http://www.infosecurity-us.com/ Copyright Elsevier Ltd Intuitiv Ltd (www.intuitiv.net) Fri, 30 Jul 2010 10:40:43 GMT http://www.infosecurity-us.com/ http://www.infosecurity-us.com/_common/img/template/infosec-us/site-logo.gif http://www.infosecurity-us.com/view/11361/black-hat-general-michael-hayden-unsurprised-at-cyber-warfare-/ In his keynote at Black Hat, 29th July 2010, retired General Michael Hayden, who served as director of the CIA and deputy director of National Intelligence, says cyber warfare was inevitable considering the internet has not been built with defense in mind. Fri, 30 Jul 2010 02:18:00 GMT http://www.infosecurity-us.com/view/11361/black-hat-general-michael-hayden-unsurprised-at-cyber-warfare-/ http://www.infosecurity-us.com/view/11360/black-hat-google-knows-more-about-citizens-than-kim-jonil/ In his thought-provoking session, entitled ‘Changing threats to privacy: From TIA to Google’, Maxie Marlinspike, researcher with the Institute for Disruptive Studies, declared that surveillance is at an all-time high, and privacy is at an all-time low. Fri, 30 Jul 2010 00:00:00 GMT http://www.infosecurity-us.com/view/11360/black-hat-google-knows-more-about-citizens-than-kim-jonil/ http://www.infosecurity-us.com/view/11359/black-hat-sixty-percent-of-information-security-professionals-believe-theyre-underpaid/ In a session entitled ‘How to manage your infosec career’ at the Black Hat conference in Las Vegas, 29th July 2010, Lee Kushner, president of L.J.Kushner & Associates, executive recruitment, and Mike Murray, managing partner, Mad Security, shared with the audience their advice on how to effectively manage a career in information security. Thu, 29 Jul 2010 23:40:00 GMT http://www.infosecurity-us.com/view/11359/black-hat-sixty-percent-of-information-security-professionals-believe-theyre-underpaid/ http://www.infosecurity-us.com/view/11353/isf-shares-its-security-risk-predictions/ Rather than consulting a crystal ball, the Information Security Forum (ISF) looked to experts in the field – including those from its member organizations – to develop a set of security risk predictions for 2012 and beyond. Thu, 29 Jul 2010 20:00:00 GMT http://www.infosecurity-us.com/view/11353/isf-shares-its-security-risk-predictions/ http://www.infosecurity-us.com/view/11350/blackberry-faces-ban-in-india/ Research In Motion's (RIM) BlackBerry service may be banned in India if the company does not resolve government concerns over security. Thu, 29 Jul 2010 17:41:00 GMT http://www.infosecurity-us.com/view/11350/blackberry-faces-ban-in-india/ http://www.infosecurity-us.com/view/11348/csa-launches-security-certification-for-cloud-computing/ The Cloud Security Alliance (CSA) has unveiled the industry's first user certification program for secure cloud computing. Thu, 29 Jul 2010 17:25:00 GMT http://www.infosecurity-us.com/view/11348/csa-launches-security-certification-for-cloud-computing/ http://www.infosecurity-us.com/view/11343/facebook-hack-releases-100-million-user-details-onto-filesharing-sites/ A privacy storm is brewing following the collation and publication on filesharing services of the details of around 100 million Facebook users by a security researcher. Thu, 29 Jul 2010 16:14:00 GMT http://www.infosecurity-us.com/view/11343/facebook-hack-releases-100-million-user-details-onto-filesharing-sites/ http://www.infosecurity-us.com/view/11323/black-hat-2010-microsoft-and-adobe-collaborate-to-share-vulnerability-information/ At Black Hat Las Vegas, 28th July 2010, Microsoft announced that it will extend its Microsoft Active Protections Program (MAPP) to include vulnerability information sharing from Adobe Systems. Wed, 28 Jul 2010 21:12:00 GMT http://www.infosecurity-us.com/view/11323/black-hat-2010-microsoft-and-adobe-collaborate-to-share-vulnerability-information/ http://www.infosecurity-us.com/view/11322/juniper-networks-purchases-smobile/ In an attempt to fortify its mobile security portfolio, Juniper Networks announced it has acquired SMobile, a specialist in the field. Wed, 28 Jul 2010 20:36:00 GMT http://www.infosecurity-us.com/view/11322/juniper-networks-purchases-smobile/ http://www.infosecurity-us.com/view/11321/black-hat-2010-cybersecurity-is-top-priority-for-homeland-security/ The thirteenth Black Hat conference kicked off in Las Vegas this morning with a keynote from Deputy Secretary Jane Holl Lute. Wed, 28 Jul 2010 20:17:00 GMT http://www.infosecurity-us.com/view/11321/black-hat-2010-cybersecurity-is-top-priority-for-homeland-security/ http://www.infosecurity-us.com/view/11320/suspected-mariposa-botnet-author-arrested-/ A 23-year-old Slovenian man – thought to be the author and creator of the infamous Mariposa (butterfly) botnet – has been arrested by Slovenian police, working in concert with their colleagues from Spain and a team from the FBI. Wed, 28 Jul 2010 20:11:00 GMT http://www.infosecurity-us.com/view/11320/suspected-mariposa-botnet-author-arrested-/ http://www.infosecurity-us.com/view/11317/secret-service-shows-business-how-to-fight-cyberthreats/ Business needs to be more proactive in its approach to security in the face of increased insider threats and customized malware, says Verizon Business. Wed, 28 Jul 2010 17:22:00 GMT http://www.infosecurity-us.com/view/11317/secret-service-shows-business-how-to-fight-cyberthreats/ http://www.infosecurity-us.com/view/11315/commerce-secretary-looks-to-improve-cybersecurity-in-commercial-sector/ Speaking at a cybersecurity symposium in Washington yesterday, US Commerce Secretary Gary Locke called on commercial, academic and public sector interests to submit their ideas on mitigating cyber threats in the commercial sphere, without stifling innovation in the internet economy. Wed, 28 Jul 2010 16:41:00 GMT http://www.infosecurity-us.com/view/11315/commerce-secretary-looks-to-improve-cybersecurity-in-commercial-sector/ http://www.infosecurity-us.com/view/11314/trusteer-adds-malware-removal-utility-to-rapport-browser-addin/ If you use e-banking with HSBC, NatWest, RBS, Santander and a growing number of other European and US banks, chances are you'll have been asked to download and install a free copy of Trusteer's Rapport security add-in to your browser. Wed, 28 Jul 2010 15:47:00 GMT http://www.infosecurity-us.com/view/11314/trusteer-adds-malware-removal-utility-to-rapport-browser-addin/ http://www.infosecurity-us.com/view/11292/cyber-crimes-cost-organizations-38-million-per-year/ A recent study conducted by the Ponemon Institute reveals that, on average, cyber crime costs organizations in the US about $3.8 million per year. Tue, 27 Jul 2010 21:36:00 GMT http://www.infosecurity-us.com/view/11292/cyber-crimes-cost-organizations-38-million-per-year/ http://www.infosecurity-us.com/view/11283/citi-issues-warning-about-iphone-app-security-flaw/ Citigroup is advising US-based users of its free iPhone banking app to upgrade to a newer version that addresses coding-based security flaws. Tue, 27 Jul 2010 17:25:00 GMT http://www.infosecurity-us.com/view/11283/citi-issues-warning-about-iphone-app-security-flaw/ http://www.infosecurity-us.com/view/11281/iphone-jailbreaking-not-illegal-says-government/ The US Copyright Office has given iPhone users the go-ahead to bypass electronic protection on Apple's iPhones to enable them to use any wireless service provider, not just Apple partners. Tue, 27 Jul 2010 16:59:00 GMT http://www.infosecurity-us.com/view/11281/iphone-jailbreaking-not-illegal-says-government/ http://www.infosecurity-us.com/view/11278/cybercriminals-tap-online-automated-services-to-check-fraud-effectiveness/ The increasing automation of online frauds has been extended into the field of fraud effectiveness checks, as virus authors and botmasters are said to be using automated tools to verify the effectiveness of their fraudulent activities. Tue, 27 Jul 2010 16:00:00 GMT http://www.infosecurity-us.com/view/11278/cybercriminals-tap-online-automated-services-to-check-fraud-effectiveness/ http://www.infosecurity-us.com/view/11238/blackberry-poses-security-threat-says-uae/ The United Arab Emirates (UAE) government has said the Blackberry smartphone is open to misuse and poses a security risk. Mon, 26 Jul 2010 17:32:00 GMT http://www.infosecurity-us.com/view/11238/blackberry-poses-security-threat-says-uae/ http://www.infosecurity-us.com/view/11235/rustock-spambot-continues-to-ride-high/ Research just published claims to show that, after six months generating vast quantities of spam, the Rustock spambot shows no signs of fading away. Mon, 26 Jul 2010 17:19:00 GMT http://www.infosecurity-us.com/view/11235/rustock-spambot-continues-to-ride-high/ http://www.infosecurity-us.com/view/11215/free-pci-dss-governance-webinar-on-tuesday-/ PCI DSS is rapidly becoming a hot topic on company boardroom agendas as the card security audit and governance rules are continuing to evolve, with a new set of standards - PCI DSS 2.0 - expected later this year. Mon, 26 Jul 2010 11:25:00 GMT http://www.infosecurity-us.com/view/11215/free-pci-dss-governance-webinar-on-tuesday-/ http://www.infosecurity-us.com/view/11206/researcher-discovers-wpa2-security-vulnerability/ A senior wireless security researcher at AirTight Networks has uncovered a hack for encrypted wireless networks that does not require an encryption key, one the vendor calls a documented yet little know vulnerability for WPA2. Mon, 26 Jul 2010 06:00:00 GMT http://www.infosecurity-us.com/view/11206/researcher-discovers-wpa2-security-vulnerability/ http://www.infosecurity-us.com/view/11203/google-microsoft-seek-new-approaches-to-security-disclosure/ The back and forth between Google and Microsoft over security vulnerability disclosure has Google calling for a 60-day time frame to patch bugs, while Microsoft has shifted its focus by unveiling what it calls a ‘coordinated vulnerability disclosure’ process. Fri, 23 Jul 2010 16:53:00 GMT http://www.infosecurity-us.com/view/11203/google-microsoft-seek-new-approaches-to-security-disclosure/ http://www.infosecurity-us.com/view/11201/pc-demand-pushes-microsoft-to-record-sales/ Microsoft produced record fourth quarter sales of $16.04bn, 22% up on the same quarter 2009, as demand for PCs running its new operating system, Windows 7, improved worldwide. Fri, 23 Jul 2010 16:20:00 GMT http://www.infosecurity-us.com/view/11201/pc-demand-pushes-microsoft-to-record-sales/ http://www.infosecurity-us.com/view/11197/security-doubts-are-holding-back-mass-cloud-adoption/ Research from a supplier of cloud-based email security systems claims to show that, while a majority (51%) of US and UK IT departments are using cloud technology, there are still doubts about the technology and its security. Fri, 23 Jul 2010 15:43:00 GMT http://www.infosecurity-us.com/view/11197/security-doubts-are-holding-back-mass-cloud-adoption/ http://www.infosecurity-us.com/view/11179/ibm-discusses-its-security-strategy/ It has been a busy acquisition season in the security sector thus far, with few companies being more active in this sphere than IBM. Members of the IBM security team spoke with Infosecurity about their views on the future of security and the firm’s strategy going forward. Thu, 22 Jul 2010 22:53:00 GMT http://www.infosecurity-us.com/view/11179/ibm-discusses-its-security-strategy/ http://www.infosecurity-us.com/view/11177/south-shore-hospital-data-breach-may-affect-up-to-800000-contractor-named/ Earlier this week, Massachusetts-based South Shore Hospital informed patients, employees, and others affiliated with the institution that personal information may have been exposed when it contracted a data management firm to dispose of outdated files. Now comes news that the company South Shore used was Archive Data Solutions, according to publicly filed records from the Department of Health and Human Services. Thu, 22 Jul 2010 19:00:00 GMT http://www.infosecurity-us.com/view/11177/south-shore-hospital-data-breach-may-affect-up-to-800000-contractor-named/ http://www.infosecurity-us.com/view/11169/mcafee-announces-security-tools-for-apple-macs/ Security firm McAfee has released two security products for Apple Macs. Thu, 22 Jul 2010 15:30:00 GMT http://www.infosecurity-us.com/view/11169/mcafee-announces-security-tools-for-apple-macs/ http://www.infosecurity-us.com/view/11167/half-a-billion-people-sign-up-to-facebook-despite-privacy-risk/ Despite the privacy concerns raised by civil rights groups around the world, almost one in 12 people on the planet is signed up to social networking site Facebook. Thu, 22 Jul 2010 15:21:00 GMT http://www.infosecurity-us.com/view/11167/half-a-billion-people-sign-up-to-facebook-despite-privacy-risk/ http://www.infosecurity-us.com/view/11165/dell-poweredge-servers-shipping-with-onboard-malware-/ It seems that Dell is giving some users of its PowerEdge 410 servers an unwanted value-add in the shape of malware that comes pre-installed on the system motherboard. Thu, 22 Jul 2010 15:00:00 GMT http://www.infosecurity-us.com/view/11165/dell-poweredge-servers-shipping-with-onboard-malware-/ http://www.infosecurity-us.com/view/11163/windows-zeroday-flaw-places-scada-systems-in-peril/ Research carried out by Sophos claims to show that the zero-day flaw identified by a number of security vendors late last week is being exploited by a new variant of the Stuxnet malware. Thu, 22 Jul 2010 14:40:00 GMT http://www.infosecurity-us.com/view/11163/windows-zeroday-flaw-places-scada-systems-in-peril/ http://www.infosecurity-us.com/view/11133/smartphone-app-security-issues-being-overlooked-by-companies/ Reports in the press recently, citing facts that smartphones can be plundered by cybercrminals for their data, have been confirmed by the chief technology officer of Veracode, who claims that application software (apps) are often being overlooked when it comes to testing the security of smartphones in the business environment. Wed, 21 Jul 2010 17:00:00 GMT http://www.infosecurity-us.com/view/11133/smartphone-app-security-issues-being-overlooked-by-companies/ http://www.infosecurity-us.com/view/11131/gary-mckinnons-case-discussed-by-the-prime-minister-at-the-white-house/ A large glimmer of hope has appeared on the horizon in the long running saga of Gary McKinnon – the so-called UFO hacker who has been on the cusp of being extradited to the United States to answer a number of serious hacking charges – as his case has reportedly been discussed in a meeting between UK Prime Minister David Cameron and President Obama. Wed, 21 Jul 2010 16:32:00 GMT http://www.infosecurity-us.com/view/11131/gary-mckinnons-case-discussed-by-the-prime-minister-at-the-white-house/ http://www.infosecurity-us.com/view/11128/increasingly-sophisticated-card-fraudsters-hitting-gas-pump-users/ It seems that card skimmers – fraudsters who modify ATMs and retail EFTPOS terminals to record data from shopper's cards – are starting to migrate their fraudulent activities over to the humble gas station, as reports suggest that drivers in Denver are falling victim to card fraud when they gas their cars up. Wed, 21 Jul 2010 15:45:00 GMT http://www.infosecurity-us.com/view/11128/increasingly-sophisticated-card-fraudsters-hitting-gas-pump-users/ http://www.infosecurity-us.com/view/11114/adobe-to-introduce-pdf-reader-with-sandboxing-security-feature/ Today Adobe announced a new security feature to the next major release of its popular Reader software the takes advantage of sandboxing technology, whereby the company hopes to implement another security hurdle for malicious-minded attackers. Tue, 20 Jul 2010 19:12:00 GMT http://www.infosecurity-us.com/view/11114/adobe-to-introduce-pdf-reader-with-sandboxing-security-feature/ http://www.infosecurity-us.com/view/11112/google-postini-team-highlights-increase-in-email-javascript-attacks/ Research complied through the Google Postini email security and archiving service shows that obfuscated JavaScript attacks have surged as of late, prompting the team to take steps that identify and filter out this type of spam. Tue, 20 Jul 2010 16:50:00 GMT http://www.infosecurity-us.com/view/11112/google-postini-team-highlights-increase-in-email-javascript-attacks/ http://www.infosecurity-us.com/view/11111/us-tops-the-spam-origination-charts/ Spam origination research just released claims that the US hit the top slot in the second quarter of 2010, and the UK rose to number four – from number nine in the last quarter. Tue, 20 Jul 2010 16:40:00 GMT http://www.infosecurity-us.com/view/11111/us-tops-the-spam-origination-charts/ http://www.infosecurity-us.com/view/11110/apple-share-price-unscathed-by-iphone-debacle/ Apple shares have held their price despite the alleged design fault in the iPhone 4 launched on June 24. Tue, 20 Jul 2010 15:00:00 GMT http://www.infosecurity-us.com/view/11110/apple-share-price-unscathed-by-iphone-debacle/ http://www.infosecurity-us.com/view/11082/free-web-browser-and-plugin-security-service-launched/ Cloud security specialist Qualys has launched an interactive and online web browser checking service. Known as BrowserCheck, the service has been in development for almost 18 months and under active beta test internally for some three months, Wolfgang Kandek, Qualys' chief technology officer told Infosecurity. Mon, 19 Jul 2010 19:30:00 GMT http://www.infosecurity-us.com/view/11082/free-web-browser-and-plugin-security-service-launched/ http://www.infosecurity-us.com/view/11079/cybersecurity-skills-shortage-leaves-us-military-systems-at-risk/ US industry, government and military computer systems are at risk of attack, analysts warn. Mon, 19 Jul 2010 17:55:00 GMT http://www.infosecurity-us.com/view/11079/cybersecurity-skills-shortage-leaves-us-military-systems-at-risk/ http://www.infosecurity-us.com/view/11071/mozilla-increases-reward-for-security-bugs/ Mozilla – the organization responsible for the open-source Firefox web browser – has upped the ante for the discovery of security bugs, as it will begin paying security researchers $3000 for each reported flaw with its products. Mon, 19 Jul 2010 15:18:00 GMT http://www.infosecurity-us.com/view/11071/mozilla-increases-reward-for-security-bugs/ http://www.infosecurity-us.com/view/11050/free-infosecurity-webinar-on-tuesday-explains-why-you-should-be-archiving-web-20-communications/ Almost all organizations now archive their email in order to meet state and federal regulatory requirements, but what about Skype, Twitter, Facebook and all those other useful Web 2.0 interactions? Mon, 19 Jul 2010 10:39:00 GMT http://www.infosecurity-us.com/view/11050/free-infosecurity-webinar-on-tuesday-explains-why-you-should-be-archiving-web-20-communications/ http://www.infosecurity-us.com/view/11035/it-firms-positive-on-nearterm-business-conditions/ Results of the most recent CompTIA Business Confidence Index show that IT companies profess tempered optimism when it comes to business conditions for the second half of 2010. Fri, 16 Jul 2010 16:00:00 GMT http://www.infosecurity-us.com/view/11035/it-firms-positive-on-nearterm-business-conditions/ http://www.infosecurity-us.com/view/11034/blocking-access-to-web-20-in-workplace-not-viable-/ Work usage of Web 2.0 services has soared in recent years, but many businesses block access to Web 2.0 sites in the work environment on the basis that these services pose too much of a security risk. Fri, 16 Jul 2010 15:55:00 GMT http://www.infosecurity-us.com/view/11034/blocking-access-to-web-20-in-workplace-not-viable-/ http://www.infosecurity-us.com/view/11033/apple-unlikely-to-recall-iphone-4-say-analysts/ Apple's announcement of a news conference in New York today has sparked speculation as to how the company plans to deal with a design flaw that is causing reception problems with the iPhone 4. Fri, 16 Jul 2010 15:42:00 GMT http://www.infosecurity-us.com/view/11033/apple-unlikely-to-recall-iphone-4-say-analysts/ http://www.infosecurity-us.com/view/11005/cybercriminals-combine-java-and-flash-to-thwart-security/ The latest report from M86 Security, a company specializing in real-time web and e-mail threat protection, has found hackers are using multiple attacks to get around IT security. Thu, 15 Jul 2010 18:13:00 GMT http://www.infosecurity-us.com/view/11005/cybercriminals-combine-java-and-flash-to-thwart-security/ http://www.infosecurity-us.com/view/11004/new-zeroday-flaw-hitting-windows-users/ Hard on the heels of a raft of WinXP patches and updates on Tuesday of this week, it seems that a nasty USB-based zero-day flaw is hitting users of the popular operating system. Thu, 15 Jul 2010 18:00:00 GMT http://www.infosecurity-us.com/view/11004/new-zeroday-flaw-hitting-windows-users/ http://www.infosecurity-us.com/view/11003/internet-security-takes-a-leap-forward/ Internet security took a giant leap forward on Wednesday with the global roll-out of technology aimed at making the public network safer for all users without affecting performance. Thu, 15 Jul 2010 17:52:00 GMT http://www.infosecurity-us.com/view/11003/internet-security-takes-a-leap-forward/ http://www.infosecurity-us.com/view/10977/scam-targets-visa-mastercard-online-verification-services/ Trusteer recently warned that the Zeus (Zbot) financial malware is targeting online banking customers of 15 leading US financial institutions by exploiting two trusted credit card security programs – Verified by Visa and MasterCard SecureCode. Wed, 14 Jul 2010 20:54:00 GMT http://www.infosecurity-us.com/view/10977/scam-targets-visa-mastercard-online-verification-services/ http://www.infosecurity-us.com/view/10976/amazon-and-apple-itunes-credibility-tapped-by-hackers-spreading-new-back-door-trojan/ Researchers from Symantec claim to have seen a back door trojan, Trojan.Sasfis, which is being actively promoted under headings such as Amazon_Tracking_Number and iTunes_certificate. Wed, 14 Jul 2010 18:48:00 GMT http://www.infosecurity-us.com/view/10976/amazon-and-apple-itunes-credibility-tapped-by-hackers-spreading-new-back-door-trojan/ http://www.infosecurity-us.com/view/10974/trend-micro-reports-global-rise-in-social-networking-at-work/ A survey of workers in the US, UK, Germany and Japan has revealed that almost a quarter of employees surveyed now visit social networking sites whilst on the corporate IT network. Wed, 14 Jul 2010 18:00:00 GMT http://www.infosecurity-us.com/view/10974/trend-micro-reports-global-rise-in-social-networking-at-work/ http://www.infosecurity-us.com/view/10936/gfi-software-scoops-up-sunbelt/ Cary, N.C.