liberties. 08 March 2010
Although the IT profession is not exactly immune from recent economic troubles, freshly revealed polling results from (ISC)² – the non-profit IT security trade group – indicate that security personnel are still in demand and, for the most part, gainfully employed. 05 March 2010
Department of Homeland Security Secretary Janet Napolitano delivered one of the Wednesday keynote addresses, which focused on cybersecurity, at this year’s RSA Conference in San Francisco. She would close her remarks by issuing a challenge to the security community to help raise public awareness of cybersecurity issues. 04 March 2010
At the RSA Conference 2010 in San Francisco, (ISC)²,Microsoft, and RSA conference co-sponsor a session to train member volunteers for its Safe and Secure online programme. 03 March 2010
Hard on the heels of announcing a free website infection scanning service, Qualys has teamed up with fellow IT security vendor Imperva to integrate some of their respective software offerings. 03 March 2010
Active network forensics company Solera Networks announced its partnership with EMC at RSA Conference 2010 on March 2 in San Francisco. 03 March 2010
A unique panel session convened at the RSA Conference in San Francisco today to discuss the pros and cons of social networking on the job, specifically by the under-30 set. 02 March 2010
Howard Schmidt, Cyber security advisor to President Obama, announced the launch of www.whitehouse.org/cybersecurity - a brand new web page launched to prove the commitment of the US government to its transparent cybersecurity strategy - during his keynote at RSA conference 2010 in San Francisco. 02 March 2010
In his keynote address at the RSA Conference 2010 in San Francisco, Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, outlined how Microsoft will apply its end to end trust vision to cloud computing. 02 March 2010
In his keynote at RSA 2010, San Francisco, RSA President Art Coviello spoke of the industry’s latest and greatest challenge: securing cloud computing. 02 March 2010
M86 Security has taken the wraps off a one-stop integrated security appliance that combines its threat analysis technology with a drill-down dashboard interface. At the same time the company has extended its web gateway technology into the cloud computing environment. 02 March 2010
According to a survey of qualified security assessors (QSA), the optimum methodology for end-to-end security protection is encryption. 02 March 2010
Check Point Software Technologies has taken the wraps off a secure USB drive system. Known as Abra, the unit is designed to offer PC or Windows-based terminal users a secure virtualised workspace that is highly portable between machines. 02 March 2010
According to the Veracode ‘State of Software Security’ report, between 58 and 88 percent of all applications submitted to Veracode for verification did not achieve an acceptable security score upon first submission. The exact percentage depends on the standard applied, based on application criticality. 02 March 2010
Gerhard Eschelbeck, CTO of Webroot, tells Infosecurity’s Eleanor Dallaway that “2010 is the right time to engage in cloud computing”, as they catch up in Silicon Valley. 01 March 2010
Qualys has become the first on-demand network and site vulnerability company to launch a free malware detection service, designed to protect websites from malicious activities and stop visitors from being infected by malware. 01 March 2010
Web application security company Mykonos Software has launched an appliance designed to watch what hackers are doing and take counter measures to confuse and divert them. 26 February 2010
The Waledec network is down – at least temporarily – thanks to an injunction sought by Microsoft and awarded by a federal judge, forcing registrars to shut down command-and-control domains. 26 February 2010
Adobe's PDF document format continued to take a bashing this week, after a report from IBM's X-Force security consulting arm singled out readers supporting the software company's de facto standard document format as a particular security worry. 26 February 2010
The Federal Trade Commission sent letters to nearly 100 organizations this week, warning them that customer and/or employee data are currently available on P2P networks according to its recent probe. 25 February 2010
Researchers have combined stolen web browser history data with membership of social networking groups to identify large numbers of users who would otherwise be anonymous, it was revealed this week. 25 February 2010
Following an 18-month testing period, giant US ISP Comcast has announced plans to transition to the DNSSEC secure DNS standard by the end of next year. 25 February 2010
A lack of IT staff resources is hindering corporate security, according to a study released by Symantec this week. And companies are exacerbating the issue by embarking on new IT projects that create security problems. 24 February 2010
Adobe has taken the easy option to fix the zero-day remote execution flaw discovered in its Adobe Download Manager last week. It advised users to simply delete the software so that it wouldn't come back again. 24 February 2010
Intel was the target of a concerned cyberattack in January – around the same time that Google identified the Operation Aurora attack, according to a 10-K filing that the chip maker made to the SEC. 24 February 2010
A team of investigators at Rutgers University has revealed research indicating that smart phones can be compromised by sophisticated rootkits. 23 February 2010
A Nevada man had his appeal of a child pornography conviction denied last week by the 9th Circuit Court in San Francisco. The defendant, Charles A. Borowy, claimed that his fourth amendment right prohibiting unlawful search and seizure was violated by an FBI agent who downloaded and viewed files from the man’s computer using the LimeWire P2P service. 23 February 2010
Infosecurity rounds up some of the week's security news 23 February 2010
Researchers have identified Spybot.AKB, a worm that spreads across P2P networks and email systems. 22 February 2010
A federal judge has ordered a suburban Philadelphia school not to reactivate a security system that enabled it to monitor students in their homes without their knowledge. The judge made the emergency ruling after a student sued the school, alleging an invasion of privacy after someone at the school took a picture of him in his home. 22 February 2010
Fortify Software and HP have teamed up to release Hybrid 2.0, a tool designed to test web applications for security flaws. 22 February 2010
PGP has released a new version of its Key Management Server designed to pull together disparate key management systems for enterprise customers. 22 February 2010