-based firm GFI Software has acquired Sunbelt Software and, primarily, its VIPRE endpoint malware protection product. Tue, 13 Jul 2010 19:57:00 GMT http://www.infosecurity-us.com/view/10936/gfi-software-scoops-up-sunbelt/ http://www.infosecurity-us.com/view/10935/a-more-secure-blackberry-theres-an-app-for-that/ Users of the BlackBerry smartphone will no longer have to stare enviously at the security apps for Android handsets and Apple iPhones, as RIM has developed a native security app for its popular business smartphone. Tue, 13 Jul 2010 19:00:00 GMT http://www.infosecurity-us.com/view/10935/a-more-secure-blackberry-theres-an-app-for-that/ http://www.infosecurity-us.com/view/10934/microsoft-shares-source-code-with-russian-government/ Microsoft has signed an agreement with Russia to share the source code of multiple products, according to US reports. Tue, 13 Jul 2010 18:58:00 GMT http://www.infosecurity-us.com/view/10934/microsoft-shares-source-code-with-russian-government/ http://www.infosecurity-us.com/view/10933/google-tool-lets-anyone-develop-apps-for-android/ Google has announced a web-based visual software development tool to make it easy to create applications for mobile devices running the Android operating system. Tue, 13 Jul 2010 18:47:00 GMT http://www.infosecurity-us.com/view/10933/google-tool-lets-anyone-develop-apps-for-android/ http://www.infosecurity-us.com/view/10923/microsofts-july-patch-tuesday-to-fix-zeroday-vulnerabilities/ Microsoft's monthly Patch Tuesday security update due for release on July 13 is small, with only four bulletins Tue, 13 Jul 2010 15:39:00 GMT http://www.infosecurity-us.com/view/10923/microsofts-july-patch-tuesday-to-fix-zeroday-vulnerabilities/ http://www.infosecurity-us.com/view/10918/china-gives-google-green-light-in-license-renewal/ A Chinese government official has confirmed that Google has been granted its license renewal to operate in China. Tue, 13 Jul 2010 13:42:00 GMT http://www.infosecurity-us.com/view/10918/china-gives-google-green-light-in-license-renewal/ http://www.infosecurity-us.com/view/10893/itunes-hack-could-affect-thousands-say-experts/ The 400 iTunes accounts Apple admitted were hacked by a rogue developer to boost his ratings may be just the tip of the iceberg, say experts. Mon, 12 Jul 2010 22:10:00 GMT http://www.infosecurity-us.com/view/10893/itunes-hack-could-affect-thousands-say-experts/ http://www.infosecurity-us.com/view/10892/new-phishing-attack-disguised-as-a-pdf-reader-update/ Malicious e-mail attacks that look like PDF reader updates have been increasing in volume since the middle of June, says Symantec Hosted Services. Mon, 12 Jul 2010 22:00:00 GMT http://www.infosecurity-us.com/view/10892/new-phishing-attack-disguised-as-a-pdf-reader-update/ http://www.infosecurity-us.com/view/10850/fake-adobe-flash-updates-lure-the-unwary/ Barracuda Networks has warned internet surfers to be wary of fake Adobe flash updates, after it uncovered a number of compromised sites in the wild which present unwary visitors with an official-looking Adobe Flash update page. Fri, 09 Jul 2010 10:32:00 GMT http://www.infosecurity-us.com/view/10850/fake-adobe-flash-updates-lure-the-unwary/ http://www.infosecurity-us.com/view/10849/newspaper-reveals-how-your-apple-iphone-spies-on-you/ As would-be iPhone users reportedly continue to queue in stores to buy new iPhone 4 handsets with two year airtime contracts costing large sums of money, the Daily Telegraph has revealed how the iPhone is logging a lot more information on its owners than they realise. Fri, 09 Jul 2010 10:27:00 GMT http://www.infosecurity-us.com/view/10849/newspaper-reveals-how-your-apple-iphone-spies-on-you/ http://www.infosecurity-us.com/view/10829/government-unveils-plans-for-national-infrastructure-cybersecurity/ The federal government is reportedly working on an ambitious plan to detect and defend against cyberattacks on the US critical national infrastructure, which includes national electricity and telecoms grids, as well as other systems important to the defense of the nation. Thu, 08 Jul 2010 12:00:00 GMT http://www.infosecurity-us.com/view/10829/government-unveils-plans-for-national-infrastructure-cybersecurity/ http://www.infosecurity-us.com/view/10826/four-million-pirate-bay-users-details-revealed/ Reports are coming in that a major hack of the Pirate Bay – the long-standing file-sharing index portal – has allegedly resulted in the release of the site's' four million users' details Thu, 08 Jul 2010 11:51:00 GMT http://www.infosecurity-us.com/view/10826/four-million-pirate-bay-users-details-revealed/ http://www.infosecurity-us.com/view/10808/fortify-warns-iphone-users-to-think-before-frashing/ Software security assurance specialist Fortify, has warned iPhone and smartphone owners to think carefully before installing cracked software on their handsets. Wed, 07 Jul 2010 12:35:00 GMT http://www.infosecurity-us.com/view/10808/fortify-warns-iphone-users-to-think-before-frashing/ http://www.infosecurity-us.com/view/10804/conficker-hits-security-charts-in-june/ The June malware charts from Sunbelt Software show that Conficker has surfaced once again as a security threat, largely as a result of internet users visiting untrusted sites looking for World Cup video streams, says the IT security specialist. Wed, 07 Jul 2010 12:00:00 GMT http://www.infosecurity-us.com/view/10804/conficker-hits-security-charts-in-june/ http://www.infosecurity-us.com/view/10806/cloud-computing-services-to-be-sold-via-resellers/ Cloud computing services have, to date, largely been sold by specialist firms, or direct to companies and end users.A cloud specialist – which supplies services to eBay and Paypal – is now developing a cloud offering that can be sold via resellers. Wed, 07 Jul 2010 12:00:00 GMT http://www.infosecurity-us.com/view/10806/cloud-computing-services-to-be-sold-via-resellers/ http://www.infosecurity-us.com/view/10788/botnet-malware-targets-symbian-smartphones/ New botnet malware is attacking Nokia, Samsung and Sony Ericsson smartphones running Symbian operating systems, mobile security firm NetQin has warned. Wed, 07 Jul 2010 10:14:00 GMT http://www.infosecurity-us.com/view/10788/botnet-malware-targets-symbian-smartphones/ http://www.infosecurity-us.com/view/10785/apple-tightens-security-after-rogue-developer-is-banned-from-app-store/ Apple has banned a Vietnam-based developer from its online applications store for manipulating sales figures to boost his ranking. Wed, 07 Jul 2010 09:59:00 GMT http://www.infosecurity-us.com/view/10785/apple-tightens-security-after-rogue-developer-is-banned-from-app-store/ http://www.infosecurity-us.com/view/10781/free-social-networking-security-webinar-and-research-paper-this-thursday/ Social networking has gone from zero to hero in terms of business-to-consumer support and interactions, allowing organizations to increase their rapport with customers, as well as reducing the cost of customer support. But it's not all wine and roses, as there's the regulatory and compliance issue to address before you allow staff to access Facebook, MySpace, Twitter and all sites in between. Tue, 06 Jul 2010 18:24:00 GMT http://www.infosecurity-us.com/view/10781/free-social-networking-security-webinar-and-research-paper-this-thursday/ http://www.infosecurity-us.com/view/10759/hacking-a-smart-phone-is-easy-says-la-times/ A holiday report in the Los Angeles Times claims that hackers are using advanced techniques – including spoofing cellular phone calls to themselves – to extract caller ID data from the telephone network. Tue, 06 Jul 2010 10:37:00 GMT http://www.infosecurity-us.com/view/10759/hacking-a-smart-phone-is-easy-says-la-times/ http://www.infosecurity-us.com/view/10755/unpatched-windows-flaw-causing-problems-says-microsoft/ Microsoft has announced that an unpatched flaw in Windows XP and Server 2003 – which it routinely alerted users about in the middle of last month – is being actively exploited by hackers in the wild. Tue, 06 Jul 2010 10:11:00 GMT http://www.infosecurity-us.com/view/10755/unpatched-windows-flaw-causing-problems-says-microsoft/ http://www.infosecurity-us.com/view/10753/china-keeps-google-waiting-on-licence-decision/ Chinese authorities have still not told Google whether its licence to operate in the country will be renewed after nearly a week of waiting. Tue, 06 Jul 2010 09:58:00 GMT http://www.infosecurity-us.com/view/10753/china-keeps-google-waiting-on-licence-decision/ http://www.infosecurity-us.com/view/10752/microsoft-cracks-down-on-uk-software-pirates/ Microsoft's investigators have caught 25 UK computer shops selling illegal software in the past six months. Tue, 06 Jul 2010 09:52:00 GMT http://www.infosecurity-us.com/view/10752/microsoft-cracks-down-on-uk-software-pirates/ http://www.infosecurity-us.com/view/10729/hackers-disrupt-youtube-itunes-and-wikipedia-on-us-independence-day/ Hacker groups hit several top websites on US Independence Day, but it remains unclear if the malicious efforts were co-ordinated or not, according to US reports. Mon, 05 Jul 2010 10:52:00 GMT http://www.infosecurity-us.com/view/10729/hackers-disrupt-youtube-itunes-and-wikipedia-on-us-independence-day/ http://www.infosecurity-us.com/view/10727/apple-itunes-security-allegedly-compromised/ Reports have been coming in overnight that a growing number of iTunes' accounts have been hacked, with unauthorised charges appearing on user accounts, as well as a 'take-over' of a number of apps on the iTunes store apparently by a Vietnamese software developer. Mon, 05 Jul 2010 10:42:00 GMT http://www.infosecurity-us.com/view/10727/apple-itunes-security-allegedly-compromised/ http://www.infosecurity-us.com/view/10724/us-federal-agencies-still-not-convinced-about-cloud-security/ Most US federal agencies are concerned about potential information security risks associated with cloud computing, according to a government report. Mon, 05 Jul 2010 10:17:00 GMT http://www.infosecurity-us.com/view/10724/us-federal-agencies-still-not-convinced-about-cloud-security/ http://www.infosecurity-us.com/view/10725/ipswitch-offers-free-networking-testing-software-/ Ipswitch has announced it is offering WhatsUp Gold Engineer's Toolkit software – which normally sells for several hundred pounds – as a free download for a limited period of time. Mon, 05 Jul 2010 10:17:00 GMT http://www.infosecurity-us.com/view/10725/ipswitch-offers-free-networking-testing-software-/ http://www.infosecurity-us.com/view/10723/apple-says-tests-confirm-iphone-4-has-best-wireless-performance-ever/ Apple has denied a design fault in the antennae of the iPhone 4 and has blamed instead the formula used to calculate signal strength. Mon, 05 Jul 2010 10:11:00 GMT http://www.infosecurity-us.com/view/10723/apple-says-tests-confirm-iphone-4-has-best-wireless-performance-ever/ http://www.infosecurity-us.com/view/10714/software-vendors-failing-to-use-microsoft-windows-security-systems-/ Danish security tracking company Secunia has reported that around half of third-party software applications are failing to use two key Windows security features developed by Microsoft. Fri, 02 Jul 2010 17:47:00 GMT http://www.infosecurity-us.com/view/10714/software-vendors-failing-to-use-microsoft-windows-security-systems-/ http://www.infosecurity-us.com/view/10712/kaspersky-lab-technology-predicts-malware-epidemics/ Kaspersky Lab has patented technology in the US which it claims allows the potential scale of malware epidemics to be predicted accurately to stop them from spreading. Fri, 02 Jul 2010 17:00:00 GMT http://www.infosecurity-us.com/view/10712/kaspersky-lab-technology-predicts-malware-epidemics/ http://www.infosecurity-us.com/view/10713/ibm-acquires-bigfix-in-latest-corporate-acquisition/ As reported yesterday by Infosecurity, IBM has announced it has agreed to buy BigFix, the Emeryville, California-based corporate software policy control software vendor for an undisclosed sum. Fri, 02 Jul 2010 17:00:00 GMT http://www.infosecurity-us.com/view/10713/ibm-acquires-bigfix-in-latest-corporate-acquisition/ http://www.infosecurity-us.com/view/10684/facebook-rolls-out-new-thirdparty-app-security-policy/ Facebook is taking further steps to make good on its pledge to simply user privacy settings and increase security of personal information by requiring third-party developers to obtain permission when connecting to their applications and websites. Thu, 01 Jul 2010 21:22:00 GMT http://www.infosecurity-us.com/view/10684/facebook-rolls-out-new-thirdparty-app-security-policy/ http://www.infosecurity-us.com/view/10681/google-ceases-redirect-of-search-portal-in-china/ Google has apparently flinched – at least partially – in its game of chicken versus the Chinese government, as the company attempts to smooth over relations with Beijing to renew its provider’s license. Thu, 01 Jul 2010 19:42:00 GMT http://www.infosecurity-us.com/view/10681/google-ceases-redirect-of-search-portal-in-china/ http://www.infosecurity-us.com/view/10680/new-pci-dss-hurdles-loom/ Extensions to the IT security and governance rules laid down by the PCI Security Standards Council are looming. Thu, 01 Jul 2010 19:16:00 GMT http://www.infosecurity-us.com/view/10680/new-pci-dss-hurdles-loom/ http://www.infosecurity-us.com/view/10679/obfuscated-javascript-malware-making-a-comeback/ The latest monthly threat landscape report from IT security vendor Fortinet asserts that obfuscated Javascript attacks are starting to hit internet users again. Thu, 01 Jul 2010 18:31:00 GMT http://www.infosecurity-us.com/view/10679/obfuscated-javascript-malware-making-a-comeback/ http://www.infosecurity-us.com/view/10677/ibm-acquires-bigfix-/ IBM today announced it has entered into an agreement to acquire BigFix, Inc., a privately-held company based in Emeryville, California. Thu, 01 Jul 2010 16:11:00 GMT http://www.infosecurity-us.com/view/10677/ibm-acquires-bigfix-/ http://www.infosecurity-us.com/view/10657/teenagers-may-be-sharing-too-much-information-online/ Results of a recent online behavior survey commissioned by McAfee give rise to concern if you are the parent of a teenager. Wed, 30 Jun 2010 19:19:00 GMT http://www.infosecurity-us.com/view/10657/teenagers-may-be-sharing-too-much-information-online/ http://www.infosecurity-us.com/view/10656/chrome-browser-to-block-outdated-plugins/ Three researchers from the Google Security Team revealed that the Chrome web browser will attempt to enhance security through increased scrutiny of plug-ins, including blocking those that are out-of-date. Wed, 30 Jun 2010 18:46:00 GMT http://www.infosecurity-us.com/view/10656/chrome-browser-to-block-outdated-plugins/ http://www.infosecurity-us.com/view/10653/kaspersky-releases-iphone-threatpost-app/ Kaspersky Lab has developed an iPhone app that keeps tech-savvy users up to date with all the latest developments in the technology risk stakes. Wed, 30 Jun 2010 17:00:00 GMT http://www.infosecurity-us.com/view/10653/kaspersky-releases-iphone-threatpost-app/ http://www.infosecurity-us.com/view/10652/organizations-in-the-dark-about-advanced-cyberattacks/ Many organizations are unaware they are being targeted by advanced cyberattacks and are failing to respond effectively, according to research from the Ponemon Institute. Wed, 30 Jun 2010 16:57:00 GMT http://www.infosecurity-us.com/view/10652/organizations-in-the-dark-about-advanced-cyberattacks/ http://www.infosecurity-us.com/view/10627/testing-begins-for-intels-remote-kill-technology-/ Intel's Anti-Theft (AT) technology – which allows companies to give a remote command to a laptop PC to disable access to the computer's operating system or, where appropriate, disable the encryption key system – is reportedly being tested by a number of companies around the world. Tue, 29 Jun 2010 18:44:00 GMT http://www.infosecurity-us.com/view/10627/testing-begins-for-intels-remote-kill-technology-/ http://www.infosecurity-us.com/view/10626/google-redirects-encrypted-search-site/ After fielding complaints from school-based users, Google has decided to move its beta encrypted search page to another host name. Tue, 29 Jun 2010 18:21:00 GMT http://www.infosecurity-us.com/view/10626/google-redirects-encrypted-search-site/ http://www.infosecurity-us.com/view/10625/apple-sells-17-million-iphone-4s-in-first-three-days/ Apple claims it sold 1.7 million iPhone 4s in its first three days, outstripping analysts' forecasts and setting a record for a new version of the device. Tue, 29 Jun 2010 17:29:00 GMT http://www.infosecurity-us.com/view/10625/apple-sells-17-million-iphone-4s-in-first-three-days/ http://www.infosecurity-us.com/view/10624/eu-agrees-to-share-banking-data-with-us/ The European Union has reached an agreement with the US to continue sharing European bank data to help fight terrorism, after initially rejecting a proposal to extend information sharing because of privacy concerns. Tue, 29 Jun 2010 17:22:00 GMT http://www.infosecurity-us.com/view/10624/eu-agrees-to-share-banking-data-with-us/ http://www.infosecurity-us.com/view/10588/judge-puts-temporary-halt-to-international-card-scam/ An Illinois federal judge has put the kibosh, pending trial, on an international debit and credit card scheme that apparently milked victims’ accounts delicately – from pennies to dollars at a time. Mon, 28 Jun 2010 23:00:00 GMT http://www.infosecurity-us.com/view/10588/judge-puts-temporary-halt-to-international-card-scam/ http://www.infosecurity-us.com/view/10587/adobe-issues-early-quarterly-security-patches/ As promised earlier this month, Adobe has issued an advanced security update to sure up ‘critical’ vulnerabilities found with its Reader and Acrobat products. Mon, 28 Jun 2010 21:34:00 GMT http://www.infosecurity-us.com/view/10587/adobe-issues-early-quarterly-security-patches/ http://www.infosecurity-us.com/view/10583/us-holds-pole-position-as-spam-generator/ The end-of-May state of spam report from Kaspersky Lab claims that the US maintained its position as the prime distributor of spam – despite a decrease of 2.4% compared to March's figure. Mon, 28 Jun 2010 17:00:00 GMT http://www.infosecurity-us.com/view/10583/us-holds-pole-position-as-spam-generator/ http://www.infosecurity-us.com/view/10577/congressmen-ask-steve-jobs-to-explain-changes-in-apples-privacy-policy/ Members of Congress have written to Apple chief executive Steve Jobs about concerns that the firm is collecting and sharing geo-location data of iPhone and iPad users. Mon, 28 Jun 2010 16:00:00 GMT http://www.infosecurity-us.com/view/10577/congressmen-ask-steve-jobs-to-explain-changes-in-apples-privacy-policy/ http://www.infosecurity-us.com/view/10573/white-house-releases-plan-to-boost-online-security-with-trusted-identities/ The Obama Adminstration has published a strategy aimed at improving the security of online transactions. Mon, 28 Jun 2010 15:52:00 GMT http://www.infosecurity-us.com/view/10573/white-house-releases-plan-to-boost-online-security-with-trusted-identities/ http://www.infosecurity-us.com/view/10541/minnesota-wifi-hacker-who-threatened-vice-president-indicted/ A Minnesota man was indicted yesterday for an incident where he allegedly hacked into a neighbor’s WiFi network and sent threatening emails to the vice president, governor of Minnesota, and a US senator. Fri, 25 Jun 2010 18:12:00 GMT http://www.infosecurity-us.com/view/10541/minnesota-wifi-hacker-who-threatened-vice-president-indicted/ http://www.infosecurity-us.com/view/10540/exnsa-ciocto-says-eastern-europe-is-developing-its-it-security-technology-more-efficiently/ Eastern Europe is catching up to the West in terms of IT security awareness and, as a result, is starting to develop some interesting solutions to the problem of cybersecurity, according to Prescott Winter, the former CIO/CTO with the National Security Agency. Fri, 25 Jun 2010 16:45:00 GMT http://www.infosecurity-us.com/view/10540/exnsa-ciocto-says-eastern-europe-is-developing-its-it-security-technology-more-efficiently/ http://www.infosecurity-us.com/view/10539/symantec-security-ops-manager-warns-of-new-phone-support-cyberscam/ Cybercriminals are branching out into new areas and, says Orla Cox, security operations manager with Symantec, one of the latest diverse scams involves a 'company' called Online PC Doctors, who initiate the cybercrime by telephoning the victim directly to advise the computer users they have a 'virus' and offer to fix it for a fee. Fri, 25 Jun 2010 16:33:00 GMT http://www.infosecurity-us.com/view/10539/symantec-security-ops-manager-warns-of-new-phone-support-cyberscam/ http://www.infosecurity-us.com/view/10525/twitter-ftc-settle-on-charges-of-data-security-lapses/ The Federal Trade Commission announced a deal with Twitter in response to charges that the micro-blogging service failed to protect users’ personal information. The agreement includes the establishment of an independently audited information security program at Twitter. Thu, 24 Jun 2010 21:20:00 GMT http://www.infosecurity-us.com/view/10525/twitter-ftc-settle-on-charges-of-data-security-lapses/ http://www.infosecurity-us.com/view/10523/google-responds-to-report-on-android-security/ Research just published claims that around 20% of the 50 000-plus apps in the Android operating system market allow third-party software access to on-phone data, meaning that the information could used maliciously by hackers. However, the report is receiving its fair share of criticism. Thu, 24 Jun 2010 19:36:00 GMT http://www.infosecurity-us.com/view/10523/google-responds-to-report-on-android-security/ http://www.infosecurity-us.com/view/10521/larger-organizations-fare-better-in-password-security-among-it-security-staff/ A recent survey from Osirium shows that IT security admins from larger organizations do a better job at protecting login credentials for security devices than their counterparts from smaller firms. Thu, 24 Jun 2010 18:54:00 GMT http://www.infosecurity-us.com/view/10521/larger-organizations-fare-better-in-password-security-among-it-security-staff/ http://www.infosecurity-us.com/view/10518/apple-iphone-4-hacked-in-a-day/ The iPhone's new operating system – iOS 4 – has been hacked by at least one expert, and other websites report that the OS will be cracked by them by the weekend. Thu, 24 Jun 2010 17:31:00 GMT http://www.infosecurity-us.com/view/10518/apple-iphone-4-hacked-in-a-day/ http://www.infosecurity-us.com/view/10517/twitters-facebook-app-difficulties-down-to-facebook-says-twitter/ An update to Twitter's Facebook app, which allows users to "follow" their Facebook friends, appears to have failed due to problems with Facebook. Thu, 24 Jun 2010 17:25:00 GMT http://www.infosecurity-us.com/view/10517/twitters-facebook-app-difficulties-down-to-facebook-says-twitter/ http://www.infosecurity-us.com/view/10492/panda-demonstrates-ipad-malware-infection/ Researchers from PandaLabs have unveiled a successful malware infection on a jailbroken iPad that is identical to one previously revealed for the iPhone. Wed, 23 Jun 2010 20:54:00 GMT http://www.infosecurity-us.com/view/10492/panda-demonstrates-ipad-malware-infection/ http://www.infosecurity-us.com/view/10487/florida-university-notifies-students-and-faculty-of-possible-data-exposure-/ Students and faculty at Florida International University are being sent notification letters regarding the potential compromise of personal data stored in a university database. Wed, 23 Jun 2010 19:37:00 GMT http://www.infosecurity-us.com/view/10487/florida-university-notifies-students-and-faculty-of-possible-data-exposure-/ http://www.infosecurity-us.com/view/10481/rsa-and-lumension-partner-on-data-protection/ RSA, the security division of EMC, and endpoint security firm Lumension have announced a partnership aimed at helping organizations better protect and share sensitive information. Wed, 23 Jun 2010 16:00:00 GMT http://www.infosecurity-us.com/view/10481/rsa-and-lumension-partner-on-data-protection/ http://www.infosecurity-us.com/view/10482/apple-ipad-three-million-units-and-counting/ Apple announced yesterday that it sold its 3 millionth iPad this past Monday, as strong international and domestic demand for the tablet device continues unabated. Wed, 23 Jun 2010 16:00:00 GMT http://www.infosecurity-us.com/view/10482/apple-ipad-three-million-units-and-counting/ http://www.infosecurity-us.com/view/10476/firefox-browser-gets-nine-bug-fixes-and-crash-protection/ Mozilla has patched eight flaws, including five critical vulnerabilities in versions 3.5 and 3.6 of the Firefox browser. Wed, 23 Jun 2010 15:43:00 GMT http://www.infosecurity-us.com/view/10476/firefox-browser-gets-nine-bug-fixes-and-crash-protection/ http://www.infosecurity-us.com/view/10444/it-staff-remains-dedicated-even-during-major-sporting-events-/ Whether it’s during the Super Bowl or World Cup, recent surveys show that IT department staff would stay on the job in the event of a crisis, at least hypothetically speaking. Tue, 22 Jun 2010 19:00:00 GMT http://www.infosecurity-us.com/view/10444/it-staff-remains-dedicated-even-during-major-sporting-events-/ http://www.infosecurity-us.com/view/10443/firefox-extension-provides-encrypted-search-capability-/ The Electronic Frontier Foundation has teamed up with the Tor Project in offering a Firefox browser plug-in that encrypts communication between users and several major websites. Tue, 22 Jun 2010 18:50:00 GMT http://www.infosecurity-us.com/view/10443/firefox-extension-provides-encrypted-search-capability-/ http://www.infosecurity-us.com/view/10442/major-hack-of-israeli-twitter-accounts/ Reports are coming in of a systematic hack of Twitter accounts – apparently owned by Israeli internet users – by Turkish hackers. Tue, 22 Jun 2010 17:00:00 GMT http://www.infosecurity-us.com/view/10442/major-hack-of-israeli-twitter-accounts/ http://www.infosecurity-us.com/view/10409/veracode-introduces-cloudbased-software-assurance-testing-service/ The issue of disclosure of vulnerabilities has hit the headlines in recent weeks, as witnessed by the Microsoft/Google squabble. Application vulnerability specialist, Veracode, say that security testing is not effective enough in many companies. Mon, 21 Jun 2010 11:50:00 GMT http://www.infosecurity-us.com/view/10409/veracode-introduces-cloudbased-software-assurance-testing-service/ http://www.infosecurity-us.com/view/10407/mobile-malware-is-a-reality-says-kaspersky-/ Mobile malware has been bubbling along in the background of the security world for the last few years but, according to Denis Maslennikov, Kaspersky Lab's mobile research group manager, the rise in smartphone sales is triggering a surge in mobile malware amongst cybercriminals. Mon, 21 Jun 2010 11:30:00 GMT http://www.infosecurity-us.com/view/10407/mobile-malware-is-a-reality-says-kaspersky-/ http://www.infosecurity-us.com/view/10402/facebook-stands-up-to-privacy-coalition/ Facebook has insisted it is doing enough to protect users' privacy in response to an open letter from a coalition of privacy groups calling for more action. Mon, 21 Jun 2010 10:54:00 GMT http://www.infosecurity-us.com/view/10402/facebook-stands-up-to-privacy-coalition/ http://www.infosecurity-us.com/view/10399/enom-fails-to-act-on-bogus-online-pharmacies/ The world's second-largest seller of website addresses knowingly helped groups that sell counterfeit pharmaceuticals to US residents in violation of federal laws, a research report alleges. Mon, 21 Jun 2010 10:46:00 GMT http://www.infosecurity-us.com/view/10399/enom-fails-to-act-on-bogus-online-pharmacies/ http://www.infosecurity-us.com/view/10395/apple-goes-covert-with-malware-protection-update/ A couple of anti-virus vendors have identified a malware protection update in the recently released Mac OS X 10.6.4 update. But, as one security consultant notes, Apple failed to mention this in the release notes and security advisory. Fri, 18 Jun 2010 20:12:00 GMT http://www.infosecurity-us.com/view/10395/apple-goes-covert-with-malware-protection-update/ http://www.infosecurity-us.com/view/10391/you-cant-trust-the-internet-says-panda-technical-director/ After observing the IT security arena for around 20 years, Luis Corrons, Panda Security's technical director, has come to a simple conclusion – you can't trust the internet and, as a result, users should always be distrustful of everything they see on the web. Fri, 18 Jun 2010 15:28:00 GMT http://www.infosecurity-us.com/view/10391/you-cant-trust-the-internet-says-panda-technical-director/ http://www.infosecurity-us.com/view/10388/internet-fraud-alert-service-to-help-rescue-stolen-account-credentials/ Microsoft, eBay, PayPal, Citizens Bank and several US regulators, consumer organizations and security groups have set up an online fraud alert service. Fri, 18 Jun 2010 14:59:00 GMT http://www.infosecurity-us.com/view/10388/internet-fraud-alert-service-to-help-rescue-stolen-account-credentials/ http://www.infosecurity-us.com/view/10363/inspector-general-identifies-key-deficiencies-in-us-cybersecurity-response-/ The Department of Homeland Security’s Inspector General testified before Congress yesterday and provided an update on US-CERT’s efforts to improve cybersecurity, while also identifying many key points where the department is still falling short. Thu, 17 Jun 2010 20:52:00 GMT http://www.infosecurity-us.com/view/10363/inspector-general-identifies-key-deficiencies-in-us-cybersecurity-response-/ http://www.infosecurity-us.com/view/10362/security-vendor-identifies-skype-exploit-in-the-wild/ M86 Security has come across active exploitation of a Skype ActiveX vulnerability that affects older versions of the popular VoIP service. Thu, 17 Jun 2010 18:57:00 GMT http://www.infosecurity-us.com/view/10362/security-vendor-identifies-skype-exploit-in-the-wild/ http://www.infosecurity-us.com/view/10361/canon-warns-of-digital-printer-security-issue/ You wouldn't normally classify digital printers as being a security risk but, according to Quentyn Taylor, director of information security with Canon, high-end multi-functional printers pose a serious security risk when they come to the end of their working lifetime. Thu, 17 Jun 2010 16:32:00 GMT http://www.infosecurity-us.com/view/10361/canon-warns-of-digital-printer-security-issue/ http://www.infosecurity-us.com/view/10358/twitter-warns-of-more-disruptions-during-world-cup/ Twitter's outages at the start of the week could be repeated in the next few weeks due to technical problems and increased traffic during the FIFA World Cup, the site has warned. Thu, 17 Jun 2010 16:21:00 GMT http://www.infosecurity-us.com/view/10358/twitter-warns-of-more-disruptions-during-world-cup/ http://www.infosecurity-us.com/view/10356/security-expert-cautions-on-hidden-javascript-tweets/ Rik Ferguson, senior security advisor with Trend Micro, has uncovered a potentially serious Javascript security attack on users of the Twitter microblogging service. Thu, 17 Jun 2010 16:00:00 GMT http://www.infosecurity-us.com/view/10356/security-expert-cautions-on-hidden-javascript-tweets/ http://www.infosecurity-us.com/view/10354/spammers-gear-up-for-fathers-day/ Global spam exploiting Father's Day is increasing rapidly in the run up to the June 20 celebration in 52 countries, according to the Symantec Response team. Thu, 17 Jun 2010 15:55:00 GMT http://www.infosecurity-us.com/view/10354/spammers-gear-up-for-fathers-day/ http://www.infosecurity-us.com/view/10327/ipswitch-scoops-up-messageway-solutions-in-latest-acquisition-/ Massachusetts-based managed file transfer (MFT) provider Ipswitch has acquired MessageWay Solutions in a bid to expand its offerings into high-value, sensitive file transfer services. Wed, 16 Jun 2010 21:10:00 GMT http://www.infosecurity-us.com/view/10327/ipswitch-scoops-up-messageway-solutions-in-latest-acquisition-/ http://www.infosecurity-us.com/view/10323/microsoft-will-need-to-produce-a-patch-for-windows-xp-sp2/ Businesses running Windows XP SP2 have been hit by a double-whammy this week. Wed, 16 Jun 2010 18:55:00 GMT http://www.infosecurity-us.com/view/10323/microsoft-will-need-to-produce-a-patch-for-windows-xp-sp2/ http://www.infosecurity-us.com/view/10322/social-security-flexible-workplace-program-leaves-personal-data-at-risk/ A recent report from the Social Security Administration’s Inspector General reveals that beneficiaries’ personal has been put at risk through its new flexible workplace policy. The IG asserted that lax adherence to the agency’s employee compliance standards is to blame. Wed, 16 Jun 2010 17:45:00 GMT http://www.infosecurity-us.com/view/10322/social-security-flexible-workplace-program-leaves-personal-data-at-risk/ http://www.infosecurity-us.com/view/10315/latest-mac-os-x-version-still-needs-adobe-update/ The latest version of the Mac OS X operating system includes Adobe's Flash Player, but it is not the latest patched version. Wed, 16 Jun 2010 15:46:00 GMT http://www.infosecurity-us.com/view/10315/latest-mac-os-x-version-still-needs-adobe-update/ http://www.infosecurity-us.com/view/10314/att-may-have-leaked-customer-data-in-iphone-4-sales-frenzy/ Tuesday was, of course, pre-order day for iPhone 4 in the US and many other parts of the world, when anxious would-be buyers could order their new iPhone handset for fulfillment later this month. But reports are emerging that the sheer volume of orders may have caused AT&T's ordering servers to overload and inadvertently leak customer data. Wed, 16 Jun 2010 15:44:00 GMT http://www.infosecurity-us.com/view/10314/att-may-have-leaked-customer-data-in-iphone-4-sales-frenzy/ http://www.infosecurity-us.com/view/10281/infosecurity-welcomes-new-blogger-to-its-roster/ We are pleased to announce the addition of Geoff Webb to our list of contributors currently blogging for Infosecurity. Tue, 15 Jun 2010 20:38:00 GMT http://www.infosecurity-us.com/view/10281/infosecurity-welcomes-new-blogger-to-its-roster/ http://www.infosecurity-us.com/view/10280/avg-introduces-free-web-security-tool-for-mac/ The company, known primarily for its free anti-virus software, has now ventured into a new area of personal computing protection by offering its AVG LinkScanner to Mac users. Tue, 15 Jun 2010 19:00:00 GMT http://www.infosecurity-us.com/view/10280/avg-introduces-free-web-security-tool-for-mac/ http://www.infosecurity-us.com/view/10274/att-cooperating-in-ipad-data-theft-investigation/ AT&T says it will cooperate with an FBI investigation of a group known as Goatse Security for allegedly stealing more than 100 000 email addresses of Apple iPad users from its corporate servers. Tue, 15 Jun 2010 17:30:00 GMT http://www.infosecurity-us.com/view/10274/att-cooperating-in-ipad-data-theft-investigation/ http://www.infosecurity-us.com/view/10268/security-threat-monitor-app-for-iphone-released/ Sophos has released a free app for the iPhone that is said to allow users to stay on top of latest threats, news and malware information in the IT security-sphere. Tue, 15 Jun 2010 17:00:00 GMT http://www.infosecurity-us.com/view/10268/security-threat-monitor-app-for-iphone-released/ http://www.infosecurity-us.com/view/10218/medicare-drug-plan-rebates-invite-data-theft-scammers/ The checks are in the mail – that is, if you are a Medicare recipient. Rebates to help ease the costs of the so-called Medicare Part D “donut hole” have begun mailing out says the Department of Health and Human Services, and the agency is warning attorneys general throughout the country about the dangers of associated data theft scams. Mon, 14 Jun 2010 22:47:00 GMT http://www.infosecurity-us.com/view/10218/medicare-drug-plan-rebates-invite-data-theft-scammers/ http://www.infosecurity-us.com/view/10217/senate-introduces-sweeping-cybersecurity-bill/ Late last week Senator Joe Lieberman, along with other ranking members of the Senate Committee on Homeland Security, introduced a comprehensive bill designed to strengthen the nation’s networks and critical infrastructure against cyberattacks while expanding presidential powers to combat the threats. Mon, 14 Jun 2010 18:19:00 GMT http://www.infosecurity-us.com/view/10217/senate-introduces-sweeping-cybersecurity-bill/ http://www.infosecurity-us.com/view/10214/conficker-still-a-threat-says-working-group/ The Conficker worm continues to be a threat and businesses need to be aware of two vulnerabilities it may have introduced to their IT systems, says an industry group set up to combat the malware. Mon, 14 Jun 2010 16:31:00 GMT http://www.infosecurity-us.com/view/10214/conficker-still-a-threat-says-working-group/ http://www.infosecurity-us.com/view/10210/isaca-identifies-top-five-social-media-risks-for-business/ A white paper just published by ISACA, the not-for-profit IT security association, claims to show that five main social media issues pose a serious security risk for most businesses. Mon, 14 Jun 2010 16:23:00 GMT http://www.infosecurity-us.com/view/10210/isaca-identifies-top-five-social-media-risks-for-business/ http://www.infosecurity-us.com/view/10209/google-denies-wifi-data-collection-broke-law/ Google has told Congress that it broke no law in collecting data from unsecured private WiFi networks as the company recorded images for its Street View service in over 30 countries. Mon, 14 Jun 2010 16:11:00 GMT http://www.infosecurity-us.com/view/10209/google-denies-wifi-data-collection-broke-law/ http://www.infosecurity-us.com/view/10172/spammers-getting-lazier-says-symantec/ Some rather amusing news comes our way today courtesy of Symantec, and it does not bode well for the creative prowess of spammers. It appears that one of May’s hottest spam trends was blank email subject lines according to the company’s latest “State of Spam & Phishing” report. Fri, 11 Jun 2010 21:34:00 GMT http://www.infosecurity-us.com/view/10172/spammers-getting-lazier-says-symantec/ http://www.infosecurity-us.com/view/10171/cybercriminals-tap-into-world-cup-fever-with-malware-and-infected-emails/ If you're a World Cup fan, then you had better be ultra-careful on which links you click through to, as it seems that cybercrminals are ramping up their malware and infected emails to tap into fan's interest in the World Cup. Fri, 11 Jun 2010 20:35:00 GMT http://www.infosecurity-us.com/view/10171/cybercriminals-tap-into-world-cup-fever-with-malware-and-infected-emails/ http://www.infosecurity-us.com/view/10170/kaspersky-aveva-progress-join-bsa-in-piracy-fight/ Three leading software firms have joined the Business Software Alliance (BSA), the industry body dedicated to fighting software piracy. Fri, 11 Jun 2010 20:16:00 GMT http://www.infosecurity-us.com/view/10170/kaspersky-aveva-progress-join-bsa-in-piracy-fight/ http://www.infosecurity-us.com/view/10169/fbi-investigates-goatses-harvesting-of-ipad-user-email-addresses/ The FBI is looking into whether security researchers broke the law in conducting tests that exposed an iPad security flaw. Fri, 11 Jun 2010 20:00:00 GMT http://www.infosecurity-us.com/view/10169/fbi-investigates-goatses-harvesting-of-ipad-user-email-addresses/ http://www.infosecurity-us.com/view/10168/adobe-fixes-flash-flaw-in-five-days-/ Adobe has quietly fixed the 'critical' security flaw affecting its Flash and Reader software that it revealed earlier this week. The issue has been fixed in an urgent patch folded in with a raft of updates that are claimed to solve 32 documented problems with Adobe's software. Fri, 11 Jun 2010 19:58:00 GMT http://www.infosecurity-us.com/view/10168/adobe-fixes-flash-flaw-in-five-days-/ http://www.infosecurity-us.com/view/10167/microsoft-calls-for-responsible-disclosure-of-security-flaws/ Microsoft says it continues to support responsible disclosure of security vulnerabilities after a researcher went public with a zero-day vulnerability in Windows XP and Windows Server 2003. Fri, 11 Jun 2010 19:50:00 GMT http://www.infosecurity-us.com/view/10167/microsoft-calls-for-responsible-disclosure-of-security-flaws/ http://www.infosecurity-us.com/view/10138/federal-cio-asks-nist-to-aid-governments-transition-toward-cloud-computing/ Federal chief information officer Vivek Kundra called upon NIST to help the federal government move toward increased adoption of cloud computing and has appointed the agency to develop standards and guidelines that promote secure implementation of cloud technologies. Thu, 10 Jun 2010 18:48:00 GMT http://www.infosecurity-us.com/view/10138/federal-cio-asks-nist-to-aid-governments-transition-toward-cloud-computing/ http://www.infosecurity-us.com/view/10132/new-vulnerability-in-windows-revealed/ An independent security researcher has published exploit code for a zero-day vulnerability in Windows XP and Windows 2003. Thu, 10 Jun 2010 16:49:00 GMT http://www.infosecurity-us.com/view/10132/new-vulnerability-in-windows-revealed/ http://www.infosecurity-us.com/view/10131/details-exposed-for-more-than-100-000-apple-ipad-owners/ A security breach has exposed the personal details of more than 100 000 US iPad owners, including senior company executives, military officials and top politicians. Thu, 10 Jun 2010 16:33:00 GMT http://www.infosecurity-us.com/view/10131/details-exposed-for-more-than-100-000-apple-ipad-owners/ http://www.infosecurity-us.com/view/10130/check-point-acquires-enterprise-management-firm/ Check Point has acquired Liquid Machines, a start-up in the enterprise data management arena, for an undisclosed sum. Thu, 10 Jun 2010 16:23:00 GMT http://www.infosecurity-us.com/view/10130/check-point-acquires-enterprise-management-firm/ http://www.infosecurity-us.com/view/10129/twitter-prepares-to-launch-own-link-shortener-to-boost-security/ Twitter has announced it is another step closer to launching its own web link shortener to boost security, which could push out popular services such as bit.ly and tinyurl. Thu, 10 Jun 2010 16:12:00 GMT http://www.infosecurity-us.com/view/10129/twitter-prepares-to-launch-own-link-shortener-to-boost-security/ http://www.infosecurity-us.com/view/10090/youtube-impostor-pages-serving-up-malware/ Taking advantage of recent hot topics like the NBA Playoffs and the BP gulf oil spill, cybercriminals are capitalizing on the YouTube brand to infect user machines with malware. Wed, 09 Jun 2010 17:24:00 GMT http://www.infosecurity-us.com/view/10090/youtube-impostor-pages-serving-up-malware/ http://www.infosecurity-us.com/view/10088/india-to-check-all-chinese-telecoms-equipment-for-spyware/ India is appointing auditors to check that all telecoms equipment imported from China is free of software designed to monitor data transmissions. Wed, 09 Jun 2010 17:18:00 GMT http://www.infosecurity-us.com/view/10088/india-to-check-all-chinese-telecoms-equipment-for-spyware/ http://www.infosecurity-us.com/view/10087/1700-japanese-cameras-infected-with-virus/ Reports from Japan are coming in that Olympus has been shipping one of its digital cameras – the Stylus Tough 6010 – with a virus infection on the unit's internal memory card. Wed, 09 Jun 2010 17:00:00 GMT http://www.infosecurity-us.com/view/10087/1700-japanese-cameras-infected-with-virus/ http://www.infosecurity-us.com/view/10075/adobe-accelerates-flash-player-fixes/ Adobe announced that it will issue an unscheduled security patch to address vulnerabilities found in its Flash Player operating on Windows, Mac, and Linux. The company expects to have this fix ready by June 10. Wed, 09 Jun 2010 15:27:00 GMT http://www.infosecurity-us.com/view/10075/adobe-accelerates-flash-player-fixes/ http://www.infosecurity-us.com/view/10062/isc-amends-cap-credential/ Updated federal information security guidelines, currently in their draft form, are being proposed by the National Institute of Standards and Technology. In response to the proposed revisions, (ISC)² has revamped its CAP credential in alignment with the guidelines, including an increased emphasis on continuous monitoring. Tue, 08 Jun 2010 18:00:00 GMT http://www.infosecurity-us.com/view/10062/isc-amends-cap-credential/ http://www.infosecurity-us.com/view/10061/facetime-transfers-trademark-to-apple-for-iphone-4-video-calling-application/ One of the biggest surprises in Apple CEO Steve Job's presentation yesterday on the new iPhone 4 was the transfer of the FaceTime trademark from the social networking security vendor of the same name. Tue, 08 Jun 2010 17:58:00 GMT http://www.infosecurity-us.com/view/10061/facetime-transfers-trademark-to-apple-for-iphone-4-video-calling-application/ http://www.infosecurity-us.com/view/10060/german-security-wire-warns-of-smsenabled-atm-card-skimmers/ Next time you come across a 'different' looking ATM that may – or may not – have a card skimming device attached, it's probably not worth looking around for furtive-looking data thieves, as they may be sitting comfortably at home while using a text message-enabled receiving device. Tue, 08 Jun 2010 17:19:00 GMT http://www.infosecurity-us.com/view/10060/german-security-wire-warns-of-smsenabled-atm-card-skimmers/ http://www.infosecurity-us.com/view/10036/kaspersky-details-q1-information-security-threats/ Nearly half of all information security threats came from Adobe application exploits over the first quarter of 2010 according to the most recent quarterly analysis from security vendor Kaspersky. Mon, 07 Jun 2010 19:58:00 GMT http://www.infosecurity-us.com/view/10036/kaspersky-details-q1-information-security-threats/ http://www.infosecurity-us.com/view/10025/google-assures-customers-on-cloud-security-practices/ Google has issued a white paper on the security of its Google Apps service to assure existing and potential customers about the security of its cloud-based services. Mon, 07 Jun 2010 15:00:00 GMT http://www.infosecurity-us.com/view/10025/google-assures-customers-on-cloud-security-practices/ http://www.infosecurity-us.com/view/10023/adobe-warns-of-critical-multiplatform-security-flaw/ Adobe has released a major warning over a critical vulnerability in its Flash Player 10.0.45.2 and earlier editions for Windows, Apple Mac, Linux and Solaris platforms. Mon, 07 Jun 2010 14:54:00 GMT http://www.infosecurity-us.com/view/10023/adobe-warns-of-critical-multiplatform-security-flaw/ http://www.infosecurity-us.com/view/10021/major-patch-tuesday-from-microsoft-tomorrow/ Tomorrow is Patch Tuesday, the day when Microsoft makes its monthly batch of security updates and, by all accounts, it's going to be a major batch with 10 bulletins addressing 34 vulnerabilities. Three of the bulletins are classed as critical, says Microsoft. Mon, 07 Jun 2010 14:33:00 GMT http://www.infosecurity-us.com/view/10021/major-patch-tuesday-from-microsoft-tomorrow/ http://www.infosecurity-us.com/view/10005/ballmer-defends-windows-after-jobs-attack/ Windows will be increasingly modified and optimised for various functions and different types of hardware, says Steve Ballmer, chief executive of Microsoft. Fri, 04 Jun 2010 17:51:00 GMT http://www.infosecurity-us.com/view/10005/ballmer-defends-windows-after-jobs-attack/ http://www.infosecurity-us.com/view/10004/outbound-spam-report-reveals-scale-of-isp-problems/ A report on the issue of outbound spam claims that more than two-thirds of the world's ISPs are experiencing an expensive headache due to the generation of outbound spam on their networks. Fri, 04 Jun 2010 17:46:00 GMT http://www.infosecurity-us.com/view/10004/outbound-spam-report-reveals-scale-of-isp-problems/ http://www.infosecurity-us.com/view/10003/hike-in-trojan-activity-in-may/ The latest monthly statistics on security threats from Sunbelt Software claim there has been a significant increase in Trojan activity, as well as malware designed to channel fake anti-virus products onto a user's machine. Fri, 04 Jun 2010 17:39:00 GMT http://www.infosecurity-us.com/view/10003/hike-in-trojan-activity-in-may/ http://www.infosecurity-us.com/view/10002/apple-ceo-steve-jobs-says-windows-in-permanent-decline/ Apple chief executive Steve Jobs has predicted that personal computers running Microsoft's Windows operating system are in a permanent decline. Fri, 04 Jun 2010 17:32:00 GMT http://www.infosecurity-us.com/view/10002/apple-ceo-steve-jobs-says-windows-in-permanent-decline/ http://www.infosecurity-us.com/view/9976/penn-state-data-may-have-been-exposed/ This week the Pennsylvania State University sent data breach notification letters to 15 806 individuals who at one time had their personal information, including Social Security numbers, stored in a university database. Thu, 03 Jun 2010 20:42:00 GMT http://www.infosecurity-us.com/view/9976/penn-state-data-may-have-been-exposed/ http://www.infosecurity-us.com/view/9972/isf-publishes-guidance-on-converged-networks/ The Information Security Forum has identified potential security vulnerabilities that can occur from the synthesis of multiple networks onto a single internet protocol (IP). In response, the non-profit has issued a report on network convergence security for its membership. Thu, 03 Jun 2010 19:51:00 GMT http://www.infosecurity-us.com/view/9972/isf-publishes-guidance-on-converged-networks/ http://www.infosecurity-us.com/view/9971/50-of-it-professionals-hack-own-enterprises-/ Research just published shows that 83% of IT professionals consider commercial software to be riddled with security flaws and, as a result, they are making heavy investments in penetration and code testing of their IT resources. Thu, 03 Jun 2010 19:15:00 GMT http://www.infosecurity-us.com/view/9971/50-of-it-professionals-hack-own-enterprises-/ http://www.infosecurity-us.com/view/9970/google-switch-from-microsoft-could-cause-security-issues/ Earlier this week, Google announced that its staff will require special permission to install Microsoft operating systems and software on their computers. According to one security expert, however, Google could be raising, rather than reducing its security risk profile. Thu, 03 Jun 2010 19:00:00 GMT http://www.infosecurity-us.com/view/9970/google-switch-from-microsoft-could-cause-security-issues/ http://www.infosecurity-us.com/view/9919/half-of-windows-xp-users-left-without-tech-support/ Wolfgang Kandek, the chief technology officer of Qualys, has warned Windows XP users that Microsoft's technical support for service pack 2 (SP2) of the popular operating system will cease on July 13. As a result of this, he advises users to install XP SP3 or upgrade to Windows 7. Wed, 02 Jun 2010 19:00:00 GMT http://www.infosecurity-us.com/view/9919/half-of-windows-xp-users-left-without-tech-support/ http://www.infosecurity-us.com/view/9917/security-expert-identifies-iphone-security-loophole/ An IT security expert has identified a potentially serious security loophole in the Apple