Adobe continued to fight fires on the security front last week, as a researcher discovered a second flaw in its Adobe Download Manager software tool. 22 February 2010
Two schools in China have been linked to the Operation Aurora attack that targeted Google and other companies last year – and one of them has been tied to a national network of hacktivist groups. 19 February 2010
A playful new website is trying to raise awareness about personal and home security issues online. PleaseRobMe gathers location information from web 2.0 websites that geotag content for mobile users, presenting them as a list of users who are not at home. 18 February 2010
The same criminal gang that targeted government and military computers with its malware has also infected 75 000 computers in almost 200 countries with a virulent strain of the banking trojan, according to research from network monitoring company NetWitness. 18 February 2010
The state of New York is proposing language for inclusion in procurement documents that it hopes will help to enforce secure application development practices among suppliers. 18 February 2010
Rebounding spam traffic, increased use of shortened URLs to deliver malicious payloads, and continued vulnerabilities among some of the most popular software applications were among the most serious security threats over the last six months 2009 according to data from M86 Security. 18 February 2010
A simulated cyber attack has shown once again that the US is unprepared for cyberwarfare, a year after the federal government conducted an extensive review of its cyber security stance. 18 February 2010
The SANS Institute and Mitre have come together to update their annual list of top 25 software programming security bugs. SQL injection is the number one danger to software customers, according to the organizations. 18 February 2010
Electronics retailer Small Dog Electronics has suffered from a systems breach that left 3000 customers' credit card details compromised. 18 February 2010
Yesterday’s outage of Windows Live caused a disruption in the web-based Hotmail email service. This presented a golden opportunity for online crooks to poison search results related to the incident. 17 February 2010
Internet security software and whitelisting firm Comodo has unveiled a secure browser designed to compete with Google's Chrome. 16 February 2010
At the RSA security show next month, Symantec will unveil a data indexing technology designed to identify the owners of files by querying enterprise storage systems. Called Data Insight, the product will have multiple applications, including cost reduction, data leakage prevention, and even IT forensics. 16 February 2010
Some Granite State lawmakers are not too keen on the use biometric data for identity verification, as the New Hampshire House of Representatives is currently considering a bill that would block its use in nearly all state- and privately issued identification. 16 February 2010
Infosecurity covers the news that didn't make it into our top stories last week. 16 February 2010
Some rather industrious spammers have targeted military and intelligence employees for the second time in a week. But this time they used the pretense of the previous attack in an attempt to deliver the Zeus trojan. 15 February 2010
Adobe plans an out-of-band patch to resolve yet another critical security flaw across multiple products. 15 February 2010
Microsoft found itself in patch hell this week, withdrawing an update resolving an important vulnerability in Windows. The company found that some users infected with malware experienced problems restarting their machines after installing the bug fix. 12 February 2010
Google was fighting security, privacy, and censorship issues this week following the launch of Buzz, its social networking service. As Iran reportedly shut down Gmail, others reported that the service was revealing who Buzz users had the most contact with, leading to potential personal security issues. 12 February 2010
On Tuesday, the US will undergo a simulated cyberattack to help policymakers decide how well the country would cope. 12 February 2010
As is often the case around major holidays, especially those where giving gifts seems compulsory, most major security vendors are warning about scam emails focused on Valentine’s Day. 11 February 2010
Mozilla has apologized for its existing apology concerning a malware-infected add-on for Firefox. Last week, the company reported that a second experimental add-on for the browser had been infected by malware. After working with McAfee, it now says that the detection was a false positive. 11 February 2010
An Indian resident has pleaded guilty to conspiracy and aggravated identity theft after engineering an international fraud scheme to hack online brokerage accounts in the US. 11 February 2010
The Nigerian Government is working with Microsoft on a public awareness program that uses music to fight cybercrime in the country. 11 February 2010
Fewer botnets are becoming responsible for more infected machines, according to a report from McAfee. 11 February 2010
The number of victims affected by a data theft from Chattanooga-based health insurer BlueCross BlueShield has ballooned, following a decision by the company to notify family members of customers that are covered by a group plan. 11 February 2010
Researchers have identified another example of a botnet that attempts to neutralize other botnet software. Peter Coogan, a researcher at Symantec, noticed a crimeware toolkit from Russia called SpyEye, which appears to neutralize the competing Zeus crimeware kit. 11 February 2010
Defense and intelligence agencies in the US and UK were among the intended targets of a Zeus trojan campaign, according to findings by Websense. 10 February 2010
Identity fraud in the United States has risen to an all time high, according to a report from Javelin Strategy and Research. The 2010 Identity Fraud Survey Report reveals that the number of identity fraud victims in the country has risen by the highest amount in a single year since the survey started seven years ago. 10 February 2010
Adobe has apologized for a bug in its Flash Player that it has only just patched, 16 months after it was originally filed. 10 February 2010
The US Government has handed over responsibility for the trial of a young hacker accused of stealing Cisco source code to Sweden, his home country. 10 February 2010
Today the European Network and Information Security Agency (ENISA) released a report on social networking via mobile devices. In honor of Safer Internet Day, and in an effort to remain unencumbered by our location here in the US, Infosecurity would like to share ENISA’s tips for more secure navigation of mobile social media. 09 February 2010