iPhone's software, due to its ability to automatically remember and log into a familiar WiFi access point. Wed, 02 Jun 2010 18:42:00 GMT http://www.infosecurity-us.com/view/9917/security-expert-identifies-iphone-security-loophole/ http://www.infosecurity-us.com/view/9916/millions-of-internet-users-risk-attack-with-aging-ie6-browser/ Microsoft's Internet Explorer 6 browser is still used by more than 25% of internet users, even though it attracts cyber attackers because it lacks up-to-date security features, a study has revealed. Wed, 02 Jun 2010 18:36:00 GMT http://www.infosecurity-us.com/view/9916/millions-of-internet-users-risk-attack-with-aging-ie6-browser/ http://www.infosecurity-us.com/view/9915/world-cup-spam-volumes-soar/ Spam relating to the FIFA 2010 World Cup has soared by about 27% according to security firm, Symantec. Wed, 02 Jun 2010 18:28:00 GMT http://www.infosecurity-us.com/view/9915/world-cup-spam-volumes-soar/ http://www.infosecurity-us.com/view/9914/hp-to-cut-9000-jobs-in-1bn-plan-to-grow-services-business/ HP is investing $1bn in technology for its services business as its focus moves away from integrating EDS to growth. Wed, 02 Jun 2010 17:57:00 GMT http://www.infosecurity-us.com/view/9914/hp-to-cut-9000-jobs-in-1bn-plan-to-grow-services-business/ http://www.infosecurity-us.com/view/9868/facebook-users-warned-about-new-viral-clickjacking-worm/ It may have been Memorial Day weekend in the US, but it seems that Facebook hackers have been out in force, harvesting user credentials using a clickjacking worm that encourages users to click on what appears to be an attractive link. Tue, 01 Jun 2010 20:51:00 GMT http://www.infosecurity-us.com/view/9868/facebook-users-warned-about-new-viral-clickjacking-worm/ http://www.infosecurity-us.com/view/9867/ohio-man-indicted-for-involvement-with-fake-antivirus-ring/ A Cincinnati area resident will face charges for aiding an international fake anti-virus scheme. Also indicted were two foreign-based co-conspirators. Tue, 01 Jun 2010 20:43:00 GMT http://www.infosecurity-us.com/view/9867/ohio-man-indicted-for-involvement-with-fake-antivirus-ring/ http://www.infosecurity-us.com/view/9866/security-concerns-hasten-googles-move-off-windows/ Google is moving away from the Microsoft Windows operating system in favor of the Apple Mac OS and open source Linux because of security concerns after its Chinese operations were hacked in late 2009. Tue, 01 Jun 2010 16:49:00 GMT http://www.infosecurity-us.com/view/9866/security-concerns-hasten-googles-move-off-windows/ http://www.infosecurity-us.com/view/9865/how-to-protect-your-personal-information-on-facebook/ Facebook members can protect their personal information by following some basic guidelines, says security firm Symantec. Tue, 01 Jun 2010 16:38:00 GMT http://www.infosecurity-us.com/view/9865/how-to-protect-your-personal-information-on-facebook/ http://www.infosecurity-us.com/view/9864/im-global-acquisition-bolsters-deloittes-security-expertise/ Consultancy Deloitte has acquired security specialist IM Global to address the fears of its corporate customers. Tue, 01 Jun 2010 16:31:00 GMT http://www.infosecurity-us.com/view/9864/im-global-acquisition-bolsters-deloittes-security-expertise/ http://www.infosecurity-us.com/view/9824/cloud-computing-could-help-improve-security-says-microsoft/ Cloud computing adds security challenges, but also provides opportunities to improve security posture, according to Steve Lipner, senior director of security engineering strategy at Microsoft. Fri, 28 May 2010 19:11:00 GMT http://www.infosecurity-us.com/view/9824/cloud-computing-could-help-improve-security-says-microsoft/ http://www.infosecurity-us.com/view/9823/scientology-ddos-jail-sentence-signals-turning-point-/ It's been something of a busy week for distributed denial of service (DDoS) attacks – as well as CNN reporting that Media Temple, the web hosting provider for a range of blue chip companies, was hit with a sophisticated attack, the Associated Press reported that a Nebraska man has been sentenced to a year in prison for his role in a cyber attack on the Church of Scientology's websites two years ago. Fri, 28 May 2010 19:00:00 GMT http://www.infosecurity-us.com/view/9823/scientology-ddos-jail-sentence-signals-turning-point-/ http://www.infosecurity-us.com/view/9793/applications-under-attack-says-microsoft-adobe/ Many in the security field agree that attack vectors have rapidly moved from exploiting operating system vulnerabilities to the application layer. Security specialists from Microsoft and Adobe lent their opinions as to why this is the case. Thu, 27 May 2010 21:00:00 GMT http://www.infosecurity-us.com/view/9793/applications-under-attack-says-microsoft-adobe/ http://www.infosecurity-us.com/view/9788/apple-bigger-than-microsoft-or-google-in-market-cap/ Yesterday Apple became the world's biggest IT company by market value, eclipsing Microsoft for the first time since 1989, and even Google. Thu, 27 May 2010 17:14:00 GMT http://www.infosecurity-us.com/view/9788/apple-bigger-than-microsoft-or-google-in-market-cap/ http://www.infosecurity-us.com/view/9787/facebook-announces-open-privacy-settings/ As widely reported by the media in the last 24 hours, Facebook has responded to the ongoing criticism regarding the privacy of its members and announced plans to develop a privacy interface for users. Thu, 27 May 2010 17:00:00 GMT http://www.infosecurity-us.com/view/9787/facebook-announces-open-privacy-settings/ http://www.infosecurity-us.com/view/9769/mozilla-warns-of-new-phishing-scam/ Aza Raskin, a well-known US interface design expert and creative lead on Mozilla's Firefox browser software, has revealed a new type of phishing attack known as `tab napping.' Thu, 27 May 2010 11:16:00 GMT http://www.infosecurity-us.com/view/9769/mozilla-warns-of-new-phishing-scam/ http://www.infosecurity-us.com/view/9760/morally-right-to-try-hacker-mckinnon-in-uk-says-nick-clegg/ UK deputy prime minister Nick Clegg has repeated his view that self-confessed hacker Gary McKinnon should be tried in the UK, but said the government lacked the power to reverse some of the legal decisions that had led to McKinnon's possible extradition to the US. Thu, 27 May 2010 07:00:00 GMT http://www.infosecurity-us.com/view/9760/morally-right-to-try-hacker-mckinnon-in-uk-says-nick-clegg/ http://www.infosecurity-us.com/view/9762/adobe-update-addresses-photoshop-bugs/ Adobe, maker of Photoshop, has issued a patch for vulnerabilities affecting earlier versions of the popular image editing software. Thu, 27 May 2010 06:57:00 GMT http://www.infosecurity-us.com/view/9762/adobe-update-addresses-photoshop-bugs/ http://www.infosecurity-us.com/view/9742/rsa-joins-open-compliance-and-ethics-group/ RSA has joined the Open Compliance and Ethics Group (OCEG), a non-profit organization with a mission to help companies align their governance, risk and compliance (GRC) management activities to help drive their business performance. Wed, 26 May 2010 10:38:00 GMT http://www.infosecurity-us.com/view/9742/rsa-joins-open-compliance-and-ethics-group/ http://www.infosecurity-us.com/view/9739/mcafee-acquires-trust-digital-for-mobile-security-/ Veteran IT security vendor McAfee has announced plans to acquire privately-held Trust Digital, a mobile management and security software specialist. Terms of the deal have not been revealed. Wed, 26 May 2010 10:33:00 GMT http://www.infosecurity-us.com/view/9739/mcafee-acquires-trust-digital-for-mobile-security-/ http://www.infosecurity-us.com/view/9728/ibm-gives-away-malware-infected-usb-drives/ In what can best be described as an embarrassing situation, IBM apparently distributed USB sticks infected with malware at last week’s Australian Computer Emergency Response Team (AusCERT) conference. Tue, 25 May 2010 22:22:00 GMT http://www.infosecurity-us.com/view/9728/ibm-gives-away-malware-infected-usb-drives/ http://www.infosecurity-us.com/view/9727/894-an-hour-will-rent-you-your-very-own-botnet/ The price of online cybercrime has reduced so that criminals can rent bots by the hour. VeriSign's iDefense research operation says the cost is just $8.94 an hour. Tue, 25 May 2010 21:40:00 GMT http://www.infosecurity-us.com/view/9727/894-an-hour-will-rent-you-your-very-own-botnet/ http://www.infosecurity-us.com/view/9707/sign-up-for-todays-free-webinar-on-email-archiving-inthecloud/ Join this afternoon's Infosecurity Magazine webinar, and listen to industry experts discuss how moving email archiving to the cloud will effect your organisation. Tue, 25 May 2010 09:26:00 GMT http://www.infosecurity-us.com/view/9707/sign-up-for-todays-free-webinar-on-email-archiving-inthecloud/ http://www.infosecurity-us.com/view/9703/microsoft-looks-to-enhance-security-with-hotmail-update/ Recently publicized new features for Hotmail aim to increase security for the Microsoft webmail service. Mon, 24 May 2010 18:55:00 GMT http://www.infosecurity-us.com/view/9703/microsoft-looks-to-enhance-security-with-hotmail-update/ http://www.infosecurity-us.com/view/9696/cloud-computing-will-improve-security-says-survey/ Results from a survey just released makes the interesting assertion that cloud computing – far from causing IT security problems in businesses – will actually improve security for most organizations. Mon, 24 May 2010 16:39:00 GMT http://www.infosecurity-us.com/view/9696/cloud-computing-will-improve-security-says-survey/ http://www.infosecurity-us.com/view/9690/google-introduces-encrypted-search/ An encrypted beta search service was unveiled by Google late last week. The new search site uses SSL encryption when connecting to Google from users’ internet browsers. Mon, 24 May 2010 15:14:00 GMT http://www.infosecurity-us.com/view/9690/google-introduces-encrypted-search/ http://www.infosecurity-us.com/view/9659/plainscapital-settles-with-former-customer-in-cyber-theft-incident/ Texas-based PlainsCapital Bank has reached a settlement agreement with one of its former customers, Hillary Machinery, which had more than $800 000 stolen from its corporate account by cyber criminals. Fri, 21 May 2010 18:54:00 GMT http://www.infosecurity-us.com/view/9659/plainscapital-settles-with-former-customer-in-cyber-theft-incident/ http://www.infosecurity-us.com/view/9658/germany-considers-criminal-charges-against-google-over-wifi-data-collection/ German prosecutors have begun a criminal probe into whether Google broke any laws when its mobile units collected private WiFi data while recording images for Google Street View. Fri, 21 May 2010 18:26:00 GMT http://www.infosecurity-us.com/view/9658/germany-considers-criminal-charges-against-google-over-wifi-data-collection/ http://www.infosecurity-us.com/view/9657/oracle-acquires-database-security-firm-secerno-/ Oracle has announced it has reached an agreement to acquire database security firm Secerno. Fri, 21 May 2010 16:22:00 GMT http://www.infosecurity-us.com/view/9657/oracle-acquires-database-security-firm-secerno-/ http://www.infosecurity-us.com/view/9633/heartland-settles-with-mastercard-over-data-breach/ Heartland Payment Systems, the fifth-largest payment card processor in the US, has made a third settlement deal in what was one of the largest data breach incidents in history. This time, MasterCard has agreed to take a 41.4m payout for its card issuers. Thu, 20 May 2010 20:00:00 GMT http://www.infosecurity-us.com/view/9633/heartland-settles-with-mastercard-over-data-breach/ http://www.infosecurity-us.com/view/9632/microsoft-to-share-prepatch-info-with-governments/ Two pilot programs from Microsoft have been established in an effort to share pre-update information and aid in protecting critical infrastructure. Thu, 20 May 2010 19:22:00 GMT http://www.infosecurity-us.com/view/9632/microsoft-to-share-prepatch-info-with-governments/ http://www.infosecurity-us.com/view/9627/final-episode-of-lost-tapped-by-hackers-to-spread-fake-antivirus-software/ There's nothing like the final episode in a TV series to bring out people on the Net looking for early copies of the cliffhanger, and 'Lost' looks to be no exception. Unfortunately, PandaLabs reports users' searches are being hijacked to get them to install fake anti-virus software. Thu, 20 May 2010 19:14:00 GMT http://www.infosecurity-us.com/view/9627/final-episode-of-lost-tapped-by-hackers-to-spread-fake-antivirus-software/ http://www.infosecurity-us.com/view/9626/facebook-to-simplify-privacy-tools/ Facebook has announced that it will release simpler privacy options in the face of a growing storm over the company's drive to encourage more people to publish more information online by default. Thu, 20 May 2010 19:00:00 GMT http://www.infosecurity-us.com/view/9626/facebook-to-simplify-privacy-tools/ http://www.infosecurity-us.com/view/9623/hacker-mckinnon-to-stay-in-uk-for-now/ Self-confessed hacker Gary McKinnon will stay in the UK for the foreseeable future following home secretary Theresa May's decision to adjourn a judicial review of his case due next week. Thu, 20 May 2010 18:23:00 GMT http://www.infosecurity-us.com/view/9623/hacker-mckinnon-to-stay-in-uk-for-now/ http://www.infosecurity-us.com/view/9617/symantec-to-pay-128bn-for-verisigns-security-business/ Security software group Symantec is to acquire VeriSign's identity and authentication business in a $1.28bn cash deal. Thu, 20 May 2010 15:31:00 GMT http://www.infosecurity-us.com/view/9617/symantec-to-pay-128bn-for-verisigns-security-business/ http://www.infosecurity-us.com/view/9613/apple-releases-java-security-updates/ Apple has issued two Java security patches for Mac OS X 10.5 and 10.6. Thu, 20 May 2010 14:46:00 GMT http://www.infosecurity-us.com/view/9613/apple-releases-java-security-updates/ http://www.infosecurity-us.com/view/9592/majority-of-facebook-members-consider-quitting-over-privacy-issues/ The security and privacy scares surrounding Facebook appear to have left their mark with users, as a survey carried out by Sophos claims to show that 60% of users would consider quitting the social networking site over the ongoing privacy issues. Wed, 19 May 2010 21:00:00 GMT http://www.infosecurity-us.com/view/9592/majority-of-facebook-members-consider-quitting-over-privacy-issues/ http://www.infosecurity-us.com/view/9591/security-hole-found-in-windows-7-display-driver-/ Microsoft has issued a security advisory for a canonical display driver (cdd.dll) vulnerability affecting Windows 7 and Windows Server 2008 R2. Wed, 19 May 2010 19:49:00 GMT http://www.infosecurity-us.com/view/9591/security-hole-found-in-windows-7-display-driver-/ http://www.infosecurity-us.com/view/9590/ipad-gets-secure-remote-access-for-free/ Unlike the iPhone, there is every sign that the Apple iPad will be adopted by companies looking for alternatives to laptops and netbooks, but when it comes to remote authentication, iPad support is a bit thin on the ground. Until now, however, as Astaro has developed a secure remote access solution for iPad users. Wed, 19 May 2010 19:16:00 GMT http://www.infosecurity-us.com/view/9590/ipad-gets-secure-remote-access-for-free/ http://www.infosecurity-us.com/view/9551/texas-man-pleads-guilty-to-hacking-medical-center-computers/ A former night-shift security guard pleaded guilty to two counts of transmitting malicious code for his role in hacking into computers at a Dallas area medical facility. Tue, 18 May 2010 17:47:00 GMT http://www.infosecurity-us.com/view/9551/texas-man-pleads-guilty-to-hacking-medical-center-computers/ http://www.infosecurity-us.com/view/9550/german-and-us-authorities-to-investigate-googles-collection-of-private-wifi-data/ German and US authorities are to investigate Google after the firm admitted that it collected data sent over WiFi networks using mobile units gathering images for Google's Street View service. Tue, 18 May 2010 17:31:00 GMT http://www.infosecurity-us.com/view/9550/german-and-us-authorities-to-investigate-googles-collection-of-private-wifi-data/ http://www.infosecurity-us.com/view/9546/mcafee-quarterly-threat-analysis-shows-increased-hacker-intelligence/ The latest quarterly threat analysis from McAfee shows that, although fewer new threats were reported in the first quarter of 2010, cybercriminals are becoming a lot more inventive as they try and extract revenue from an increasingly security-savvy internet user-base. Tue, 18 May 2010 15:43:00 GMT http://www.infosecurity-us.com/view/9546/mcafee-quarterly-threat-analysis-shows-increased-hacker-intelligence/ http://www.infosecurity-us.com/view/9544/microsoft-pays-200m-to-virnetx-in-patent-lawsuit/ Microsoft is to pay $200m in settlement of a patent infringement case brought by VirnetX. Tue, 18 May 2010 15:23:00 GMT http://www.infosecurity-us.com/view/9544/microsoft-pays-200m-to-virnetx-in-patent-lawsuit/ http://www.infosecurity-us.com/view/9502/phishing-scam-hits-thousands-on-twitter/ A phishing scam is targeting thousands of Twitter users hoping to increase their number of followers. Mon, 17 May 2010 15:59:00 GMT http://www.infosecurity-us.com/view/9502/phishing-scam-hits-thousands-on-twitter/ http://www.infosecurity-us.com/view/9499/google-says-street-view-cars-collected-wifi-data-by-mistake/ Google has admitted that it mistakenly collected data sent over WiFi networks using its Street View cars gathering images for Google's controversial Street View service. Mon, 17 May 2010 15:37:00 GMT http://www.infosecurity-us.com/view/9499/google-says-street-view-cars-collected-wifi-data-by-mistake/ http://www.infosecurity-us.com/view/9497/facebook-identifies-hacker-selling-15-million-accounts/ Reports are coming in that Facebook has identified the self-proclaimed hacker who was offering to sell batches of 1000 Facebook accounts – up to 1.5 million in total – and it appears that the Russian hacker was wildly overstating the account numbers. Mon, 17 May 2010 15:18:00 GMT http://www.infosecurity-us.com/view/9497/facebook-identifies-hacker-selling-15-million-accounts/ http://www.infosecurity-us.com/view/9471/stolen-laptop-exposes-new-mexico-medicaid-client-information/ The New Mexico Human Services Department informed users of its Salud! Medicaid plan that an unencrypted laptop containing personal health information was stolen back in March. Fri, 14 May 2010 19:57:00 GMT http://www.infosecurity-us.com/view/9471/stolen-laptop-exposes-new-mexico-medicaid-client-information/ http://www.infosecurity-us.com/view/9469/us-military-considers-responses-to-cyber-attack/ The US military is to consider a military response in cases of cyber attacks against the US, according to a Pentagon official. Fri, 14 May 2010 15:57:00 GMT http://www.infosecurity-us.com/view/9469/us-military-considers-responses-to-cyber-attack/ http://www.infosecurity-us.com/view/9468/pci-standards-council-beefs-up-card-transaction-security-requirements/ The Payment Card Industry (PCI) Standards Council has published the latest version of its security requirements for card-based transactions. Fri, 14 May 2010 15:47:00 GMT http://www.infosecurity-us.com/view/9468/pci-standards-council-beefs-up-card-transaction-security-requirements/ http://www.infosecurity-us.com/view/9463/chinese-man-convicted-of-encryption-equipment-smuggling-attempt/ Earlier this week a San Diego jury convicted a Chinese national for attempting to smuggle communications equipment out of the country, including encryption devices used by the US military and NATO. Fri, 14 May 2010 15:00:00 GMT http://www.infosecurity-us.com/view/9463/chinese-man-convicted-of-encryption-equipment-smuggling-attempt/ http://www.infosecurity-us.com/view/9453/facebook-adds-security-tools-amid-growing-privacy-storm/ Facebook has added new security tools to prevent hacking and held a staff meeting amid a growing storm about privacy at the social networking company. Fri, 14 May 2010 11:12:00 GMT http://www.infosecurity-us.com/view/9453/facebook-adds-security-tools-amid-growing-privacy-storm/ http://www.infosecurity-us.com/view/9442/adobe-releases-patches-for-shockwave-and-coldfusion/ Adobe issued security patches for its Shockwave Player and ColdFusion on Tuesday, plugging holes for more than 20 potential vulnerabilities. Thu, 13 May 2010 18:55:00 GMT http://www.infosecurity-us.com/view/9442/adobe-releases-patches-for-shockwave-and-coldfusion/ http://www.infosecurity-us.com/view/9440/single-group-responsible-for-twothirds-of-phishing-attacks-in-second-half-of-2009/ Research just released claims to show that the Avalanche electronic crime syndicate, employing advanced malware, was responsible for two-thirds of all the phishing attacks detected in the second half of 2009. Thu, 13 May 2010 18:18:00 GMT http://www.infosecurity-us.com/view/9440/single-group-responsible-for-twothirds-of-phishing-attacks-in-second-half-of-2009/ http://www.infosecurity-us.com/view/9435/cybercriminals-exploit-google-groups/ Cybercriminals are using Google Groups to distribute rogue anti-virus software and other malware, according to researchers at security firm eSoft. Thu, 13 May 2010 15:19:00 GMT http://www.infosecurity-us.com/view/9435/cybercriminals-exploit-google-groups/ http://www.infosecurity-us.com/view/9418/microsoft-patches-address-two-vulnerabilities/ Microsoft issued two security bulletins on Tuesday for what the company called “critical” patches to the Windows OS, Office suite, and Visual Basic. Wed, 12 May 2010 23:00:00 GMT http://www.infosecurity-us.com/view/9418/microsoft-patches-address-two-vulnerabilities/ http://www.infosecurity-us.com/view/9410/hackers-use-web-servers-to-deliver-more-powerful-ddos-attacks/ Cyber criminals are using a new type of distributed denial of service (DDoS) attack that is more powerful and elusive than any predecessors, says security firm Imperva. Wed, 12 May 2010 18:57:00 GMT http://www.infosecurity-us.com/view/9410/hackers-use-web-servers-to-deliver-more-powerful-ddos-attacks/ http://www.infosecurity-us.com/view/9409/security-firms-warn-of-bogus-job-search-emails/ Security vendors – including Websense and Sophos – have sent up a red flag about suspect emails targeting human resources staff. The messages apparently contain zip files that, when opened, infect users’ PCs with rouge anti-virus. Wed, 12 May 2010 17:00:00 GMT http://www.infosecurity-us.com/view/9409/security-firms-warn-of-bogus-job-search-emails/ http://www.infosecurity-us.com/view/9399/judge-rejects-plea-for-florida-id-theft-duo/ A Florida couple accused of selling off patient records from a Miami-area medical center had their plea agreements rejected by a Federal court judge yesterday. Wed, 12 May 2010 15:00:00 GMT http://www.infosecurity-us.com/view/9399/judge-rejects-plea-for-florida-id-theft-duo/ http://www.infosecurity-us.com/view/9397/maryland-settles-with-mid-atlantic-processing/ The Maryland Attorney General announced the state has settled a case against payment card processor Mid Atlantic Processing, which allegedly improperly disposed of 77 boxes containing client data. Wed, 12 May 2010 14:50:00 GMT http://www.infosecurity-us.com/view/9397/maryland-settles-with-mid-atlantic-processing/ http://www.infosecurity-us.com/view/9368/pirates-cost-software-firms-51bn-but-less-than-expected/ The world's software industry lost $51bn to piracy in 2009 as the unlicensed software rate rose to 43%, but losses were less than expected, the Business Software Alliance said today. Tue, 11 May 2010 14:31:00 GMT http://www.infosecurity-us.com/view/9368/pirates-cost-software-firms-51bn-but-less-than-expected/ http://www.infosecurity-us.com/view/9362/android-beats-iphone-as-blackberry-leads-us-smartphone-sales/ Blackberry and Android have beaten iPhone into third place as US consumers' favourite mobile operating system, according to market analyst NPD Group. Tue, 11 May 2010 12:00:00 GMT http://www.infosecurity-us.com/view/9362/android-beats-iphone-as-blackberry-leads-us-smartphone-sales/ http://www.infosecurity-us.com/view/9346/researcher-uncovers-flaw-in-apples-safari-browser/ A security researcher from Poland has discovered what is being called a “highly critical” zero-day flaw in the Apple Safari browser that would allow for remote code execution. Mon, 10 May 2010 23:23:00 GMT http://www.infosecurity-us.com/view/9346/researcher-uncovers-flaw-in-apples-safari-browser/ http://www.infosecurity-us.com/view/9334/twitter-accounts-being-compromised-by-new-service/ Reports are coming