Infosecurity reviewed spending on IT investments in President Obama’s proposed fiscal year 2011 budget. The Administration claims it will continue to support increased IT and information security outlays, but a look at IT spending from 2009 through the projected 2011 budget does not exactly support this assertion. 09 February 2010
Researchers at Penn State University have devised an algorithm designed to slow down the kind of rapidly-spreading network worm that can infect large portions of the internet quickly. 08 February 2010
Security firm eSoft is warning clients about an IRS phishing con that is specifically targeting businesses and corporate email accounts. 08 February 2010
A report from security vendor Kaspersky Lab shows that malware originating from China topped its monthly report of digital pollution providers, broken down by country of origin, for January 2010. 08 February 2010
Microsoft will not be patching last week's Internet Explorer vulnerability with this month's patch Tuesday releases, which are scheduled for tomorrow. 08 February 2010
Infosecurity rounds up the week's news 08 February 2010
Moscow-based password cracking software company ElcomSoft has released a password breaker for iPhone backups. 05 February 2010
Mozilla has had to pull two experimental add-ons for the Firefox browser from its website. The add-ons, which somehow made it through the quality control process, target Windows users with trojan malware. 05 February 2010
Infosecurity is pleased to report that a prestigious array of presenters have been lined up for the latest virtual conference, due to take place on February 25. 05 February 2010
An article in today’s Washington Post uncovers a somewhat hush-hush collaboration between Google and the National Security Agency in an effort to prevent future cyberattacks. 04 February 2010
Information security and data protection vendor Sophos has released a list of the top 10 countries hosting malware. The report reveals that websites in the US are accountable for hosting 37.4% of malware worldwide. 04 February 2010
The House of Representatives has passed legislation designed to enhance cybersecurity research and development in the US. 04 February 2010
The US is at risk of a crippling cyberattack and is currently unable to defend itself adequately, according to testimony given before Congress yesterday. 04 February 2010
Microsoft has discovered another flaw in Internet Explorer. The latest vulnerability could allow attackers to harvest any files from a victim's hard drive. 04 February 2010
Researchers have formulated a way to identify cheating in online games in a discovery that could revolutionize the growing market for virtual gaming assets. 03 February 2010
McAfee has announced a service to help get SMBs up to speed with their security needs. Security Quickstart Services specifically targets small to medium-sized businesses, providing help with implementing, maintaining and optimizing security best practices. 03 February 2010
Internet Explorer 8 is now the world's most-used browser, according to the latest figures from Network Applications. 03 February 2010
Last week Adm. Gary Roughead, chief of US naval operations, officially announced the creation of the US Navy’s new Fleet Cyber Command, which aims to integrate the weapons of cyberspace and information within the Navy’s arsenal. The Fleet Cyber Command was formed in conjunction with re-establishment of the US 10th Fleet during a ceremony held at Ft. Meade, Maryland, on Jan. 29. 03 February 2010
Compliance and security service provider Trustwave has released its 2010 Global Security Report. The company has found that companies are still suffering from attacks using familiar exploit types that have been around for years. Organizations are implementing new technologies without securing existing ones, the report found. 02 February 2010
An anonymous researcher has posted a proof-of-concept attack that fakes a trusted root certificate on the iPhone. Researchers have confirmed that the attack works, making it possible for anyone to create a web page that is deemed to be trusted by Apple. 02 February 2010
Microsoft announced three enhancements to its secure development lifecycle (SDL) initiative at the BlackHat DC conference this week. 02 February 2010
Research just published by Sophos claims to show a 70% increase in the number of companies reporting spam and malware attacks via social networks. 02 February 2010
Infosecurity rounds up the week's news 02 February 2010
Websites for 49 members of the US House of Representatives were hacked shortly after President Obama’s State of the Union address last Wednesday night. The attacks appear to have been carried out by the Red Eye Crew according to researchers at security consultant Praetorian Security Group. 01 February 2010
Google and DNS provider Neustar have jointly proposed an extension to the DNS protocol that would fix many of its security problems. 01 February 2010
A new tool released by privacy advocacy group EFF is designed to help users find out how identifiable their web browsers are online. 01 February 2010
Facebook was plagued by security and privacy issues both real and imagined in the last week, as a real-life worm battled with an imaginary one in a competition to see which could petrify the service's users the most. 29 January 2010
PricewaterhouseCoopers has lost the personal records of 77 000 former and current public employees of the state of Alaska, it emerged this week. 29 January 2010
Google Chrome, the internet browser launched in late 2008, has been enhanced with a selection of new security features designed to make it harder for malware writers to infect client machines. 29 January 2010
George Hotz, the first iPhone cracker – and who reportedly spent more than 500 hours developing the first jailbreak application for the Apple's iPhone back in 2007 – has apparently cracked the Sony Playstation 3. 29 January 2010
The oil and gas sector has been the hardest hit by stealthy infiltration, according to a report from the Center for Strategic and International Studies (CSIS). The sector was hit by stealth attacks 17% more than the cross-sector average, with almost three oil companies in four having had hackers fly under their radar. 28 January 2010
A legal case filed by a bank against a customer in the US promises to test the liability of customers in the event of security breaches. Dallas, Texas-based PlainsCapital bank is suing a business customer, Hillary Machinery, for not taking adequate measures to protect its banking details. 28 January 2010
The website of the Oklahoma Tax Commission was the apparent victim of a hack yesterday, one in which visitors to the website were prompted to accept an Adobe license agreement and download software. The hack could not come a worse time for the Commission, whose site is undoubtedly experiencing an uptick in visitors as tax season approaches. 28 January 2010
This spring, a project under development to help assess the security and privacy of software applications will go public. WhatApp, an online resource where experts and the public alike can rate applications based on how well-behaved they are, will help consumers to exercise their privacy rights, said its project manager. 28 January 2010
An annual report from security software provider Intego acknowledges it was a busy year for security threats to Apple devices, including the Mac OS X and iPhones. And while the Mac OS may be a less frequent target of malware authors, security threats to Apple products are proliferating as these devices land in the hands of more and more users. 27 January 2010
Reports in the Christian Science Monitor suggest that at least three large US oil companies have been the victims of targeted attacks. The custom-made spyware used in the attack appears to have sent the information to China, at least in one case. 26 January 2010
Attempts to hack healthcare organizations doubled in the fourth quarter of last year, according to Atlanta-based managed security firm SecureWorks, setting the sector aside from others. 26 January 2010
Technology pundit site TechCrunch was victim of a hack over the weekend by attackers who defaced it, just days before Apple's release of its tablet device – arguably the most anticipated product in recent history. 26 January 2010
Recent reports indicate that IT spending is set to increase in 2010. This comes on the heels of 2009, which saw negative IT spending growth worldwide and may have been the worst year on record for IT spending. 26 January 2010
Infosecurity US magazine is excited to announce the 2010 virtual conference on endpoint security, to be held on February 25, 2010. This one-day event brings a series of topical keynote sessions direct to your computer, giving you the flexibility to learn about the latest information security trends and challenges from wherever you are in the world. 26 January 2010
Kaspersky provoked a flurry of complaints from irate users after its anti-malware tool began blocking sites with Google advertisements yesterday. 25 January 2010
Infosecurity rounds up the week's news 25 January 2010
Prices for male impotency drugs sold by spammers aren't as stiff as they once were, according to a new report from Messagelabs. The asking price for 'little blue pills' have softened up, as the economy has lost its staying power. 25 January 2010
Anti-virus company ESET has discovered what it thinks is a prank gone wrong. The company suspects that Win32/Zimuse, which has swept the US, was originally intended as a localized malware attack against a group of Slovakian bikers. 22 January 2010
Hydraq, the trojan delivered by the Operation Aurora attackers, uses VNC techniques to stream live video from victims' machines, said Symantec in an analysis of the malware. 22 January 2010
Websense has relaunched a spam protection service with a new feature set that protects Facebook users against malware. 21 January 2010
Google faced challenges to its search engine's data gathering policy this week from two sides. Microsoft bettered the search engine giant by revising its own search privacy policy, while security researcher Moxie Marlinspike delivered a service that allows users to bypass Google's data gathering procedures altogether. 21 January 2010
Social media site RockYou may be the subject of a lawsuit from disgruntled customers after it allowed 32 million of their accounts to be compromised, but new data suggest that many of its users are equally unsavvy when it comes to security, especially password security. 21 January 2010
Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China. 21 January 2010
Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office. 20 January 2010
Sourcefire has increased the speed of its intrusion prevention system, or IPS, announcing support for a 20 Gbit/sec clustered model. 20 January 2010
Microsoft has promised an Internet Explorer out-of-band patch for the zero-day vulnerability discovered earlier this month. In the meantime, a trusted researcher has highlighted a flaw in all versions of Microsoft Windows that could lead to privilege escalation. 19 January 2010
Multi-factor mobile authentication firm PhoneFactor has developed a biometric verification system for its phone-based authentication platform. The system uses biometric validation of a user's voiceprint to provide what it says is three-factor authentication. 19 January 2010
Blackhats are working smarter rather than harder in attacks on network infrastructure, according to a comprehensive report on internet infrastructure security from Arbor Networks. 19 January 2010
Security appliance company FireEye has said that its products can detect the latest zero-day vulnerability in Internet Explorer without any software patches. 18 January 2010
Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently. 18 January 2010
The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend. 18 January 2010
The internal security risk issue is fast becoming a boardroom topic in most organizations, especially now that relatively rare road warriors have given way to a truly mobile workforce, able to work from almost anywhere, in most businesses. 18 January 2010
Time Inc has written to customers and the New Hampshire Attorney General's office, warning of a potential security breach following the possible misuse of customer credit card information by an employee. 17 January 2010
Infosecurity rounds up the security news from the past week. 17 January 2010
Blackhats and whitehats reacted with typical polarity to the disastrous Haiti earthquake this week. One faction unleashed a torrent of malware capitalizing on the tragedy, while the other organized a series of 'hackathons' to help develop technologies that would assist the humanitarian mission. 15 January 2010
Proving that there is no situation too tragic to exploit, cyber scofflaws have been quick to capitalize on the world’s interest in the recent earthquake in Haiti. With so many people looking to reach out and donate to victims of the tragedy, one group of black hats are attempting to rake in some of that cash by exploiting search engine optimization (SEO) techniques. 15 January 2010
Security organization ISACA has launched a new risk management qualification for information security professionals. The Certified in Risk and Information Systems Control (CRISC) certification targets professionals in the IT area who use information security controls to manage risk in technology environments. 15 January 2010