in that large numbers of Twitter account holders have had their online accounts compromised, with the accounts apparently generating messages advertising a website that claims to help users attract more followers. Mon, 10 May 2010 15:00:00 GMT http://www.infosecurity-us.com/view/9334/twitter-accounts-being-compromised-by-new-service/ http://www.infosecurity-us.com/view/9333/facebook-security-under-fire-again-this-time-over-leaky-ip-addresses/ Facebook is under fire from the security industry for the third time this month and this time over an allegation that its notifications are leaking IP addresses. Mon, 10 May 2010 14:48:00 GMT http://www.infosecurity-us.com/view/9333/facebook-security-under-fire-again-this-time-over-leaky-ip-addresses/ http://www.infosecurity-us.com/view/9325/facebook-bolsters-team-in-response-to-increased-privacy-scrutiny/ Facebook has hired former US Federal Trade Commission chairman Tim Muris in the face of increased government scrutiny of the social networking site's privacy policies. Mon, 10 May 2010 11:38:00 GMT http://www.infosecurity-us.com/view/9325/facebook-bolsters-team-in-response-to-increased-privacy-scrutiny/ http://www.infosecurity-us.com/view/9322/light-microsoft-patch-tuesday-will-not-include-a-fix-for-sharepoint/ Microsoft is to issue only two software fixes in its Patch Tuesday monthly security update on 11 May, according to the advance bulletin. Mon, 10 May 2010 11:24:00 GMT http://www.infosecurity-us.com/view/9322/light-microsoft-patch-tuesday-will-not-include-a-fix-for-sharepoint/ http://www.infosecurity-us.com/view/9307/feds-resist-cloud-computing-over-security-concerns/ A newly released survey from (ISC)² shows that federal CISOs are avoiding cloud computing applications due to concerns about replicating IT security policy in the cloud. Fri, 07 May 2010 21:00:00 GMT http://www.infosecurity-us.com/view/9307/feds-resist-cloud-computing-over-security-concerns/ http://www.infosecurity-us.com/view/9305/facebook-under-fire-for-stealth-app-installs/ Fresh from its security problems of earlier in the week when members' chat sessions were visible to third-party users, Facebook has come under fire for allegedly installing applications on users' Facebook areas by stealth. Fri, 07 May 2010 17:43:00 GMT http://www.infosecurity-us.com/view/9305/facebook-under-fire-for-stealth-app-installs/ http://www.infosecurity-us.com/view/9304/laptop-users-need-to-raise-their-encryption-game/ Fresh from releasing a range of encrypted drive kits at last week's Infosecurity Europe show, Origin Storage says that the steady stream of advances in brute force decryption techniques – which started when Russia's Elcomsoft released the first versions of its Password Recovery suite of 'utilities' around 18 months ago – means that laptop users must now raise their game when it comes to encryption. Fri, 07 May 2010 17:23:00 GMT http://www.infosecurity-us.com/view/9304/laptop-users-need-to-raise-their-encryption-game/ http://www.infosecurity-us.com/view/9286/isps-set-to-oppose-us-regulators-attempts-to-impose-greater-controls/ US internet service providers are gearing up for battle after the US media regulator announced plans for stricter controls on the sector that will open the way for net neutrality. Fri, 07 May 2010 10:34:00 GMT http://www.infosecurity-us.com/view/9286/isps-set-to-oppose-us-regulators-attempts-to-impose-greater-controls/ http://www.infosecurity-us.com/view/9283/louisville-hospital-loses-nearly-25-000-patient-records/ Our Lady of Peace psychiatric hospital in Louisville has notified the public of the loss of a flash drive containing the personal information of 24 600 patients. Fri, 07 May 2010 10:00:00 GMT http://www.infosecurity-us.com/view/9283/louisville-hospital-loses-nearly-25-000-patient-records/ http://www.infosecurity-us.com/view/9282/researcher-to-unveil-atm-rootkit/ A researcher originally blocked from giving a talk about security in ATMs will go ahead and make his presentation at the Black Hat USA conference this year. Fri, 07 May 2010 09:59:00 GMT http://www.infosecurity-us.com/view/9282/researcher-to-unveil-atm-rootkit/ http://www.infosecurity-us.com/view/9281/root-zone-switches-to-dnssec/ The last of the internet's 13 root servers has been switched to a secure version off the Domain Name System (DNS). This means that the entire root zone for the internet is now operating using DNSSEC. Fri, 07 May 2010 09:49:00 GMT http://www.infosecurity-us.com/view/9281/root-zone-switches-to-dnssec/ http://www.infosecurity-us.com/view/9279/how-secure-are-apple-products-its-a-matter-of-perception-/ David Harley of anti-virus vendor ESET recently examined black hat exploits of Apple products and Mac platforms. Despite a commonly held perception that the company’s products are inherently safer from a security perspective, according to Harley, they are hardly the “safe haven” that many believe them to be. Thu, 06 May 2010 19:58:00 GMT http://www.infosecurity-us.com/view/9279/how-secure-are-apple-products-its-a-matter-of-perception-/ http://www.infosecurity-us.com/view/9268/fcc-could-give-google-and-amazon-their-net-neutrality-regulations/ The US media regulator is expected to announce stricter controls on telecoms companies that will open the way for net neutrality. Thu, 06 May 2010 15:36:00 GMT http://www.infosecurity-us.com/view/9268/fcc-could-give-google-and-amazon-their-net-neutrality-regulations/ http://www.infosecurity-us.com/view/9239/us-treasury-website-hacked/ A website operated by the US Treasury was suspended on Tuesday after the site was hacked. Thu, 06 May 2010 01:53:00 GMT http://www.infosecurity-us.com/view/9239/us-treasury-website-hacked/ http://www.infosecurity-us.com/view/9238/fbi-thwarts-atm-hacking-attempt/ A North Carolina man has been accused of trying to hack into an automated teller machine and change its password, according to a complaint filed by the FBI. Thu, 06 May 2010 01:49:00 GMT http://www.infosecurity-us.com/view/9238/fbi-thwarts-atm-hacking-attempt/ http://www.infosecurity-us.com/view/9237/facebook-publishes-chat-messages-by-mistake/ Social networking giant Facebook temporarily shut down its live chat service this week, after a security flaw caused the site to begin showing some users' chat messages to their other contacts. Thu, 06 May 2010 01:41:00 GMT http://www.infosecurity-us.com/view/9237/facebook-publishes-chat-messages-by-mistake/ http://www.infosecurity-us.com/view/9211/cybercriminals-trading-in-large-volumes-of-facebook-accounts-say-researchers/ Cybercriminals are selling fake and stolen accounts on social networking site Facebook in bulk in the underground economy, according to security researchers. Wed, 05 May 2010 11:53:00 GMT http://www.infosecurity-us.com/view/9211/cybercriminals-trading-in-large-volumes-of-facebook-accounts-say-researchers/ http://www.infosecurity-us.com/view/9197/kernell-convicted-of-palin-hack/ David Kernell, the college student who hacked into former Alaska governor and vice presidential candidate Sarah Palin's email account, has been convicted by a federal jury, and faces up to 21 years in jail. Wed, 05 May 2010 09:48:00 GMT http://www.infosecurity-us.com/view/9197/kernell-convicted-of-palin-hack/ http://www.infosecurity-us.com/view/9196/im-worm-runs-wild-online/ A network worm is spreading through Yahoo Instant Messenger, and has aggressively infected systems globally, according to security vendors. Wed, 05 May 2010 09:36:00 GMT http://www.infosecurity-us.com/view/9196/im-worm-runs-wild-online/ http://www.infosecurity-us.com/view/9200/pump-and-dump-scammers-convicted/ Two pump and dump scammers were convicted by a federal jury this week. G. David Gordon and Richard Clark, both of Tulsa, Oklahoma, will be sentenced for stock trading offenses committed between 2004 and 2006. Wed, 05 May 2010 01:25:00 GMT http://www.infosecurity-us.com/view/9200/pump-and-dump-scammers-convicted/ http://www.infosecurity-us.com/view/9178/apple-could-face-investigation-over-iphone-software/ Apple could face an investigation by US competition authorities into whether the latest version of the software for the firm's iPhone unfairly locks out competitors. Tue, 04 May 2010 11:36:00 GMT http://www.infosecurity-us.com/view/9178/apple-could-face-investigation-over-iphone-software/ http://www.infosecurity-us.com/view/9172/congressional-library-wont-store-deleted-tweets/ The US government has released further information about its plans to store every Twitter post ever produced, for perpetuity, in the Library of Congress. Mon, 03 May 2010 22:10:00 GMT http://www.infosecurity-us.com/view/9172/congressional-library-wont-store-deleted-tweets/ http://www.infosecurity-us.com/view/9171/weekly-brief-may-3-2010/ According to reports in the Virginia Pilot, investigators still have no idea who breached a statewide prescription drug database a year after the event. However, not all online criminals are as smart. Mesquite, Texas-based David Anthony Edwards is pleading guilty to charges of building a custom botnet. Charges allege that he and an accomplice attacked a computer posted by popular ISP The Planet as a demonstration to a potential botnet customer. Mon, 03 May 2010 21:42:00 GMT http://www.infosecurity-us.com/view/9171/weekly-brief-may-3-2010/ http://www.infosecurity-us.com/view/9167/symantec-snaps-up-pgp/ In what must surely mark the end of an era for encryption technology, Symantec is buying PGP Corporation for $300 million. Mon, 03 May 2010 18:15:00 GMT http://www.infosecurity-us.com/view/9167/symantec-snaps-up-pgp/ http://www.infosecurity-us.com/view/9153/ibm-hr-shakeup-could-see-299-000-permanent-staff-jobs-axed/ IBM is considering cutting three-quarters of its 399,000 permanent staff in the next seven years and re-hiring them for projects as part of an HR strategy due to end in 2017. Fri, 30 Apr 2010 15:28:00 GMT http://www.infosecurity-us.com/view/9153/ibm-hr-shakeup-could-see-299-000-permanent-staff-jobs-axed/ http://www.infosecurity-us.com/view/9152/infosecurity-europe-2010-symantec-acquires-pgp-and-guardianedge/ Symantec, now the largest vendor in the security software marketplace, has agreed to buy PGP and GuardianEdge Technologies for $370 million in cash, and in the process gaining access to technology for protecting e-mails and data. Fri, 30 Apr 2010 15:21:00 GMT http://www.infosecurity-us.com/view/9152/infosecurity-europe-2010-symantec-acquires-pgp-and-guardianedge/ http://www.infosecurity-us.com/view/9126/infosecurity-europe-2010-organizations-fall-short-on-securing-website-applications/ IT security professionals in the US believe that their organizations lack proper investment in website application security, even though many of their websites contain ‘mission critical’ applications. This is according to a study conducted by the Ponemon Institute and sponsored by data security firm Imperva and WhiteHat Security, which tests websites for vulnerabilities. Thu, 29 Apr 2010 16:16:00 GMT http://www.infosecurity-us.com/view/9126/infosecurity-europe-2010-organizations-fall-short-on-securing-website-applications/ http://www.infosecurity-us.com/view/9100/infosecurity-europe-2010-arcsight-cto-threat-data-pooling-is-not-welcomed-by-all-itsec-clients/ The last few years have seen a number of IT security vendors – notably those offering free and low-cost anti-virus/malware software – pooling their data anonymously from clients to act as a 'knowledge bank' to tackle new and emerging security threats. Thu, 29 Apr 2010 09:00:00 GMT http://www.infosecurity-us.com/view/9100/infosecurity-europe-2010-arcsight-cto-threat-data-pooling-is-not-welcomed-by-all-itsec-clients/ http://www.infosecurity-us.com/view/9101/infosecurity-europe-2010-there-are-risks-with-the-cloud-/ Everywhere you go at the Infosecurity Europe show taking place in London this week, there are presentations on the benefits of cloud computing. Almost all vendors have a cloud solution and are busy extolling its benefits, but not everyone is convinced. Thu, 29 Apr 2010 09:00:00 GMT http://www.infosecurity-us.com/view/9101/infosecurity-europe-2010-there-are-risks-with-the-cloud-/ http://www.infosecurity-us.com/view/9098/terry-childs-convicted-in-san-fran-network-case-/ Things are not looking good for Terry Childs, the former San Francisco network administrator who compromised the city's network and essentially held it to ransom. Childs was convicted of computer tampering this week, and now faces up to five years in jail. Wed, 28 Apr 2010 19:45:00 GMT http://www.infosecurity-us.com/view/9098/terry-childs-convicted-in-san-fran-network-case-/ http://www.infosecurity-us.com/view/9097/storm-worm-returns-to-internet/ Security researchers have identified a new version of the Storm worm that plagued the internet three years ago. The new version uses HTTP for command-and-control purposes instead of the original peer-to-peer approach, say reports. Wed, 28 Apr 2010 18:10:00 GMT http://www.infosecurity-us.com/view/9097/storm-worm-returns-to-internet/ http://www.infosecurity-us.com/view/9094/infosecurity-europe-2010-isc-md-talks-about-skills-required-in-the-modern-it-security-marketplace/ The role of the IT security manager is changing and, at the Infosecurity Europe show, (ISC)² managing director John Colley gave an interesting presentation on how the landscape is changing – and, of course, how members' skill sets are changing as well. Wed, 28 Apr 2010 16:12:00 GMT http://www.infosecurity-us.com/view/9094/infosecurity-europe-2010-isc-md-talks-about-skills-required-in-the-modern-it-security-marketplace/ http://www.infosecurity-us.com/view/9088/infosecurity-europe-2010-survey-says-us-boasts-highest-data-breach-costs/ A newly released global survey by the Ponemon Institute shows that, among five of the largest industrialized nations, data breaches affecting US organizations are the costliest both in terms of cost per compromised record and the overall price tag per incident. Wed, 28 Apr 2010 15:26:00 GMT http://www.infosecurity-us.com/view/9088/infosecurity-europe-2010-survey-says-us-boasts-highest-data-breach-costs/ http://www.infosecurity-us.com/view/9066/infosecurity-europe-2010-the-human-factors-in-security-vulnerability/ As many in the security profession know, not all hacking involves computers, and, further, not all information security lies in networks. In fact, it may be the case that the most vulnerable element of security includes the people who are tasked with protecting information. Wed, 28 Apr 2010 09:21:00 GMT http://www.infosecurity-us.com/view/9066/infosecurity-europe-2010-the-human-factors-in-security-vulnerability/ http://www.infosecurity-us.com/view/9041/infosecurity-europe-2010-mobile-devices-pose-greater-security-risks-than-laptops-/ The likelihood that a mobile device will be lost or stolen is far greater than that of a laptop. This reality underscores the unique security risks that organizations face when allowing their employees to work remotely. Tue, 27 Apr 2010 11:29:00 GMT http://www.infosecurity-us.com/view/9041/infosecurity-europe-2010-mobile-devices-pose-greater-security-risks-than-laptops-/ http://www.infosecurity-us.com/view/9025/fbi-names-new-cybercrime-director/ The FBI has promoted Gordon M. Snow as assistant director of its Cyber Division, saying that the bureau’s highest priority in the criminal sphere is combating cybercrime. Mon, 26 Apr 2010 17:00:00 GMT http://www.infosecurity-us.com/view/9025/fbi-names-new-cybercrime-director/ http://www.infosecurity-us.com/view/9009/microsoft-withdraws-security-patch-for-windows-media-services/ Microsoft has withdrawn a Windows 2000 Server security patch released on 13 April to fix a flaw in Windows Media Services. Mon, 26 Apr 2010 11:27:00 GMT http://www.infosecurity-us.com/view/9009/microsoft-withdraws-security-patch-for-windows-media-services/ http://www.infosecurity-us.com/view/9007/israel-lifts-apple-ipad-ban/ Israel has lifted a ban on imports of Apple's iPad, which was imposed because authorities said the device's Wi-Fi system was incompatible with Israel's wireless standard. Mon, 26 Apr 2010 11:15:00 GMT http://www.infosecurity-us.com/view/9007/israel-lifts-apple-ipad-ban/ http://www.infosecurity-us.com/view/8991/blippy-suffers-credit-card-number-leak/ Shoppers’ social networking service Blippy suffered a security flaw late last week, after some of its users’ credit card numbers began appearing in search results. Mon, 26 Apr 2010 07:27:00 GMT http://www.infosecurity-us.com/view/8991/blippy-suffers-credit-card-number-leak/ http://www.infosecurity-us.com/view/8989/nsa-holds-cyber-boot-camp/ The National Security Agency is holding the latest in a series of annual cyber defense 'boot camps' designed to test the skills of its staff. For the first time, the NSA is including a 'grey' user in its team, to simulate an uneducated user who clicks on all of the links sent to them, regardless of how suspicious they are. Mon, 26 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8989/nsa-holds-cyber-boot-camp/ http://www.infosecurity-us.com/view/8988/sarah-palin-takes-stand-in-email-hacking-case/ Two days after her daughter Bristol testified about harassment she was subjected to in the wake of her mother’s email account being hacked, Sarah Palin gave her version of the incident at a US District Court in Tennessee on Friday. Fri, 23 Apr 2010 20:17:00 GMT http://www.infosecurity-us.com/view/8988/sarah-palin-takes-stand-in-email-hacking-case/ http://www.infosecurity-us.com/view/8986/two-cybersecurity-posts-filled-by-dhs-/ The Department of Homeland Security recently filled two key cybersecurity posts within its National Cyber Security Division. Fri, 23 Apr 2010 18:34:00 GMT http://www.infosecurity-us.com/view/8986/two-cybersecurity-posts-filled-by-dhs-/ http://www.infosecurity-us.com/view/8973/microsoft-wins-piracy-battle-in-china/ Microsoft has won its first big piracy battle in China against a Shanghai-based insurer. Fri, 23 Apr 2010 10:51:00 GMT http://www.infosecurity-us.com/view/8973/microsoft-wins-piracy-battle-in-china/ http://www.infosecurity-us.com/view/8972/mcafee-blames-qa-process-change-for-faulty-update/ Companies around the world have been forced to clean up thousands of computers after the flawed McAfee anti-virus update released on Wednesday caused chaos. Fri, 23 Apr 2010 10:42:00 GMT http://www.infosecurity-us.com/view/8972/mcafee-blames-qa-process-change-for-faulty-update/ http://www.infosecurity-us.com/view/8962/rapid7-readies-metasploit-express/ Rapid7 has introduced a new version of its Metasploit penetration testing tool designed for organizations with limited time and budget. Fri, 23 Apr 2010 10:27:00 GMT http://www.infosecurity-us.com/view/8962/rapid7-readies-metasploit-express/ http://www.infosecurity-us.com/view/8961/flashbased-client-device-identification-on-the-way-out/ Gartner has warned that the use of Flash local storage as a means of verifying end-user devices for security purposes is coming to an end. Fri, 23 Apr 2010 10:19:00 GMT http://www.infosecurity-us.com/view/8961/flashbased-client-device-identification-on-the-way-out/ http://www.infosecurity-us.com/view/8963/researchers-develop-gpsfree-phone-tracking-hack/ Security researchers have discovered a way to track a mobile phone user's whereabouts without using a GPS signal, it was revealed this week. It is even possible to listen in on telephone voicemails, according to the information, divulged in a presentation at the SOURCE Boston security conference this week. Thu, 22 Apr 2010 22:29:00 GMT http://www.infosecurity-us.com/view/8963/researchers-develop-gpsfree-phone-tracking-hack/ http://www.infosecurity-us.com/view/8959/palin-kin-testifies-in-email-hacking-case/ Bristol Palin, the daughter of Republican party darling Sarah Palin, testified yesterday at the trial of a former Tennessee college student who has been indicted for hacking into the email account of the former vice presidential candidate. Thu, 22 Apr 2010 17:28:00 GMT http://www.infosecurity-us.com/view/8959/palin-kin-testifies-in-email-hacking-case/ http://www.infosecurity-us.com/view/8952/mcafee-security-software-flags-windows-kernel-code-as-malware/ Reports are coming in that McAfee's popular IT security software is tagging Microsoft Windows system files as malicious, causing serious stability problems, screen freezes and bootup loops for a large number of Windows XP users. Thu, 22 Apr 2010 14:38:00 GMT http://www.infosecurity-us.com/view/8952/mcafee-security-software-flags-windows-kernel-code-as-malware/ http://www.infosecurity-us.com/view/8928/us-malicious-internet-traffic-doubled-says-akamai/ Malicious internet traffic emanating from the US almost doubled between the third and fourth quarters of last year, according to figures released by Akamai this week. Thu, 22 Apr 2010 09:59:00 GMT http://www.infosecurity-us.com/view/8928/us-malicious-internet-traffic-doubled-says-akamai/ http://www.infosecurity-us.com/view/8929/google-fixes-chrome-flaws/ Google has closed four high-priority vulnerabilities in version 4 of its Chrome browser for Windows. Thu, 22 Apr 2010 09:54:00 GMT http://www.infosecurity-us.com/view/8929/google-fixes-chrome-flaws/ http://www.infosecurity-us.com/view/8930/owasp-updates-application-vulnerability-list/ The Open Web Application Security Project (OWASP) has refreshed its list of the top 10 web application vulnerabilities, swapping out two items for new risks. Thu, 22 Apr 2010 09:43:00 GMT http://www.infosecurity-us.com/view/8930/owasp-updates-application-vulnerability-list/ http://www.infosecurity-us.com/view/8927/new-jersey-considers-debit-card-protection-bill/ Identity theft in the Garden State may be a bit more difficult to pull off soon enough. That is, if a group of New Jersey lawmakers get their way and establishes legal protections on what debit card information can be printed on sales receipts. Wed, 21 Apr 2010 20:32:00 GMT http://www.infosecurity-us.com/view/8927/new-jersey-considers-debit-card-protection-bill/ http://www.infosecurity-us.com/view/8890/trusteer-detects-rapid-spread-of-new-polymorphic-zeus-trojan/ Trusteer says it has detected a completely new version of the Zeus password stealing trojan that has been designed to steal online banking credentials. Wed, 21 Apr 2010 10:00:00 GMT http://www.infosecurity-us.com/view/8890/trusteer-detects-rapid-spread-of-new-polymorphic-zeus-trojan/ http://www.infosecurity-us.com/view/8891/un-rejects-international-cybercrime-treaty/ The United Nations has rejected a Russia-backed proposal for a treaty on cybercrime, despite widespread agreement that closer international co-operation is vital in a world more closely connected by global computer networks. Wed, 21 Apr 2010 10:00:00 GMT http://www.infosecurity-us.com/view/8891/un-rejects-international-cybercrime-treaty/ http://www.infosecurity-us.com/view/8877/hackers-stole-google-password-program/ The hackers responsible for the Operation Aurora attack against Google also managed to compromise its single sign-on password system, according to a report in the New York Times this week. The attack, which happened in December, targeted a highly secretive system operated by the search engine giant called Gaia last December. Wed, 21 Apr 2010 07:05:00 GMT http://www.infosecurity-us.com/view/8877/hackers-stole-google-password-program/ http://www.infosecurity-us.com/view/8875/extortion-trojan-targets-torrent-site-users/ Anti-malware company Avira has reported an extortion scam designed to scare torrent site users into giving their credit card information to a phishing site. Wed, 21 Apr 2010 00:12:00 GMT http://www.infosecurity-us.com/view/8875/extortion-trojan-targets-torrent-site-users/ http://www.infosecurity-us.com/view/8876/pdf-attacks-skyrocket-says-symantec/ Web-based attackers are increasingly targeting PDF files to compromise machines online, according to new figures released by Symantec. In the April version of its Internet Security Threat Report, the company revealed that half of all Web-based attacks in 2009 targeted PDF files, compared to just one in 10 attacks reported the previous year. Wed, 21 Apr 2010 00:00:00 GMT http://www.infosecurity-us.com/view/8876/pdf-attacks-skyrocket-says-symantec/ http://www.infosecurity-us.com/view/8873/mississippi-ratifies-data-protection-law/ Mississippi became the most recent state to pass a data breach