The Defense Advanced Research Projects Agency, or DARPA, has awarded $55.5m in contracts to bolster a secretive cybersecurity monitoring system, it was announced this week. 15 January 2010
More details are emerging concerning the concerted attacks on over 20 technology companies, including Google, that were revealed earlier this week. The attackers targeted a vulnerability in Internet Explorer, according to Microsoft. It is now investigating the flaw, which could allow attackers to execute arbitrary code. 15 January 2010
Google is threatening to unplug its controversial Chinese search engine, following a massive hacker attack on its infrastructure that it says was designed to access the accounts of human rights activists. And the company was not the attackers’ only target, it claims. 14 January 2010
The state of Connecticut is suing health insurer Health Net, following a data breach that saw 446 000 Connecticut residents’ records compromised, it said yesterday. 14 January 2010
Security is the most important initiative for datacenter managers for the coming year, according to Symantec’s latest State of the Datacenter report. 14 January 2010
Facebook has signed McAfee as a supplier to help protect its user base. The two companies have worked on a custom scanning and repair tool, along with education materials that will target the social networking giant's 350 million users. 13 January 2010
Software as a service company ScanSafe has found a 55% increase in illegal download attempts over corporate networks. 13 January 2010
Adobe distributed its first quarterly critical security update yesterday, finally patching a vulnerability that had been targeted by a zero day attack. 13 January 2010
The Governor of Maryland set out an aggressive campaign to position the state as a national hub for cybersecurity this week, launching a report cataloging Maryland's current efforts in the cybersecurity and electronic intelligence space. 13 January 2010
The University of Dayton, Ohio, and the Advanced Technical Intelligence Center (ATIC) are partnering to offer an MBA in cybersecurity management. 13 January 2010
Suffolk County National Bank received a nasty Christmas present on December 24th after discovering a hack that saw over 8,000 customers' accounts compromised. The breach is estimated to have cost $351 000, it warned investors. 13 January 2010
Although the total number of reported data breach incidents fell year over year in 2009, the number of compromised records was still estimated at over 222 million. For the first time this past year, malicious attacks, which include hacking and insider theft, overtook human error as the leading cause of data breach in the US. This is according to a recent report compiled by the Identity Theft Resource Center, a San Diego-based non-profit that tracks occurrences of identity theft. 12 January 2010
Microsoft has launched a technology policy website designed to encourage policy debates in key areas such as cloud computing, security, and privacy. 11 January 2010
Nineteen individuals have been charged with conspiracy to commit wire fraud after the FBI alleged a cybercrime conspiracy costing victims more than $15 million. 11 January 2010
Infosecurity rounds up the week's security news 11 January 2010
It's official — Adobe is releasing an automatic silent updater for its PDF Reader product on April 13. The company confirmed the news to Infosecurity US this week. 08 January 2010
The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. 08 January 2010
A PandaLabs report claims that 2009 will go down as perhaps the most prolific in malware history. In 2009, malware creators tapped into search tools used by the majority of web surfers, and exploited current events and popular culture. 07 January 2010
Over 40% of executives don't know how to stop compromised devices from polluting their networks, according to a poll conducted by Deloitte. 06 January 2010
US security firm CYBERsitter is suing the Chinese government for $2.2 billion for software piracy, after it allegedly used the company's source code as part of its controversial Green Dam project. 06 January 2010
Online scammers are re-scamming Internet pharmaceutical customers with a new ploy: posing as government agents and extorting money from them, says the US Food and Drug Administration. 06 January 2010
Vendors of encrypted USB drives are recalling their NIST-certified products and issuing security updates after a fundamental flaw was found in the way that information is accessed. The flaw enables attackers to access encrypted data without trying to tackle the AES256 encryption algorithm used by the drives. 06 January 2010
A Pennsylvania woman has been charged with identity theft and device fraud after forging driver's licenses and selling them on to third parties. 05 January 2010
More details are emerging of a zero-day attack on Adobe's PDF reader and Acrobat applications, and security experts are calling it highly sophisticated. Moreover, anti-malware tools have been woefully poor at spotting it. 05 January 2010
Applications that blur the boundaries between online and offline software will be a primary hacker target this year, according to McAfee. 04 January 2010
Eastern Washington University has notified present and former students of a massive data breach of its systems that could affect up to 130 000 people. 04 January 2010
Infosecurity rounds up the information security news from the holiday season. 03 January 2010
Howard Schmidt, president and CEO of the Information Security Forum (ISF) was appointed White House Cybersecurity Coordinator just before the Holidays. 29 December 2009
Infosecurity rounds up the week's information security news. 21 December 2009
The number of known vulnerabilities in VoIP products have almost tripled since 2006, according to a report from McAfee. 21 December 2009
The Conficker worm is still thriving on networks in India, Chile, Russia and the Ukraine, where infection rates are up to 16%. 21 December 2009
Unified threat management vendor WatchGuard Technologies has enhanced its managed security offering with its Managed Security Services Program (MSSP). 21 December 2009
An identity thief who used victims' credentials to register credit cards fraudulently was sentenced to more than nine years in prison wihout parole late last week. 21 December 2009
Adobe has announced its latest zero-day security vulnerability in what has become a litany of such flaws this year - and this one won't be patched until halfway through January. 17 December 2009
The Firefox browser topped the list of software applications with most security vulnerabilities in 2009, according to a report from application whitelisting firm Bit9. 17 December 2009