measure last week, leaving just four states without similar protections. However, the law does not permit citizens of the Magnolia State to sue for damages that result from a data breach. Tue, 20 Apr 2010 22:15:00 GMT http://www.infosecurity-us.com/view/8873/mississippi-ratifies-data-protection-law/ http://www.infosecurity-us.com/view/8851/malicious-activity-in-emerging-regions-a-threat-to-all-business-says-symantec/ Businesses need to take note of the increase in malicious cyber activity in emerging countries, particularly those offshore and outsourced operations, says Symantec. Tue, 20 Apr 2010 10:00:00 GMT http://www.infosecurity-us.com/view/8851/malicious-activity-in-emerging-regions-a-threat-to-all-business-says-symantec/ http://www.infosecurity-us.com/view/8844/weekly-brief-april-20-2010/ Infosecurity charts the week's news. Tue, 20 Apr 2010 07:10:00 GMT http://www.infosecurity-us.com/view/8844/weekly-brief-april-20-2010/ http://www.infosecurity-us.com/view/8845/lower-merion-school-district-in-voyeur-scrape-over-webcam/ Administrators at Pennsylvania-based Harriton High School downloaded over 400 screenshots and webcam pictures of student Blake Robbins rather than the one or two previously estimated, according to a new motion filed in the court case between Robbins' family and the lower Merion School District. They also downloaded many images of other students, the District has admitted. Tue, 20 Apr 2010 07:05:00 GMT http://www.infosecurity-us.com/view/8845/lower-merion-school-district-in-voyeur-scrape-over-webcam/ http://www.infosecurity-us.com/view/8843/google-chrome-used-as-trojan-bait/ A trojan has appeared posing as an extension to the Google Chrome browser. Delivered via email, the invitation to install the software tempts users with promises of a function to access documents from emails. Tue, 20 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8843/google-chrome-used-as-trojan-bait/ http://www.infosecurity-us.com/view/8850/israel-blocks-us-ipad-imports/ Israel has banned Apple's iPad from entering the country from the US and has threatened to confiscate the newly released devices from passengers at airports. Tue, 20 Apr 2010 00:59:00 GMT http://www.infosecurity-us.com/view/8850/israel-blocks-us-ipad-imports/ http://www.infosecurity-us.com/view/8849/cyber-attack-on-google-hit-password-system/ A Google insider has revealed that the losses incurred by cyber attacks on the firm, disclosed in January, included a password system that controls access to almost all Google web services. Tue, 20 Apr 2010 00:47:00 GMT http://www.infosecurity-us.com/view/8849/cyber-attack-on-google-hit-password-system/ http://www.infosecurity-us.com/view/8840/new-mac-malware-warning/ Mac security software provider Intego has issued an alert for a new malware strain affecting Mac OS X. Mon, 19 Apr 2010 17:51:00 GMT http://www.infosecurity-us.com/view/8840/new-mac-malware-warning/ http://www.infosecurity-us.com/view/8836/fbi-director-requests-more-cybersecurity-staff/ The FBI has submitted its fiscal year 2011 budget demands to Congress, requesting additional resources for several cybersecurity concerns, including computer intrusions and counterintelligence. Mon, 19 Apr 2010 16:36:00 GMT http://www.infosecurity-us.com/view/8836/fbi-director-requests-more-cybersecurity-staff/ http://www.infosecurity-us.com/view/8790/porn-sites-top-driveby-download-list/ Porn sites are still the most likely online destinations to be compromised with malware, in spite of increasing attacks on legitimate non-porn websites, according to a report released by security company Commtouch this week. Mon, 19 Apr 2010 07:11:00 GMT http://www.infosecurity-us.com/view/8790/porn-sites-top-driveby-download-list/ http://www.infosecurity-us.com/view/8789/former-nsa-official-indicted-for-information-theft/ A former National Security Agency senior executive has been indicted for retaining classified information, obstructing justice and making false statements. Mon, 19 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8789/former-nsa-official-indicted-for-information-theft/ http://www.infosecurity-us.com/view/8788/researchers-reveal-internet-explorer-8-xss-filtering-flaw/ A pair of security researchers have identified a way to use security tools within Internet Explorer 8 to compromise a website. The attack uses cross-site scripting filters implemented in the latest version of the Microsoft browser to execute cross-site scripting attacks on sites that would normally be invulnerable to them. Sun, 18 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8788/researchers-reveal-internet-explorer-8-xss-filtering-flaw/ http://www.infosecurity-us.com/view/8787/apple-issues-patch-for-mac-hack/ Apple has issued a second security patch for its OS X for the second time in less than a month. This time the company looked to plug alleged security holes in the Safari browser that were uncovered by a researcher at this year’s CanSecWest conference. Fri, 16 Apr 2010 17:38:00 GMT http://www.infosecurity-us.com/view/8787/apple-issues-patch-for-mac-hack/ http://www.infosecurity-us.com/view/8764/researcher-releases-malware-hub-forensics-tool-for-firefox/ A Websense researcher has released a forensics tool designed to identify malicious web content from within the Firefox browser. Called Fireshark, the plug-in was released on Wednesday at the Black Hat security conference by Stephan Chenette, a principal security researcher at Websense. Thu, 15 Apr 2010 21:00:00 GMT http://www.infosecurity-us.com/view/8764/researcher-releases-malware-hub-forensics-tool-for-firefox/ http://www.infosecurity-us.com/view/8762/apacheorg-hit-by-xss-attack/ The website for the open source Apache Web server at Apache.org was compromised this month by a targeted attack, said the Apache Software Foundation, which has provided a detailed blow-by-blow account of the hack. Thu, 15 Apr 2010 20:53:00 GMT http://www.infosecurity-us.com/view/8762/apacheorg-hit-by-xss-attack/ http://www.infosecurity-us.com/view/8761/new-zeus-attack-uses-adobe-design-flaw-/ The Zeus botnet continues to spread graciously, according to new data collected by Websense – and other researchers say that it is exploring a recently discovered design flaw in the Adobe PDF file format. Thu, 15 Apr 2010 20:43:00 GMT http://www.infosecurity-us.com/view/8761/new-zeus-attack-uses-adobe-design-flaw-/ http://www.infosecurity-us.com/view/8760/americans-uneasy-about-identity-theft-and-security-of-online-transactions/ A semi-annual report from Unisys shows that, when it comes to overall security, Americans are chiefly concerned about the unauthorized use of banking card information and identity theft. Thu, 15 Apr 2010 19:58:00 GMT http://www.infosecurity-us.com/view/8760/americans-uneasy-about-identity-theft-and-security-of-online-transactions/ http://www.infosecurity-us.com/view/8739/washington-passes-additional-data-breach-measure/ The state of Washington recently enacted a supplemental data breach law intended to protect financial institutions from data breaches that occur as a result of negligence by businesses or card processors, primarily those that do not encrypt card data or fail to comply with PCI DSS rules. Wed, 14 Apr 2010 21:56:00 GMT http://www.infosecurity-us.com/view/8739/washington-passes-additional-data-breach-measure/ http://www.infosecurity-us.com/view/8735/attackers-use-pac-feature-to-redirect-browsers/ Brazilian malware writers are making use of a long-available feature within most modern browsers to launch attacks that redirect victims to malicious websites without their knowledge. The feature, known as proxy auto config, is turning up in banking trojans, according to researchers from Kaspersky. Wed, 14 Apr 2010 20:46:00 GMT http://www.infosecurity-us.com/view/8735/attackers-use-pac-feature-to-redirect-browsers/ http://www.infosecurity-us.com/view/8734/game-consoles-at-work-threaten-corporate-security/ Games console in the workplace pose an increasingly serious threat to enterprise security, according to new research from Sunbelt Software. The anti-malware vendor said that almost 4 in 10 respondents to the survey had no idea about any of the documented threats relating to online console gaming. Wed, 14 Apr 2010 20:36:00 GMT http://www.infosecurity-us.com/view/8734/game-consoles-at-work-threaten-corporate-security/ http://www.infosecurity-us.com/view/8731/feds-lagging-on-fdcc-watchdog-says/ Federal agencies are lagging behind in the implementation of the Federal Desktop Core Configuration (FDCC) requirements, according to the US Government Accountability Office. Wed, 14 Apr 2010 20:19:00 GMT http://www.infosecurity-us.com/view/8731/feds-lagging-on-fdcc-watchdog-says/ http://www.infosecurity-us.com/view/8714/second-quarterly-patch-from-adobe-fixes-15-vulnerabilities/ Adobe released a mammoth set of security updates in its regular quarterly patch announcement yesterday. It also introduced an automatic updater for its PDF reader after several months of beta testing. Wed, 14 Apr 2010 00:26:00 GMT http://www.infosecurity-us.com/view/8714/second-quarterly-patch-from-adobe-fixes-15-vulnerabilities/ http://www.infosecurity-us.com/view/8709/network-solutions-fixes-wordpress-installations/ Web hosting company Network Solutions has deployed a massive fix for a configuration flaw that led to hundreds of WordPress blogs being compromised. Tue, 13 Apr 2010 20:59:00 GMT http://www.infosecurity-us.com/view/8709/network-solutions-fixes-wordpress-installations/ http://www.infosecurity-us.com/view/8708/symantec-upgrades-key-products/ Symantec announced a range of new products today designed to lock down business IT assets. It unveiled version 10 of its Control Compliance Suite, Data Loss Prevention Suite 10.5, Altiris IT Management Suite 7.0, and its Symantec Protection Suites. Tue, 13 Apr 2010 20:17:00 GMT http://www.infosecurity-us.com/view/8708/symantec-upgrades-key-products/ http://www.infosecurity-us.com/view/8707/it-job-growth-stagnates-during-march/ Numbers from IT advocacy group TechServe Alliance show that IT job growth declined month-over-month in March, putting a halt to the uptick the industry has experienced since December of last year. Tue, 13 Apr 2010 19:20:00 GMT http://www.infosecurity-us.com/view/8707/it-job-growth-stagnates-during-march/ http://www.infosecurity-us.com/view/8689/weekly-brief-april-13-2010/ Infosecurity reviews the week's security news Tue, 13 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8689/weekly-brief-april-13-2010/ http://www.infosecurity-us.com/view/8691/exif-mining-tool-released/ EviGator has released TAG Examiner, a tool for examining large quantities of image files to recover metadata. Mon, 12 Apr 2010 21:38:00 GMT http://www.infosecurity-us.com/view/8691/exif-mining-tool-released/ http://www.infosecurity-us.com/view/8690/bitdefender-discovers-pc-malware-using-iphone-as-bait/ BitDefender has discovered a new PC malware spreading mechanism targeting iPhone users who want to jailbreak their devices. Mon, 12 Apr 2010 21:16:00 GMT http://www.infosecurity-us.com/view/8690/bitdefender-discovers-pc-malware-using-iphone-as-bait/ http://www.infosecurity-us.com/view/8688/microsoft-to-fix-f1-bug/ Microsoft plans to fix the 'F1' security bug that has been plaguing Internet Explorer users for six weeks in its monthly set of security patches tomorrow. Mon, 12 Apr 2010 20:44:00 GMT http://www.infosecurity-us.com/view/8688/microsoft-to-fix-f1-bug/ http://www.infosecurity-us.com/view/8686/new-york-resident-sentenced-in-charles-schwab-hacking-scam/ A Manhattan resident was sentenced last week for his part in an international money laundering and data theft scheme that hacked into accounts at brokerage firm Charles Schwab. Mon, 12 Apr 2010 20:22:00 GMT http://www.infosecurity-us.com/view/8686/new-york-resident-sentenced-in-charles-schwab-hacking-scam/ http://www.infosecurity-us.com/view/8668/secure-virtualized-operating-system-launched/ Security researcher Joanna Rutkowska has released an open source operating system, called Qubes, designed to offer better protection against rootkits. Mon, 12 Apr 2010 07:16:00 GMT http://www.infosecurity-us.com/view/8668/secure-virtualized-operating-system-launched/ http://www.infosecurity-us.com/view/8667/alternate-data-stream-tool-launched/ RootKitAnalytics has made a tool available for discovering hidden alternate data streams. Called StreamArmor, it is designed to analyze a feature of the Windows file system that allows hidden data to be embedded in files. Mon, 12 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8667/alternate-data-stream-tool-launched/ http://www.infosecurity-us.com/view/8666/isaca-survey-reveals-uncertainty-over-cloud-computing-security-risks/ Nearly half of US IT professionals surveyed by ISACA said they believe that the security risks of cloud computing outweigh the potential benefits. Fri, 09 Apr 2010 21:00:00 GMT http://www.infosecurity-us.com/view/8666/isaca-survey-reveals-uncertainty-over-cloud-computing-security-risks/ http://www.infosecurity-us.com/view/8633/china-denies-shadow-network-ties/ The Chinese government is strongly denying any involvement with a cyber-espionage network that was discovered by Canadian researchers and unveiled in a report this week. Fri, 09 Apr 2010 00:58:00 GMT http://www.infosecurity-us.com/view/8633/china-denies-shadow-network-ties/ http://www.infosecurity-us.com/view/8632/70-arrested-in-romania-in-cybercrime-ring/ Seventy people were arrested in Romania this week as part of an investigation of three organised criminal groups connected with cybercrime. Fri, 09 Apr 2010 00:53:00 GMT http://www.infosecurity-us.com/view/8632/70-arrested-in-romania-in-cybercrime-ring/ http://www.infosecurity-us.com/view/8631/kaspersky-patents-codetracing-technology/ Kaspersky has successfully patented technology that enables analysts to trace the activity of software code without infringing upon intellectual property. Fri, 09 Apr 2010 00:42:00 GMT http://www.infosecurity-us.com/view/8631/kaspersky-patents-codetracing-technology/ http://www.infosecurity-us.com/view/8628/poll-shows-facebook-users-oppose-privacy-policy-changes/ A survey conducted by IT security vendor Sophos shows that an overwhelming percentage of Facebook members oppose the social networking site’s privacy policy changes, prompting the company to say that the site is eroding online privacy. Thu, 08 Apr 2010 18:23:00 GMT http://www.infosecurity-us.com/view/8628/poll-shows-facebook-users-oppose-privacy-policy-changes/ http://www.infosecurity-us.com/view/8626/isaca-intros-new-examination-qualification/ ISACA, the not-for-profit IT security association, is introducing a new examination qualification. Thu, 08 Apr 2010 18:00:00 GMT http://www.infosecurity-us.com/view/8626/isaca-intros-new-examination-qualification/ http://www.infosecurity-us.com/view/8590/gracenote-civolution-in-ugc-fingerprinting-deal/ Content watermarking firm Civolution has signed an expanded long-term agreement with online music database firm Gracenote to jointly market an audio and video content identification platform that lets content owners and service providers filter and monitor content. Thu, 08 Apr 2010 00:37:00 GMT http://www.infosecurity-us.com/view/8590/gracenote-civolution-in-ugc-fingerprinting-deal/ http://www.infosecurity-us.com/view/8589/riverbed-and-mcafee-in-optimization-deal/ McAfee has signed a deal with IT performance optimisation company Riverbed Technology to embed its firewall technology in the Riverbed Steelhead WAN optimisation appliance. Thu, 08 Apr 2010 00:31:00 GMT http://www.infosecurity-us.com/view/8589/riverbed-and-mcafee-in-optimization-deal/ http://www.infosecurity-us.com/view/8583/security-community-reacts-to-ipad/ Apple shipped its much-anticipated iPad over the weekend, and the security community has responded quickly. Not only have antivirus companies targeted it with product, but hackers have already jailbroken the iPad device. Wed, 07 Apr 2010 20:22:00 GMT http://www.infosecurity-us.com/view/8583/security-community-reacts-to-ipad/ http://www.infosecurity-us.com/view/8547/korea-reigns-as-king-of-malware-threats-/ The US has lost its place atop the leader board as the chief source of malware in March, as research from Network Box indicates Korea – mainly South Korea – can now claim the top spot when phishing attempts are included in the statistics. Tue, 06 Apr 2010 22:00:00 GMT http://www.infosecurity-us.com/view/8547/korea-reigns-as-king-of-malware-threats-/ http://www.infosecurity-us.com/view/8545/weekly-brief-april-6-2010/ Infosecurity rounds up the week's news Tue, 06 Apr 2010 19:42:00 GMT http://www.infosecurity-us.com/view/8545/weekly-brief-april-6-2010/ http://www.infosecurity-us.com/view/8540/researcher-makes-pdf-files-wormable/ A security researcher has come up with a proof-of-concept attack that enables malicious executables to be remotely injected into clean PDF files. Tue, 06 Apr 2010 18:44:00 GMT http://www.infosecurity-us.com/view/8540/researcher-makes-pdf-files-wormable/ http://www.infosecurity-us.com/view/8538/companies-lag-behind-on-cloud-security/ Enterprise customers are lagging behind on cloud security, according to a study released by Symantec and the Ponemon Institute. Tue, 06 Apr 2010 17:40:00 GMT http://www.infosecurity-us.com/view/8538/companies-lag-behind-on-cloud-security/ http://www.infosecurity-us.com/view/8505/coalition-calls-for-reform-of-electronic-privacy-law/ Tech vendors, interest groups, and academics have formed a coalition advocating for modification of the Electronic Communications Privacy Act, which they claim is severely out-of-date. Thu, 01 Apr 2010 20:00:00 GMT http://www.infosecurity-us.com/view/8505/coalition-calls-for-reform-of-electronic-privacy-law/ http://www.infosecurity-us.com/view/8504/fortinet-scammers-shifting-to-ransomware/ Ransomware and scareware continue to be huge threats, according to the March 2010 edition of the Fortinet Threatscape report. Thu, 01 Apr 2010 19:26:00 GMT http://www.infosecurity-us.com/view/8504/fortinet-scammers-shifting-to-ransomware/ http://www.infosecurity-us.com/view/8503/microsoft-uses-computing-grid-to-weed-out-office-bugs/ Microsoft has discovered a slew of bugs in Office 2010 by building what amounts to a legitimate botnet for software testing. Engineers within Microsoft have created a grid-style system that employs unused computing time on internal PCs to run fuzz tests against its software. Thu, 01 Apr 2010 18:51:00 GMT http://www.infosecurity-us.com/view/8503/microsoft-uses-computing-grid-to-weed-out-office-bugs/ http://www.infosecurity-us.com/view/8502/ebay-comes-under-attack-says-red-condor/ eBay is the victim of a phishing attack that uses its own compromised server, according to email filtering company Red Condor. Thu, 01 Apr 2010 18:00:00 GMT http://www.infosecurity-us.com/view/8502/ebay-comes-under-attack-says-red-condor/ http://www.infosecurity-us.com/view/8498/facebook-to-change-its-privacy-policy-again/ Reports are coming in that social networking giant Facebook is proposing a change to its privacy policy. And in true social networking style, users seem apathetic to the changes, despite their importance, says Sophos, the IT security vendor. Thu, 01 Apr 2010 15:55:00 GMT http://www.infosecurity-us.com/view/8498/facebook-to-change-its-privacy-policy-again/ http://www.infosecurity-us.com/view/8477/ibm-and-faa-working-together-on-security-project/ IBM is working with the US Federal Aviation Administration on research to secure the US civilian aviation system from electronic attack. Thu, 01 Apr 2010 10:49:00 GMT http://www.infosecurity-us.com/view/8477/ibm-and-faa-working-together-on-security-project/ http://www.infosecurity-us.com/view/8475/social-gamers-are-ideal-spammer-targets-says-bitdefender/ Social gaming networks are becoming a fruitful space for spammers thanks to socially promiscuous users, according to research published by anti-malware company BitDefender. Thu, 01 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8475/social-gamers-are-ideal-spammer-targets-says-bitdefender/ http://www.infosecurity-us.com/view/8476/botnet-targets-vietnamese-speakers/ Vietnamese speakers have been targeted in an attack that researchers are describing as politically motivated. Thu, 01 Apr 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8476/botnet-targets-vietnamese-speakers/ http://www.infosecurity-us.com/view/8474/obama-nominates-california-cio-for-dod-post/ Earlier this week President Obama nominated state of California CIO Teri Takai to be the new CIO and assistant secretary for the Department of Defense. Wed, 31 Mar 2010 22:00:00 GMT http://www.infosecurity-us.com/view/8474/obama-nominates-california-cio-for-dod-post/ http://www.infosecurity-us.com/view/8471/social-networking-site-users-failing-on-privacy-says-webroot/ Research commissioned by internet security specialist Webroot has revealed that 37% of social networkers have blocked search engines from showing their profiles to people they do not know. Wed, 31 Mar 2010 21:34:00 GMT http://www.infosecurity-us.com/view/8471/social-networking-site-users-failing-on-privacy-says-webroot/ http://www.infosecurity-us.com/view/8449/trojans-continue-to-top-malware-list/ New research conducted by Panda Security shows that 61% of new threats created in the first quarter of 2010 were trojans. Tue, 30 Mar 2010 23:25:00 GMT http://www.infosecurity-us.com/view/8449/trojans-continue-to-top-malware-list/ http://www.infosecurity-us.com/view/8448/it-executives-clueless-about-file-transfer/ More than seven in ten IT executives have no idea what files are moving out of their organizatiocns, according to a survey conducted at the RSA onference by Ipswitch earlier this month. Tue, 30 Mar 2010 23:00:00 GMT http://www.infosecurity-us.com/view/8448/it-executives-clueless-about-file-transfer/ http://www.infosecurity-us.com/view/8446/malware-lifespan-continues-to-shorten-says-blue-coat/ Malware adaptation rates are getting faster, according to a report from Blue Coat Systems. The average lifespan of malware dropped to two hours last year, from up to seven hours in 2007, it said, adding that this has had a significant effect on the effectiveness of software patches. Tue, 30 Mar 2010 22:11:00 GMT http://www.infosecurity-us.com/view/8446/malware-lifespan-continues-to-shorten-says-blue-coat/ http://www.infosecurity-us.com/view/8439/apple-releases-massive-round-of-os-x-patches/ Apple issued an update to its Leopard and Snow Leopard systems yesterday, comprising numerous security, functionality and compatability fixes. Tue, 30 Mar 2010 20:53:00 GMT http://www.infosecurity-us.com/view/8439/apple-releases-massive-round-of-os-x-patches/ http://www.infosecurity-us.com/view/8431/record-season-for-tax-irs-phishing-scams-/ Data from McAfee show that the number of fake IRS domains is already at a record level when compared with last year’s numbers, as the security vendor warns last-minute filers not to fall prey to the various methods of identity and data theft that capitalize on tax season. Tue, 30 Mar 2010 16:15:00 GMT http://www.infosecurity-us.com/view/8431/record-season-for-tax-irs-phishing-scams-/ http://www.infosecurity-us.com/view/8420/microsoft-releases-another-outofband-ie-patch/ Microsoft has notified customers of an out-of-band patch to be issued on Tuesday. The patch is designed to rectify a zero-day vulnerability in Internet Explorer that enables remote code to be arbitrarily executed on a victim's system. Tue, 30 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8420/microsoft-releases-another-outofband-ie-patch/ http://www.infosecurity-us.com/view/8421/codenomicon-releases-network-analysis-tool/ Security software company Codenomicon has released a network analysis tool that lets administrators visualize network traffic. Tue, 30 Mar 2010 06:37:00 GMT http://www.infosecurity-us.com/view/8421/codenomicon-releases-network-analysis-tool/ http://www.infosecurity-us.com/view/8413/weekly-brief-march-29-2010/ Infosecurity covers the last week's news highlights Mon, 29 Mar 2010 20:51:00 GMT http://www.infosecurity-us.com/view/8413/weekly-brief-march-29-2010/ http://www.infosecurity-us.com/view/8387/govt-moves-to-protect-electricity-grid-from-hacker-and-terrorist-attacks/ Legislation that seeks to protect the nation's electricity grid from any form of attack has been passed by the Energy and Environment Subcommittee. Fri, 26 Mar 2010 21:00:00 GMT http://www.infosecurity-us.com/view/8387/govt-moves-to-protect-electricity-grid-from-hacker-and-terrorist-attacks/ http://www.infosecurity-us.com/view/8386/symantec-reveals-china-and-rar-files-are-a-rising-threat/ Research just released by Symantec claims to show that targeted attacks are on the rise, with email originating from China and RAR attachments being a major source of security problems. Fri, 26 Mar 2010 20:58:00 GMT http://www.infosecurity-us.com/view/8386/symantec-reveals-china-and-rar-files-are-a-rising-threat/ http://www.infosecurity-us.com/view/8385/tjx-card-fraud-mastermind-jailed-for-20-years-/ A self-confessed computer hacker who pleaded guilty to some of the most serious card account hacking and ID frauds in US history, has been sentenced to 20 years in prison. Fri, 26 Mar 2010 20:50:00 GMT http://www.infosecurity-us.com/view/8385/tjx-card-fraud-mastermind-jailed-for-20-years-/ http://www.infosecurity-us.com/view/8358/mozilla-issues-early-update-to-patch-firefox-flaw/ A security researcher has uncovered a vulnerability in the latest version of the Firefox browser, prompting Mozilla to issue an update ahead of schedule. Thu, 25 Mar 2010 19:44:00 GMT http://www.infosecurity-us.com/view/8358/mozilla-issues-early-update-to-patch-firefox-flaw/ http://www.infosecurity-us.com/view/8339/man-who-hacked-president-obamas-twitter-account-arrested/ The man behind some of the most famous Twitter hacking events, including breaking into the account of President Obama, has been arrested in France. Thu, 25 Mar 2010 12:18:00 GMT http://www.infosecurity-us.com/view/8339/man-who-hacked-president-obamas-twitter-account-arrested/ http://www.infosecurity-us.com/view/8338/symantec-intros-web-security-monitoring-service/ California's Symantec has taken the wraps off Web Security Monitoring (WSM), a new service for companies to check on their websites and ensure they are not being hacked, or perhaps worse, infecting their internet users. Thu, 25 Mar 2010 12:11:00 GMT http://www.infosecurity-us.com/view/8338/symantec-intros-web-security-monitoring-service/ http://www.infosecurity-us.com/view/8337/sunbelt-software-updates-sandbox-to-tackle-zeroday-attacks/ Sunbelt Software has updated its Sandbox automated dynamic malware analysis utility to deal with the increasing problem of zero-day targeted internet attacks. Thu, 25 Mar 2010 12:00:00 GMT http://www.infosecurity-us.com/view/8337/sunbelt-software-updates-sandbox-to-tackle-zeroday-attacks/ http://www.infosecurity-us.com/view/8322/stringscom-intros-extends-tracker-service-to-twitter/ Washington state-based Strings.com has extended its just-launched web tracking service to include Twitter, the microblogging portal and internet service. Wed, 24 Mar 2010 19:23:00 GMT http://www.infosecurity-us.com/view/8322/stringscom-intros-extends-tracker-service-to-twitter/ http://www.infosecurity-us.com/view/8320/symantec-reports-on-10-riskiest-us-cities-for-electronic-crime/ Realtors love to wave lists of the top cities in the US for crime, and tell you that your potential new home is not on the list, but what about the top 10 cities for electronic crime? Symantec has stepped up to the plate and come up with just such a list. Wed, 24 Mar 2010 18:58:00 GMT http://www.infosecurity-us.com/view/8320/symantec-reports-on-10-riskiest-us-cities-for-electronic-crime/ http://www.infosecurity-us.com/view/8319/cybercriminals-becoming-more-and-more-specialized-says-fbi/ If ever proof were needed that cybercriminals are using complex attack methodologies, it came from an unlikely source this week: the FBI. Wed, 24 Mar 2010 18:52:00 GMT http://www.infosecurity-us.com/view/8319/cybercriminals-becoming-more-and-more-specialized-says-fbi/ http://www.infosecurity-us.com/view/8285/new-hampshire-lawmakers-reject-biometric-id-restrictions/ The New Hampshire House of Representatives turned down a bill proposed earlier in the year that would have restricted the use of biometric IDs within the state. Wed, 24 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8285/new-hampshire-lawmakers-reject-biometric-id-restrictions/ http://www.infosecurity-us.com/view/8283/google-china-redirecting-search-service-to-hong-kong/ Numerous reports over the last few weeks pointed toward a complete withdrawal of Google’s search business in China, but the search giant has confounded expectations by simply redirecting its Google.cn site to a server in Hong Kong. Tue, 23 Mar 2010 15:39:00 GMT http://www.infosecurity-us.com/view/8283/google-china-redirecting-search-service-to-hong-kong/ http://www.infosecurity-us.com/view/8273/esoft-unveils-sitefilter-30-for-oems/ eSoft has taken the wraps off a major update to its secure web filtering service, Sitefilter 3.0, which is used as a 'white label' facility by a number of third-party organizations. Tue, 23 Mar 2010 12:57:00 GMT http://www.infosecurity-us.com/view/8273/esoft-unveils-sitefilter-30-for-oems/ http://www.infosecurity-us.com/view/8272/new-phishing-scam-hits-twitter/ Another phishing scam is reportedly hitting Twitter, the social networking site and service. This latest one involves private messages being exchanged between members of the microblogging service, which then attempt to extract users' IDs and passwords. Tue, 23 Mar 2010 12:50:00 GMT http://www.infosecurity-us.com/view/8272/new-phishing-scam-hits-twitter/ http://www.infosecurity-us.com/view/8271/mcafee-unveils-cloud-secure-program/ McAfee has taken the wraps off its Cloud Secure program, which seeks to allow the growing number of software-as-a-service (SaaS) providers with additional layers of security for their cloud deployments. Tue, 23 Mar 2010 12:41:00 GMT http://www.infosecurity-us.com/view/8271/mcafee-unveils-cloud-secure-program/ http://www.infosecurity-us.com/view/8254/sophos-identifies-fake-antivirus-software-targeting-windows-7/ A security expert at Sophos has unveiled fake antivirus software targeting the new Windows 7 operating system. Tue, 23 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8254/sophos-identifies-fake-antivirus-software-targeting-windows-7/ http://www.infosecurity-us.com/view/8253/northern-iowa-upset-of-kansas-leads-to-infected-online-search-results/ When the number one seed in this year’s NCAA basketball tournament fell to the University of Northern Iowa over the weekend, black hats wasted little time playing the SEO game and thereby poising search engine results with malware-infected pages. Mon, 22 Mar 2010 17:29:00 GMT http://www.infosecurity-us.com/view/8253/northern-iowa-upset-of-kansas-leads-to-infected-online-search-results/ http://www.infosecurity-us.com/view/8240/secunias-vulnerability-intelligence-linked-with-microsoft-patch-management-technology/ Secunia has announced that its authenticated internal vulnerability scanner, the Corporate Software Inspector (CSI) 4.0, has been integrated with Microsoft Windows Server Update Service (WSUS) and System Center Configuration Manager (SCCM). Mon, 22 Mar 2010 11:42:00 GMT http://www.infosecurity-us.com/view/8240/secunias-vulnerability-intelligence-linked-with-microsoft-patch-management-technology/ http://www.infosecurity-us.com/view/8236/58-of-software-vulnerable-to-googlestyle-security-breaches-/ Research just released claims to show that 58% of business software is vulnerable to the same security breaches as a seen on Google, the US Department of Defense, and other sites. Mon, 22 Mar 2010 11:30:00 GMT http://www.infosecurity-us.com/view/8236/58-of-software-vulnerable-to-googlestyle-security-breaches-/ http://www.infosecurity-us.com/view/8217/senators-push-biometric-id-cards-as-illegal-immigration-solution/ In an effort to fix what they called a “badly broken” immigration system in the US, two senators have proposed the use of biometric Social Security cards for all workers. Mon, 22 Mar 2010 09:35:00 GMT http://www.infosecurity-us.com/view/8217/senators-push-biometric-id-cards-as-illegal-immigration-solution/ http://www.infosecurity-us.com/view/8212/google-unveils-website-security-tool/ Google has launched a security tool called skipfish, designed to help web developers scan their applications for vulnerabilities. Mon, 22 Mar 2010 07:01:00 GMT http://www.infosecurity-us.com/view/8212/google-unveils-website-security-tool/ http://www.infosecurity-us.com/view/8211/network-box-changes-pricing-model/ Network Box USA has announced a change in the way that it sells unified threat management appliances. It is switching to a managed service model, and is no longer charging for its hardware. Mon, 22 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8211/network-box-changes-pricing-model/ http://www.infosecurity-us.com/view/8203/facebook-to-establish-digital-trust-fund-in-court-settlement/ Facebook is to set up a non-profit foundation to promote and develop the online privacy movement under a legal settlement reached this week. Fri, 19 Mar 2010 16:22:00 GMT http://www.infosecurity-us.com/view/8203/facebook-to-establish-digital-trust-fund-in-court-settlement/ http://www.infosecurity-us.com/view/8201/legislators-attempt-to-moderate-presidential-power-over-internet/ US legislators have reworded a bill that would originally have given the president sole discretion over which networks can connect to the internet. Fri, 19 Mar 2010 16:00:00 GMT http://www.infosecurity-us.com/view/8201/legislators-attempt-to-moderate-presidential-power-over-internet/ http://www.infosecurity-us.com/view/8181/facebook-phishing-attack-sweeps-social-network-users/ An attack that scammed Facebook users into divulging their passwords was the sixth most popular piece of malware on the internet this week, according to McAfee. Thu, 18 Mar 2010 21:45:00 GMT http://www.infosecurity-us.com/view/8181/facebook-phishing-attack-sweeps-social-network-users/ http://www.infosecurity-us.com/view/8182/disgruntled-employee-accused-of-remotely-disabling-over-100-cars/ You've heard about Apple potentially bricking iPhones, but that's small potatoes, compared to remotely disabling whole fleets of cars using centrally controlled computer systems. That's just what a 20-year-old employee for a Texas auto dealership is being accused of doing after he was laid off last month. Thu, 18 Mar 2010 21:05:00 GMT http://www.infosecurity-us.com/view/8182/disgruntled-employee-accused-of-remotely-disabling-over-100-cars/ http://www.infosecurity-us.com/view/8179/iso-issues-new-guidelines-for-safeguarding-electronic-medical-data-/ ISO has published two new documents outlining principles and guidelines for secure archiving of electronic medical record data. Thu, 18 Mar 2010 20:42:00 GMT http://www.infosecurity-us.com/view/8179/iso-issues-new-guidelines-for-safeguarding-electronic-medical-data-/ http://www.infosecurity-us.com/view/8133/sunbelt-upgrades-vipre-counterspy/ Sunbelt Software has updated its products on all fronts, refreshing its anti-malware and anti-spyware software lines, in addition to its central control tools. Wed, 17 Mar 2010 20:38:00 GMT http://www.infosecurity-us.com/view/8133/sunbelt-upgrades-vipre-counterspy/ http://www.infosecurity-us.com/view/8131/ipswitch-launches-log-management-suite/ Ipswitch has launched the WhatsUp Event Log Management Suite, including its newly acquired WhatsUp Event Rover 3.0, two tools that it hopes will make it easier for customers to manage their networks by logging security events, while protecting files for forensic investigations. Wed, 17 Mar 2010 20:00:00 GMT http://www.infosecurity-us.com/view/8131/ipswitch-launches-log-management-suite/ http://www.infosecurity-us.com/view/8128/fcc-presents-national-broadband-plan-to-lawmakers/ The Federal Communications Commission unveiled its new National Broadband Plan to the public yesterday, and shortly thereafter submitted its recommendations to the US Congress. Wed, 17 Mar 2010 19:29:00 GMT http://www.infosecurity-us.com/view/8128/fcc-presents-national-broadband-plan-to-lawmakers/ http://www.infosecurity-us.com/view/8091/core-security-finds-microsoft-virtualization-flaw/ Security research company Core Security says that it has found a security flaw in Microsoft's Virtual PC hypervisor that could undermine fundamental security measures included in the Vista and Windows 7 operating systems. Wed, 17 Mar 2010 10:26:00 GMT http://www.infosecurity-us.com/view/8091/core-security-finds-microsoft-virtualization-flaw/ http://www.infosecurity-us.com/view/8089/kaspersky-gets-into-password-management-business/ Kaspersky has launched a one-click password manager designed to help users protect and maintain strong passwords across the online services that they use. Tue, 16 Mar 2010 19:37:00 GMT http://www.infosecurity-us.com/view/8089/kaspersky-gets-into-password-management-business/ http://www.infosecurity-us.com/view/8088/trend-micro-upgrades-hosted-email-security-service/ Trend Micro has updated its hosted email security service with a range of new features targeting both small and large customers. Tue, 16 Mar 2010 19:21:00 GMT http://www.infosecurity-us.com/view/8088/trend-micro-upgrades-hosted-email-security-service/ http://www.infosecurity-us.com/view/8087/netflix-cans-anonymous-data-contest/ DVD rental company Netflix has quietly cancelled a sequel to its Netflix Prize, a contest to enhance its movie recommendation technology using anonymous user data. Tue, 16 Mar 2010 19:00:00 GMT http://www.infosecurity-us.com/view/8087/netflix-cans-anonymous-data-contest/ http://www.infosecurity-us.com/view/8085/apple-rolls-out-updated-safari-browser/ Apple has issued version 4.0.5 of its Safari web browser – for both Mac OS X and Windows – with 16 security updates. Tue, 16 Mar 2010 18:17:00 GMT http://www.infosecurity-us.com/view/8085/apple-rolls-out-updated-safari-browser/ http://www.infosecurity-us.com/view/8032/weekly-brief-march-16-2009/ Infosecurity rounds up the week's security news. Tue, 16 Mar 2010 07:05:00 GMT http://www.infosecurity-us.com/view/8032/weekly-brief-march-16-2009/ http://www.infosecurity-us.com/view/8030/st-louis-police-department-hit-by-cyber-attack/ The St. Louis Metropolitan Police Department is investigating a cyber attack that may have compromised the information of 24 people. Tue, 16 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8030/st-louis-police-department-hit-by-cyber-attack/ http://www.infosecurity-us.com/view/8031/researchers-crack-rsa-encryption-via-power-supply/ Researchers claim to have broken 1024-bit RSA encryption in the OpenSSL cryptography library, although the hardware-focused attack is difficult to carry out and involves disrupting power supplies. Tue, 16 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8031/researchers-crack-rsa-encryption-via-power-supply/ http://www.infosecurity-us.com/view/8054/google-on-the-cusp-of-pulling-search-business-from-china/ The ongoing saga between Google and the Chinese government appears to have reached a tipping point, as a recent report indicates the company may be withdrawing its search business from the world’s fastest growing internet market. Mon, 15 Mar 2010 16:43:00 GMT http://www.infosecurity-us.com/view/8054/google-on-the-cusp-of-pulling-search-business-from-china/ http://www.infosecurity-us.com/view/8026/former-tsa-worker-indicted-for-tampering/ A former worker for the Transportation Security Administration was indicted by a federal grand jury in Denver last week, on charges of trying to damage a protected computer. According to the District of Colorado attorney's office, Douglas James Duchak tried to corrupt a TSA database in the Agency's Colorado Springs Operations Center (CSOC). Mon, 15 Mar 2010 00:00:00 GMT http://www.infosecurity-us.com/view/8026/former-tsa-worker-indicted-for-tampering/ http://www.infosecurity-us.com/view/8028/us-internet-crime-losses-doubled-last-year/ Lawsuits from online crime more than doubled between 2008 and 2009, according to the latest figures released by the Internet Crime Complaint Center (IC3). The organization also received 22.3% more complaints about Internet crime in 2009, indicating that the average money lost in a single fraud case has increased. Mon, 15 Mar 2010 00:00:00 GMT http://www.infosecurity-us.com/view/8028/us-internet-crime-losses-doubled-last-year/ http://www.infosecurity-us.com/view/8029/solidstate-disk-drives-crack-passwords-100-times-faster/ Researchers have used solid-state disk drives (SSDs) to crack passwords 100 times faster than using conventional hard drives. Mon, 15 Mar 2010 00:00:00 GMT http://www.infosecurity-us.com/view/8029/solidstate-disk-drives-crack-passwords-100-times-faster/ http://www.infosecurity-us.com/view/8025/us-is-malicious-server-leader-says-avg/ The US plays host to the largest number of malicious web servers, according to a study released by anti-malware company AVG. Sat, 13 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8025/us-is-malicious-server-leader-says-avg/ http://www.infosecurity-us.com/view/8024/aetna-boots-data-breach-class-action-suit/ Health insurer Aetna has succeeded in having a class-action lawsuit over an alleged security breach dismissed. Fri, 12 Mar 2010 21:00:00 GMT http://www.infosecurity-us.com/view/8024/aetna-boots-data-breach-class-action-suit/ http://www.infosecurity-us.com/view/8021/facebook-users-subject-to-yet-another-malware-attack/ Researchers from web security firm Websense warned Facebook users earlier today to refrain from clicking on URLs posted on the pages of some famous celebrities – or even people on their friend list – as links to alleged videos were actually portals to malware infection. Fri, 12 Mar 2010 20:11:00 GMT http://www.infosecurity-us.com/view/8021/facebook-users-subject-to-yet-another-malware-attack/ http://www.infosecurity-us.com/view/7994/russian-brides-attempt-to-thaw-the-ice-for-winter-spammers/ The latest monthly spam report shows that, regardless of the world economy, there is one item that is particularly hot this winter: Russian mail-order brides. This is according to newly released figures from McAfee. Thu, 11 Mar 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7994/russian-brides-attempt-to-thaw-the-ice-for-winter-spammers/ http://www.infosecurity-us.com/view/7992/provider-takedown-guts-zeus-infrastructure/ Yet another botnet suffered severe losses to its functionality this week, in what appears to be a growing campaign among the white hat community to take down these virulent networks. Troyak-AS, which was the upstream provider for the six worst Zeus hosting ISPs, has been taken offline. Thu, 11 Mar 2010 19:19:00 GMT http://www.infosecurity-us.com/view/7992/provider-takedown-guts-zeus-infrastructure/ http://www.infosecurity-us.com/view/7960/lack-of-precise-definitions-plagues-cybersecurity-legislation/ According to one security expert, anywhere from 14 to 35 pieces of legislation aiming to effect cybersecurity are in the works, depending on how one defines its role within the genre. These bills range from comprehensive to very focused, but, as some security experts claim, they all have common drawbacks. Wed, 10 Mar 2010 21:51:00 GMT http://www.infosecurity-us.com/view/7960/lack-of-precise-definitions-plagues-cybersecurity-legislation/ http://www.infosecurity-us.com/view/7959/lifelock-hit-with-12m-settlement-payment/ Identity theft protection company LifeLock will pay $12 million to settle charges of false claims made over its services. Wed, 10 Mar 2010 21:31:00 GMT http://www.infosecurity-us.com/view/7959/lifelock-hit-with-12m-settlement-payment/ http://www.infosecurity-us.com/view/7958/twitter-launches-antiphishing-offensive/ Popular micro blogging site Twitter has launched a service designed to stop phishing scams from victimizing its users. Wed, 10 Mar 2010 21:12:00 GMT http://www.infosecurity-us.com/view/7958/twitter-launches-antiphishing-offensive/ http://www.infosecurity-us.com/view/7957/ubisoft-servers-go-down-drm-blamed/ Computer games giant Ubisoft had to apologize to users after its online gaming service collapsed over the weekend. Ubisoft executives said that "exceptional demand" was to blame for the problem before the company blamed the downtime on an attack, the following day. Wed, 10 Mar 2010 20:50:00 GMT http://www.infosecurity-us.com/view/7957/ubisoft-servers-go-down-drm-blamed/ http://www.infosecurity-us.com/view/7945/rsa-identityfinder-announces-social-networking-id-theft-product-/ IdentityFinder, the identity theft prevention company, are set to offer protection for social networking sites later this year. Wed, 10 Mar 2010 12:00:00 GMT http://www.infosecurity-us.com/view/7945/rsa-identityfinder-announces-social-networking-id-theft-product-/ http://www.infosecurity-us.com/view/7925/brocade-half-of-network-solutions-only-stop-one-in-four-network-attacks/ Almost one in five participants at the RSA conference last week believe that their companies' security policies are being effectively enforced, according to figures released by data center fabric company Brocade. That said, at least half of them seem to be unhappy with their companies' security technology solutions. Wed, 10 Mar 2010 09:56:00 GMT http://www.infosecurity-us.com/view/7925/brocade-half-of-network-solutions-only-stop-one-in-four-network-attacks/ http://www.infosecurity-us.com/view/7924/microsoft-suffers-continued-internet-explorer-hits-on-patch-tuesday/ Microsoft took customers through a fairly sedate patch Tuesday this week, releasing just two bulletins addressing issues in its applications. However, all did not go without a hitch, as yet another zero-day vulnerability emerged for Internet Explorer. Wed, 10 Mar 2010 09:51:00 GMT http://www.infosecurity-us.com/view/7924/microsoft-suffers-continued-internet-explorer-hits-on-patch-tuesday/ http://www.infosecurity-us.com/view/7923/us-government-not-properly-coordinating-cybersecurity-efforts-warns-gao/ The US government is still failing on cybersecurity thanks to a lack of clear definitions among different agencies, the US Government Accountability Office has warned. Tue, 09 Mar 2010 21:23:00 GMT http://www.infosecurity-us.com/view/7923/us-government-not-properly-coordinating-cybersecurity-efforts-warns-gao/ http://www.infosecurity-us.com/view/7880/florida-couple-indicted-for-data-theft/ A husband-and-wife team from Coral Gables has been indicted for the second time in a year for the theft and sale of privacy data. Authorities claim that in both cases, the couple received payments from personal injury lawyers in exchange for patients’ personal privacy data from a local ambulance company. Tue, 09 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/7880/florida-couple-indicted-for-data-theft/ http://www.infosecurity-us.com/view/7881/westin-is-latest-hotel-to-be-hit-by-hackers/ In further proof that the hospitality industry is becoming a prime target for hackers, The Westin Bonaventure Hotel and Suites has admitted a likely data security breach. Mon, 08 Mar 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7881/westin-is-latest-hotel-to-be-hit-by-hackers/ http://www.infosecurity-us.com/view/7882/staff-put-on-leave-in-merion-spy-cam-case/ Police are reviewing pictures from web cams in the Lower Merion School District spying case, it was revealed over the weekend, as two IT staff were put on leave pending further investigation. Mon, 08 Mar 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7882/staff-put-on-leave-in-merion-spy-cam-case/ http://www.infosecurity-us.com/view/7871/weekly-brief-march-8-2010/ Infosecurity US rounds up the significant events from the last week. Mon, 08 Mar 2010 18:47:00 GMT http://www.infosecurity-us.com/view/7871/weekly-brief-march-8-2010/ http://www.infosecurity-us.com/view/7837/rsa-rewind-national-security-heavyweights-talk-cybersecurity/ In what may have been the most star-studded event of last week’s RSA Conference in San Francisco, a panel of experts gathered during one keynote to discuss how governments can come together to combat cybersecurity threats without compromising individual liberties. Mon, 08 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/7837/rsa-rewind-national-security-heavyweights-talk-cybersecurity/ http://www.infosecurity-us.com/view/7836/isc-survey-shows-it-professionals-weathered-the-recession-in-fairly-good-shape/ Although the IT profession is not