Secure64 Software has released a DNS cache server that is designed to protect against cache poisoning attacks. 17 December 2009
Rogue anti-virus programs will become far less prevalent next year as other technologies such as Google Wave attract malware vendors' attention, said a forecast from Kaspersky this week. 17 December 2009
The number of computers infected by botnet malware has almost quadrupled each year since 2004, according to a report to be released by Project Honey Pot next week. 16 December 2009
Unified threat management company Fortinet is shipping two new secure email appliances. The appliances, called FortiMail-5001A and -2000B, are aimed at high-volume carrier and managed service provider companies. 15 December 2009
A Webroot researcher has documented the process that the Koobface malware uses to create malicious Google Reader pages. 15 December 2009
The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports. 15 December 2009
One year after the McColo shutdown, spam volumes have not only recovered, but have grown beyond what they were before the rogue ISP was taken offline. 15 December 2009
Infosecurity sums up the week's information security news. 14 December 2009
A Romanian hacker has exposed security flaws in the Pentagon’s public website that have remained unfixed despite warnings of their existence at least nine months ago. 11 December 2009
Microsoft’s last Patch Tuesday of the year saw the release of fixes for five flaws in its Internet Explorer browser, including a critical zero-day security vulnerability that was first publicly disclosed three weeks ago. 11 December 2009
The hacker accused of helping to perpetrate the largest credit card theft in US history has agreed to plead guilty as part of a plea bargaining deal with federal prosecutors. 11 December 2009
The Senate Select Committee on Intelligence has set up a bi-partisan taskforce on cybersecurity to evaluate potential online threats and provide recommendations for action to the US intelligence community. 10 December 2009
Financial institutions are subjected to an average of 16 phishing attacks per week, costing them between $2.4 and $9.4 million in losses each year. 10 December 2009
A huge 81% of organizations that are subject to the Payment Card Industry’s Data Security Standard (PCI DSS) were found to be non-compliant prior to a data breach, according to a new study. 10 December 2009
A hacker who found a flaw in the SSL protocol last year has launched a new project that cracks wireless network passwords using a cloud based computing service. 08 December 2009
Market stimulus, not regulation, is the key to enhancing cybersecurity at a national level, according to a report issued by a cybersecurity advocacy group last week. 08 December 2009
Facebook is trying to quash concerns over the privacy and safety of its online users, by pulling together several advocacy groups to form a safety advisory board. 08 December 2009
The issue of data leaks have been in the news constantly these last 12 months, with a litany of companies hit by publicly embarrassing leaks, losses and thefts. 07 December 2009
Infosecurity magazine reviews the past week`s information security news. 07 December 2009
Adobe has announced that it will be issuing a critical update for its Flash and Air products tomorrow - but isn't telling us what the vulnerabilities are. 07 December 2009
Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing. 07 December 2009
Malware has rebounded to become the biggest cause of data loss in organizations, according to a report from the Computer Security Institute (CSI). Malware infections far exceed the next most common cause - laptop and mobile hardware theft - said the 2009 CSI Computer Crime and Security Survey. 04 December 2009
Online criminals are stepping up their campaign to infectInternet users with the Zeus trojan, according to new research published by Atlanta-based managed security firm SecureWorks. Email campaigns in particular are on the rise, the company has said. 04 December 2009
The Cameroon '.CM' domain tops the list of the riskiest top-level domains in terms of cybersecurity, according to a report from McAfee. 04 December 2009
The federal government is tightening up hiring policies for cybersecurity professionals by launching cybersecurity competency models for its employees. 02 December 2009
URL shortening service Bit.ly has announced that it will be using three new services to help secure its service from spam and malware. 02 December 2009
The inevitable H1N1 flu trojan attacks have started. Yesterday, McAfee detected a new H1N1-related spam campaign, spoofing emails from the Center for Disease Control (CDC) and asking victims to fill out a 'vaccination profile' as part of a state-wide flu vaccination program. 02 December 2009
Anti-malware firm Prevx has apologized to Microsoft after admitting that the 'black screen of death' - a condition that renders Windows unusable after bootup - was not caused by faulty system patches after all. 02 December 2009
Boulder, Colorado-based web security firm Webroot has expanded its range of cloud based security services with a software as a service (Saas) based email archiving offering. 02 December 2009
Infosecurity reports on the past week's news 01 December 2009
IBM has acquired Guardium, a company that sells enterprise database monitoring and security software. The acquisition gives IBM a software product that helps automate security compliance tasks, the companies said. 01 December 2009
The newly-created 24 U.S. Air Force is about to bring limited aspects of its cybersecurity command operations center online. 30 November 2009
Romanian fraudster Tibenu Szebeni has been given 27 months in prison and made to pay back $52 000 in ill-gotten gains after being convicted of ATM skimming. 30 November 2009
Botnet machines are being used as password crackers, according to data released by Microsoft on Friday. 30 November 2009
Microsoft has published an article describing a new tool that it hopes will thwart memory-based heap-spraying attacks on software. 26 November 2009
Allot Communications has launched WebSafe, a web filtering service targeting broadband service providers to help protect against illegal content such as child pornography. 26 November 2009
Symantec's Japanese support website has been hacked using an SQL injection attack, the company confirmed yesterday. 25 November 2009
Spam king Alan Ralsky was sentenced to four years in jail this week, for pump-and-dump stock spamming. Nine other spammers were also sent to jail for the same crime. 25 November 2009
Better economic conditions mean that spammers are once again advertising third party products and services, rather than mounting spam campaigns attempting to garner business for themselves, a new report from Kaspersky said this week. 25 November 2009
Economically challenged employees are likely to abandon their ethics in pursuit of new jobs by stealing corporate data, according to a survey from security firm Cyber-Ark. 24 November 2009
A third piece of iPhone malware has appeared, pushing the envelope further than ever before by creating a botnet of infected devices and acting as a banking trojan. 24 November 2009
China is waging a long-term sustained information warfare campaign against the US, according to a report by the US-China Economic and Security Review Commission (USCC). 24 November 2009
Mobile working and online collaboration are two of the most threatening trends when it comes to information security in the federal government, according to a report released by the Ponemon Institute. 23 November 2009
The Canadian government is collecting more personal financial information on citizens than the law allows, according to the country's federal Privacy Commissioner. 23 November 2009
Infosecurity US rounds up the last week's information security news. 23 November 2009
Medical insurance firm Health Net is under investigation by at least two Attorney Generals, following a data loss that has exposed up to 1.5 million customer records 23 November 2009
Imation has announced what it says is the world's first wireless USB external hard drive. 20 November 2009
Another round of SEO attacks has been discovered targeting Google. Criminals are crafting custom rogue blogs designed to target the 'long tail' of obscure Google searches to avoid having to compete with more popular searches in Google results, according to cyber intelligence company Cyveillance. 20 November 2009
A smart electricity grid could lead to some stupid privacy decisions, according to a report issued by the Information and Privacy Commissioner of Ontario, Canada. 19 November 2009
Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment. 19 November 2009
The Gumblar botnet has moved into overdrive, changing its operating model to dramatically increase its infection rates, according to the latest monthly threat report from ScanSafe. 19 November 2009
Lockheed Martin has formed an information security alliance with a collection of technology providers that will focus on self-healing systems to help solve information security problems. 18 November 2009
Nations are secretly stockpiling tools and techniques in preparation for sophisticated cyberwarfare against each other, McAfee said in its annual Virtual Criminology report yesterday. 18 November 2009
Los Alamos National Laboratory has spent $45 million on information security for its classified computer network in the past eight years, but it is still inadequate, according to a report from the Government Accountability Office. 18 November 2009
Seven in every 10 network IPS products never attain security certification because they are inadequate, according to a damning report from ICSA Labs, a division of Verizon business. 17 November 2009
Unified threat management firm Astaro is offering a free version of its UTM product, focusing on firewall functions and targeting SMBs. 17 November 2009
Microsoft has discovered a zero-day denial of service vulnerability in the server message block (SMB) protocol used in Windows 7. 17 November 2009
Sophos has warned internet users against buying Tamiflu online, the drug designed to help stop people getting infected by the H1N1 virus also known as the swine flu. 17 November 2009
Poorly configured cable and DSL modems are leaving the internet open to distributed denial of service (DDoS) attacks based on rogue DNS queries, according to research to be released this week by Infoblox. 17 November 2009
Infosecurity rounds up this week's information security news. 16 November 2009
Microsoft has announced guidance for applying secure programming techniques for agile software developers. The company rolled out new guidelines that will enable agile software developers to apply its Security Development Lifecycle (SDL) guidelines. 13 November 2009
Security and PCI compliance tools vendor Trustwave has launched an Incident Readiness Service to prepare and help protect organizations from security incidents, and help test incident response plans. 13 November 2009
Spam sent by the Mega-D botnet has almost entirely disappeared, after US-based anti-malware appliance firm FireEye took it down. 13 November 2009
InDorse Technologies has released a software program that embeds policy information directly within its watermarking designed to protect image data. The watermarking product, called InDorse Image Assurance (InDIA), is designed to prevent the distribution of pirated photos and video gaming images to unauthorized personnel. 12 November 2009
Just days after an iPhone worm was discovered in the wild, Mac security firm Intego has discovered a hacker tool targeting the iPhone that exploits the same vulnerability. 12 November 2009
Only half of the federal government's agencies feel that they have an adequate security budget, according to a report released this week. And yet, cybersecurity incidents are on the rise. 12 November 2009
Facebook hit back at a grassroots digital privacy group this week, after it criticized the social media giant's handling of its Groups functionality. Control Your Info, a group hoping to highlight information privacy flaws in social media applications, revealed that it is possible for anyone to take over ownership of a Facebook group that has no administrators. 11 November 2009
Unisys has announced a locally-hosted version of its secure cloud computing system, along with updates to its existing managed public cloud offering. 11 November 2009
Phishers are gearing up for the Christmas holiday season, according to the latest report from Symantec. Phishing attacks were up 17% in October compared to the previous month, and phishers continue to automate their attacks by increasingly resourcing to phishing toolkits. 11 November 2009
Botnet controllers have been using cloud based systems such as the Google cloud platform as command and control nodes for infected PCs, said a researcher at Arbor Networks. 10 November 2009
Spam king Sanford Wallace has been ordered to pay US$710.7 million to social networking company Facebook following a federal court case. Wallace is said to have compromised Facebook accounts using phishing emails, and used them to send spam to other members. 09 November 2009
Breaches, Certifications, Charges, Vulnerabilities, and Acquisitions. Infosecurity sums up the past week's news. 09 November 2009
The Department of Defense has updated its guidance on open source software for the first time since 2003. 08 November 2009
The closure of the popular Pirate Bay torrent tracking service earlier this year created a flood of alternative illegal file sharing sites and malware distribution hubs, according to a report released by McAfee. 08 November 2009
A physical pandemic such as the swine flu (H1N1) could swamp internet service providers serving residential users, according to a report from the Government Accountability Office – and the Department Of Homeland Security doesn't have a plan to deal with it. 07 November 2009
UK UFO hacker Gary McKinnon has been thrown a lifeline by UK home Secretary Alan Johnson following the production of medical evidence which suggests that his health could be at risk if extradited. 07 November 2009
The FBI has slammed poor security in financial institutions, after identifying a drastic rise in money being stolen from small to medium-sized businesses via spearphishing emails, it said in an intelligence note early this week. 06 November 2009
Anti-virus companies are failing to get the joke after the release of a free arcade game for the Mac that deletes the users' files during play. Lose/Lose warns 'victims' that it is about to delete files on their hard drives before they begin playing, and it keeps its word. 06 November 2009
Network worms are on the rise again thanks to poor IT management in the enterprise, according to the latest Security Intelligence Report (SIR) from Microsoft. Dramatic successes among worms in enterprises have caused this category of malware to move from fifth place to second place worldwide. 06 November 2009
Spammers, breaches, cloud concerns, and government moves make this week's headlines in our infosecurity weekly brief. 02 November 2009
The US has officially opened a state-of-the-art unified command center for government cybersecurity in Arlington, Virginia. 02 November 2009
Windows 7 owners are having problems installing their new operating system, especially over Vista, according to comments on Microsoft's support site. 02 November 2009
Twitter is failing to block malicious websites that are being posted to it via URL shortening services, according to researchers from Kaspersky, who have applied their own back-end service to help solve the problem. 30 October 2009
Tipping Point unveiled its latest intrusion prevention system this week, featuring an updated software / hardware combo that the company said is better at handling many tasks at once. 29 October 2009
A prominent strategic think tank published a report downplaying the potential for conflict in cyberspace, adding to influential voices that question the role of cyberwarfare. 28 October 2009
The director of the FBI and the man charged with protecting the US from cyberthreats, Rober Mueller, has given up online banking after a phishing scare. 28 October 2009
Information security: Breaches, walls, charges, tools, and deals. 26 October 2009
A US court has sentenced a man to three years in jail for selling more than $1m worth of pirated software on eBay. 26 October 2009
The US Federal Bureau of Investigation (FBI) and the UK Serious Organised Crime Agency (Soca) have called for greater collaboration with the IT security industry in fighting cybercrime. 26 October 2009
Rapid7, the vulnerability management security specialist, has acquired Metasploit, the ongoing open source security project that developed the Metasploit Framework. The move is billed as allowing Rapid7 to enhance its penetration testing technologies. 21 October 2009
Research just published by Symantec claims to show that users are increasingly being fooled into installing fake anti-virus software - aka scamware - onto their machines. 20 October 2009
A least-privilege security model has its merits, but it can be challenging to implement in for example Linux and UNIX environments where administrators often share passwords to root- or other superuser accounts. Find out how to implement least-privilege security management for Linux and UNIX for free on October 27 at 10am Pacific Time. 19 October 2009
More than 1.5 million Windows users downloaded Microsoft's free anti-virus and anti-malware tool, Security Essentials in the week after it was released, the software firm has claimed. 19 October 2009
Google is to expand a mass-market advertising campaign for its cloud-based office software services beyond the US today. 19 October 2009
US$4000 lost in Facebook scam; Michigan's airport website closed due to malware; the first Windows 7 security patches appear; and more. We report on the IT security news... 19 October 2009
Reports are coming in that the source code of the Wal-Mart highly customized point-of-sale (EPOS) computer system - used in almost 900 of its stores across the US - has been hacked. 16 October 2009
T-Mobile has reportedly been hit by two class action lawsuits alleging that the cellular carrier misled consumers into believing that their data was secure after data was lost in the cloud 16 October 2009
The Department of Homeland Security is putting its websites at risk by failing to patch software and conduct regular security assessments, according to a report from the inspector general, Richard Skinner. 14 October 2009
The third quarter security trends report from Commtouch and its security alliance partners suggests that phishing is now on the decline, after peaking in the summer. 14 October 2009
In a session titled ‘Enhancing payment security in 2010’, Robert O. Carr, Chairman and CEO or Heartland Payment Systems - the subject of potentially the world’s biggest data security breach earlier this year - declared that the model used by quality security assessors (QSA) is “broken”. 14 October 2009
Trends, Tussles, Tools, and Attacks: We round up the last week's information security news. 13 October 2009
US communication authorities are investigating allegations by telecoms group AT&T that Google has an unfair advantage because Google Voice is not covered by federal rules that govern phone service providers. 12 October 2009
Police and FBI agents yesterday charged nearly 100 people in the US and Egypt as part of Operation Phish Phry, one the largest cyber fraud phishing cases to date. 12 October 2009
Comcast is piloting a service that will notify customers that have been infected with malware, the company said this week. 09 October 2009
Adobe is warning that a critical security vulnerability in its Adobe Reader and Acrobat programs are being exploited in the wild. 09 October 2009
Research revealed by eSoft, the web content filtering company, suggests there has a been a "startling increase" in compromised sports websites, including Fox Sports, the popular sports portal operated by Fox News. 08 October 2009