exactly immune from recent economic troubles, freshly revealed polling results from (ISC)² – the non-profit IT security trade group – indicate that security personnel are still in demand and, for the most part, gainfully employed. Fri, 05 Mar 2010 22:31:00 GMT http://www.infosecurity-us.com/view/7836/isc-survey-shows-it-professionals-weathered-the-recession-in-fairly-good-shape/ http://www.infosecurity-us.com/view/7797/rsa-napolitano-issues-dhs-national-cybersecurity-challenge-to-security-community/ Department of Homeland Security Secretary Janet Napolitano delivered one of the Wednesday keynote addresses, which focused on cybersecurity, at this year’s RSA Conference in San Francisco. She would close her remarks by issuing a challenge to the security community to help raise public awareness of cybersecurity issues. Thu, 04 Mar 2010 00:36:00 GMT http://www.infosecurity-us.com/view/7797/rsa-napolitano-issues-dhs-national-cybersecurity-challenge-to-security-community/ http://www.infosecurity-us.com/view/7796/rsa-isc-cyber-security-awareness-for-kids-/ At the RSA Conference 2010 in San Francisco, (ISC)²,Microsoft, and RSA conference co-sponsor a session to train member volunteers for its Safe and Secure online programme. Wed, 03 Mar 2010 19:50:00 GMT http://www.infosecurity-us.com/view/7796/rsa-isc-cyber-security-awareness-for-kids-/ http://www.infosecurity-us.com/view/7794/rsa-qualys-teams-with-imperva-on-website-security/ Hard on the heels of announcing a free website infection scanning service, Qualys has teamed up with fellow IT security vendor Imperva to integrate some of their respective software offerings. Wed, 03 Mar 2010 18:57:00 GMT http://www.infosecurity-us.com/view/7794/rsa-qualys-teams-with-imperva-on-website-security/ http://www.infosecurity-us.com/view/7762/rsa-solera-networks-partners-with-emc-/ Active network forensics company Solera Networks announced its partnership with EMC at RSA Conference 2010 on March 2 in San Francisco. Wed, 03 Mar 2010 00:53:00 GMT http://www.infosecurity-us.com/view/7762/rsa-solera-networks-partners-with-emc-/ http://www.infosecurity-us.com/view/7761/hot-topic-at-rsa-the-pitfalls-and-promise-of-social-networking/ A unique panel session convened at the RSA Conference in San Francisco today to discuss the pros and cons of social networking on the job, specifically by the under-30 set. Tue, 02 Mar 2010 22:00:00 GMT http://www.infosecurity-us.com/view/7761/hot-topic-at-rsa-the-pitfalls-and-promise-of-social-networking/ http://www.infosecurity-us.com/view/7760/rsa-schmidt-announces-transparent-national-us-cybersecurity-strategy/ Howard Schmidt, Cyber security advisor to President Obama, announced the revision of the classification guidance for the Comprehensive National Cybersecurity Initiative (or CNCI), during his keynote at RSA conference 2010 in San Francisco. Tue, 02 Mar 2010 21:53:00 GMT http://www.infosecurity-us.com/view/7760/rsa-schmidt-announces-transparent-national-us-cybersecurity-strategy/ http://www.infosecurity-us.com/view/7758/rsa-microsoft-reveal-plans-for-a-safer-internet-/ In his keynote address at the RSA Conference 2010 in San Francisco, Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, outlined how Microsoft will apply its end to end trust vision to cloud computing. Tue, 02 Mar 2010 20:51:00 GMT http://www.infosecurity-us.com/view/7758/rsa-microsoft-reveal-plans-for-a-safer-internet-/ http://www.infosecurity-us.com/view/7755/rsa-securing-cloud-computing-is-industry-responsibility-says-art-coviello/ In his keynote at RSA 2010, San Francisco, RSA President Art Coviello spoke of the industry’s latest and greatest challenge: securing cloud computing. Tue, 02 Mar 2010 18:37:00 GMT http://www.infosecurity-us.com/view/7755/rsa-securing-cloud-computing-is-industry-responsibility-says-art-coviello/ http://www.infosecurity-us.com/view/7754/rsa-m86-introduces-onestop-appliance-technology-and-launches-into-cloud/ M86 Security has taken the wraps off a one-stop integrated security appliance that combines its threat analysis technology with a drill-down dashboard interface. At the same time the company has extended its web gateway technology into the cloud computing environment. Tue, 02 Mar 2010 18:00:00 GMT http://www.infosecurity-us.com/view/7754/rsa-m86-introduces-onestop-appliance-technology-and-launches-into-cloud/ http://www.infosecurity-us.com/view/7752/rsa-pci-dss-survey-shows-that-encryption-is-tops-when-it-comes-to-endtoend-security/ According to a survey of qualified security assessors (QSA), the optimum methodology for end-to-end security protection is encryption. Tue, 02 Mar 2010 17:41:00 GMT http://www.infosecurity-us.com/view/7752/rsa-pci-dss-survey-shows-that-encryption-is-tops-when-it-comes-to-endtoend-security/ http://www.infosecurity-us.com/view/7751/rsa-check-point-unveils-secure-usb-drive-technology/ Check Point Software Technologies has taken the wraps off a secure USB drive system. Known as Abra, the unit is designed to offer PC or Windows-based terminal users a secure virtualised workspace that is highly portable between machines. Tue, 02 Mar 2010 17:35:00 GMT http://www.infosecurity-us.com/view/7751/rsa-check-point-unveils-secure-usb-drive-technology/ http://www.infosecurity-us.com/view/7721/veracode-report-exposes-application-security-failures/ According to the Veracode ‘State of Software Security’ report, between 58 and 88 percent of all applications submitted to Veracode for verification did not achieve an acceptable security score upon first submission. The exact percentage depends on the standard applied, based on application criticality. Tue, 02 Mar 2010 00:00:00 GMT http://www.infosecurity-us.com/view/7721/veracode-report-exposes-application-security-failures/ http://www.infosecurity-us.com/view/7716/time-for-cloud-computing-says-webroot-cto/ Gerhard Eschelbeck, CTO of Webroot, tells Infosecurity’s Eleanor Dallaway that “2010 is the right time to engage in cloud computing”, as they catch up in Silicon Valley. Mon, 01 Mar 2010 20:18:00 GMT http://www.infosecurity-us.com/view/7716/time-for-cloud-computing-says-webroot-cto/ http://www.infosecurity-us.com/view/7696/rsa-qualys-introduces-free-malware-detection-/ Qualys has become the first on-demand network and site vulnerability company to launch a free malware detection service, designed to protect websites from malicious activities and stop visitors from being infected by malware. Mon, 01 Mar 2010 12:35:00 GMT http://www.infosecurity-us.com/view/7696/rsa-qualys-introduces-free-malware-detection-/ http://www.infosecurity-us.com/view/7648/mykonos-to-launch-counterhacker-tool/ Web application security company Mykonos Software has launched an appliance designed to watch what hackers are doing and take counter measures to confuse and divert them. Fri, 26 Feb 2010 00:35:00 GMT http://www.infosecurity-us.com/view/7648/mykonos-to-launch-counterhacker-tool/ http://www.infosecurity-us.com/view/7649/microsoft-topples-waledec-botnet-for-now/ The Waledec network is down – at least temporarily – thanks to an injunction sought by Microsoft and awarded by a federal judge, forcing registrars to shut down command-and-control domains. Fri, 26 Feb 2010 00:00:00 GMT http://www.infosecurity-us.com/view/7649/microsoft-topples-waledec-botnet-for-now/ http://www.infosecurity-us.com/view/7650/xforce-document-vulnerabilities-on-the-rise/ Adobe's PDF document format continued to take a bashing this week, after a report from IBM's X-Force security consulting arm singled out readers supporting the software company's de facto standard document format as a particular security worry. Fri, 26 Feb 2010 00:00:00 GMT http://www.infosecurity-us.com/view/7650/xforce-document-vulnerabilities-on-the-rise/ http://www.infosecurity-us.com/view/7638/ftc-warns-organizations-about-data-breach-risks-from-p2p-file-sharing/ The Federal Trade Commission sent letters to nearly 100 organizations this week, warning them that customer and/or employee data are currently available on P2P networks according to its recent probe. Thu, 25 Feb 2010 15:00:00 GMT http://www.infosecurity-us.com/view/7638/ftc-warns-organizations-about-data-breach-risks-from-p2p-file-sharing/ http://www.infosecurity-us.com/view/7605/researchers-identify-anonymous-users-through-web-browser-history-and-social-networks/ Researchers have combined stolen web browser history data with membership of social networking groups to identify large numbers of users who would otherwise be anonymous, it was revealed this week. Thu, 25 Feb 2010 00:35:00 GMT http://www.infosecurity-us.com/view/7605/researchers-identify-anonymous-users-through-web-browser-history-and-social-networks/ http://www.infosecurity-us.com/view/7606/comcast-will-transition-to-dnssec-/ Following an 18-month testing period, giant US ISP Comcast has announced plans to transition to the DNSSEC secure DNS standard by the end of next year. Thu, 25 Feb 2010 00:24:00 GMT http://www.infosecurity-us.com/view/7606/comcast-will-transition-to-dnssec-/ http://www.infosecurity-us.com/view/7567/understaffed-companies-putting-it-security-at-risk-says-symantec/ A lack of IT staff resources is hindering corporate security, according to a study released by Symantec this week. And companies are exacerbating the issue by embarking on new IT projects that create security problems. Wed, 24 Feb 2010 00:33:00 GMT http://www.infosecurity-us.com/view/7567/understaffed-companies-putting-it-security-at-risk-says-symantec/ http://www.infosecurity-us.com/view/7569/adobe-fixes-adobe-download-manager-flaw-by-deleting-the-software/ Adobe has taken the easy option to fix the zero-day remote execution flaw discovered in its Adobe Download Manager last week. It advised users to simply delete the software so that it wouldn't come back again. Wed, 24 Feb 2010 00:27:00 GMT http://www.infosecurity-us.com/view/7569/adobe-fixes-adobe-download-manager-flaw-by-deleting-the-software/ http://www.infosecurity-us.com/view/7568/intel-targeted-by-january-cyberattack/ Intel was the target of a concerned cyberattack in January – around the same time that Google identified the Operation Aurora attack, according to a 10-K filing that the chip maker made to the SEC. Wed, 24 Feb 2010 00:10:00 GMT http://www.infosecurity-us.com/view/7568/intel-targeted-by-january-cyberattack/ http://www.infosecurity-us.com/view/7566/rutgers-team-demonstrates-new-smart-phone-security-threat/ A team of investigators at Rutgers University has revealed research indicating that smart phones can be compromised by sophisticated rootkits. Tue, 23 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7566/rutgers-team-demonstrates-new-smart-phone-security-threat/ http://www.infosecurity-us.com/view/7554/no-expectation-of-privacy-for-p2p-files-says-9th-circuit-court-of-appeals/ A Nevada man had his appeal of a child pornography conviction denied last week by the 9th Circuit Court in San Francisco. The defendant, Charles A. Borowy, claimed that his fourth amendment right prohibiting unlawful search and seizure was violated by an FBI agent who downloaded and viewed files from the man’s computer using the LimeWire P2P service. Tue, 23 Feb 2010 15:16:00 GMT http://www.infosecurity-us.com/view/7554/no-expectation-of-privacy-for-p2p-files-says-9th-circuit-court-of-appeals/ http://www.infosecurity-us.com/view/7529/weekly-brief-february-22-2009/ Infosecurity rounds up some of the week's security news Tue, 23 Feb 2010 08:00:00 GMT http://www.infosecurity-us.com/view/7529/weekly-brief-february-22-2009/ http://www.infosecurity-us.com/view/7528/spybot-worm-spreads-via-direct-p2p-file-sharing/ Researchers have identified Spybot.AKB, a worm that spreads across P2P networks and email systems. Mon, 22 Feb 2010 23:32:00 GMT http://www.infosecurity-us.com/view/7528/spybot-worm-spreads-via-direct-p2p-file-sharing/ http://www.infosecurity-us.com/view/7527/pennsylvania-school-district-hit-by-injunction-fbi-investigation-after-web-cam-incident/ A federal judge has ordered a suburban Philadelphia school not to reactivate a security system that enabled it to monitor students in their homes without their knowledge. The judge made the emergency ruling after a student sued the school, alleging an invasion of privacy after someone at the school took a picture of him in his home. Mon, 22 Feb 2010 22:41:00 GMT http://www.infosecurity-us.com/view/7527/pennsylvania-school-district-hit-by-injunction-fbi-investigation-after-web-cam-incident/ http://www.infosecurity-us.com/view/7524/fortify-and-hp-attack-hybrid-web-software-testing-market/ Fortify Software and HP have teamed up to release Hybrid 2.0, a tool designed to test web applications for security flaws. Mon, 22 Feb 2010 22:00:00 GMT http://www.infosecurity-us.com/view/7524/fortify-and-hp-attack-hybrid-web-software-testing-market/ http://www.infosecurity-us.com/view/7491/pgp-upgrades-encryption-and-key-management-server-porfolio/ PGP has released a new version of its Key Management Server designed to pull together disparate key management systems for enterprise customers. Mon, 22 Feb 2010 08:27:00 GMT http://www.infosecurity-us.com/view/7491/pgp-upgrades-encryption-and-key-management-server-porfolio/ http://www.infosecurity-us.com/view/7490/adobe-download-manager-row-escalates-with-new-vulnerability/ Adobe continued to fight fires on the security front last week, as a researcher discovered a second flaw in its Adobe Download Manager software tool. Mon, 22 Feb 2010 08:21:00 GMT http://www.infosecurity-us.com/view/7490/adobe-download-manager-row-escalates-with-new-vulnerability/ http://www.infosecurity-us.com/view/7486/school-linked-to-operation-aurora-attack-is-tied-indirectly-to-hacktivist-group/ Two schools in China have been linked to the Operation Aurora attack that targeted Google and other companies last year – and one of them has been tied to a national network of hacktivist groups. Fri, 19 Feb 2010 21:46:00 GMT http://www.infosecurity-us.com/view/7486/school-linked-to-operation-aurora-attack-is-tied-indirectly-to-hacktivist-group/ http://www.infosecurity-us.com/view/7444/pleaserobme-gathers-web-20-data-to-make-a-point/ A playful new website is trying to raise awareness about personal and home security issues online. PleaseRobMe gathers location information from web 2.0 websites that geotag content for mobile users, presenting them as a list of users who are not at home. Thu, 18 Feb 2010 23:46:00 GMT http://www.infosecurity-us.com/view/7444/pleaserobme-gathers-web-20-data-to-make-a-point/ http://www.infosecurity-us.com/view/7443/zeus-gang-hits-75-000-computers/ The same criminal gang that targeted government and military computers with its malware has also infected 75 000 computers in almost 200 countries with a virulent strain of the banking trojan, according to research from network monitoring company NetWitness. Thu, 18 Feb 2010 22:33:00 GMT http://www.infosecurity-us.com/view/7443/zeus-gang-hits-75-000-computers/ http://www.infosecurity-us.com/view/7442/new-york-state-holds-software-developers-accountable/ The state of New York is proposing language for inclusion in procurement documents that it hopes will help to enforce secure application development practices among suppliers. Thu, 18 Feb 2010 21:53:00 GMT http://www.infosecurity-us.com/view/7442/new-york-state-holds-software-developers-accountable/ http://www.infosecurity-us.com/view/7445/spam-shortened-urls-and-software-vulnerabilities-highlight-latest-security-threat-report/ Rebounding spam traffic, increased use of shortened URLs to deliver malicious payloads, and continued vulnerabilities among some of the most popular software applications were among the most serious security threats over the last six months 2009 according to data from M86 Security. Thu, 18 Feb 2010 19:59:00 GMT http://www.infosecurity-us.com/view/7445/spam-shortened-urls-and-software-vulnerabilities-highlight-latest-security-threat-report/ http://www.infosecurity-us.com/view/7412/us-loses-cyberwarfare-game/ A simulated cyber attack has shown once again that the US is unprepared for cyberwarfare, a year after the federal government conducted an extensive review of its cyber security stance. Thu, 18 Feb 2010 00:54:00 GMT http://www.infosecurity-us.com/view/7412/us-loses-cyberwarfare-game/ http://www.infosecurity-us.com/view/7413/security-groups-outline-top-25-programming-errors-for-2010/ The SANS Institute and Mitre have come together to update their annual list of top 25 software programming security bugs. SQL injection is the number one danger to software customers, according to the organizations. Thu, 18 Feb 2010 00:30:00 GMT http://www.infosecurity-us.com/view/7413/security-groups-outline-top-25-programming-errors-for-2010/ http://www.infosecurity-us.com/view/7411/3000-small-dog-electronics-customers-credit-card-details-compromised/ Electronics retailer Small Dog Electronics has suffered from a systems breach that left 3000 customers' credit card details compromised. Thu, 18 Feb 2010 00:18:00 GMT http://www.infosecurity-us.com/view/7411/3000-small-dog-electronics-customers-credit-card-details-compromised/ http://www.infosecurity-us.com/view/7409/hotmail-outage-leads-to-contaminated-search-results/ Yesterday’s outage of Windows Live caused a disruption in the web-based Hotmail email service. This presented a golden opportunity for online crooks to poison search results related to the incident. Wed, 17 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7409/hotmail-outage-leads-to-contaminated-search-results/ http://www.infosecurity-us.com/view/7362/comodo-unveils-chromiumbased-browser/ Internet security software and whitelisting firm Comodo has unveiled a secure browser designed to compete with Google's Chrome. Tue, 16 Feb 2010 22:32:00 GMT http://www.infosecurity-us.com/view/7362/comodo-unveils-chromiumbased-browser/ http://www.infosecurity-us.com/view/7361/symantec-to-unveil-data-indexing-technology/ At the RSA security show next month, Symantec will unveil a data indexing technology designed to identify the owners of files by querying enterprise storage systems. Called Data Insight, the product will have multiple applications, including cost reduction, data leakage prevention, and even IT forensics. Tue, 16 Feb 2010 22:23:00 GMT http://www.infosecurity-us.com/view/7361/symantec-to-unveil-data-indexing-technology/ http://www.infosecurity-us.com/view/7360/new-hampshire-seeks-to-outlaw-biometric-ids/ Some Granite State lawmakers are not too keen on the use biometric data for identity verification, as the New Hampshire House of Representatives is currently considering a bill that would block its use in nearly all state- and privately issued identification. Tue, 16 Feb 2010 19:36:00 GMT http://www.infosecurity-us.com/view/7360/new-hampshire-seeks-to-outlaw-biometric-ids/ http://www.infosecurity-us.com/view/7322/weekly-brief-february-16-2009/ Infosecurity covers the news that didn't make it into our top stories last week. Tue, 16 Feb 2010 00:40:00 GMT http://www.infosecurity-us.com/view/7322/weekly-brief-february-16-2009/ http://www.infosecurity-us.com/view/7320/military-and-intelligence-personnel-targeted-again-by-zeus-trojan/ Some rather industrious spammers have targeted military and intelligence employees for the second time in a week. But this time they used the pretense of the previous attack in an attempt to deliver the Zeus trojan. Mon, 15 Feb 2010 23:00:00 GMT http://www.infosecurity-us.com/view/7320/military-and-intelligence-personnel-targeted-again-by-zeus-trojan/ http://www.infosecurity-us.com/view/7296/adobe-issues-another-outofband-patch/ Adobe plans an out-of-band patch to resolve yet another critical security flaw across multiple products. Mon, 15 Feb 2010 08:37:00 GMT http://www.infosecurity-us.com/view/7296/adobe-issues-another-outofband-patch/ http://www.infosecurity-us.com/view/7295/microsoft-patch-causes-blue-screen-of-death-on-infected-machines/ Microsoft found itself in patch hell this week, withdrawing an update resolving an important vulnerability in Windows. The company found that some users infected with malware experienced problems restarting their machines after installing the bug fix. Fri, 12 Feb 2010 19:12:00 GMT http://www.infosecurity-us.com/view/7295/microsoft-patch-causes-blue-screen-of-death-on-infected-machines/ http://www.infosecurity-us.com/view/7288/google-buzz-attacked-for-privacy-violation/ Google was fighting security, privacy, and censorship issues this week following the launch of Buzz, its social networking service. As Iran reportedly shut down Gmail, others reported that the service was revealing who Buzz users had the most contact with, leading to potential personal security issues. Fri, 12 Feb 2010 17:38:00 GMT http://www.infosecurity-us.com/view/7288/google-buzz-attacked-for-privacy-violation/ http://www.infosecurity-us.com/view/7285/us-to-be-hit-by-simulated-cyberattack/ On Tuesday, the US will undergo a simulated cyberattack to help policymakers decide how well the country would cope. Fri, 12 Feb 2010 16:54:00 GMT http://www.infosecurity-us.com/view/7285/us-to-be-hit-by-simulated-cyberattack/ http://www.infosecurity-us.com/view/7257/warnings-issued-for-valentines-spam-and-malware/ As is often the case around major holidays, especially those where giving gifts seems compulsory, most major security vendors are warning about scam emails focused on Valentine’s Day. Thu, 11 Feb 2010 21:47:00 GMT http://www.infosecurity-us.com/view/7257/warnings-issued-for-valentines-spam-and-malware/ http://www.infosecurity-us.com/view/7252/mozilla-backtracks-on-addon-malware-claim/ Mozilla has apologized for its existing apology concerning a malware-infected add-on for Firefox. Last week, the company reported that a second experimental add-on for the browser had been infected by malware. After working with McAfee, it now says that the detection was a false positive. Thu, 11 Feb 2010 17:15:00 GMT http://www.infosecurity-us.com/view/7252/mozilla-backtracks-on-addon-malware-claim/ http://www.infosecurity-us.com/view/7251/pumpanddump-hacker-pleads-guilty/ An Indian resident has pleaded guilty to conspiracy and aggravated identity theft after engineering an international fraud scheme to hack online brokerage accounts in the US. Thu, 11 Feb 2010 17:00:00 GMT http://www.infosecurity-us.com/view/7251/pumpanddump-hacker-pleads-guilty/ http://www.infosecurity-us.com/view/7244/nigerian-government-uses-music-in-cybercrime-fight/ The Nigerian Government is working with Microsoft on a public awareness program that uses music to fight cybercrime in the country. Thu, 11 Feb 2010 15:42:00 GMT http://www.infosecurity-us.com/view/7244/nigerian-government-uses-music-in-cybercrime-fight/ http://www.infosecurity-us.com/view/7242/three-botnets-responsible-for-half-of-all-computer-infections/ Fewer botnets are becoming responsible for more infected machines, according to a report from McAfee. Thu, 11 Feb 2010 15:29:00 GMT http://www.infosecurity-us.com/view/7242/three-botnets-responsible-for-half-of-all-computer-infections/ http://www.infosecurity-us.com/view/7241/number-of-victims-grows-for-bluecross-data-breach/ The number of victims affected by a data theft from Chattanooga-based health insurer BlueCross BlueShield has ballooned, following a decision by the company to notify family members of customers that are covered by a group plan. Thu, 11 Feb 2010 15:20:00 GMT http://www.infosecurity-us.com/view/7241/number-of-victims-grows-for-bluecross-data-breach/ http://www.infosecurity-us.com/view/7218/spyeye-continues-battle-of-the-botnets/ Researchers have identified another example of a botnet that attempts to neutralize other botnet software. Peter Coogan, a researcher at Symantec, noticed a crimeware toolkit from Russia called SpyEye, which appears to neutralize the competing Zeus crimeware kit. Thu, 11 Feb 2010 00:24:00 GMT http://www.infosecurity-us.com/view/7218/spyeye-continues-battle-of-the-botnets/ http://www.infosecurity-us.com/view/7215/government-employees-targeted-by-zeus-trojan-/ Defense and intelligence agencies in the US and UK were among the intended targets of a Zeus trojan campaign, according to findings by Websense. Wed, 10 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7215/government-employees-targeted-by-zeus-trojan-/ http://www.infosecurity-us.com/view/7216/identity-fraud-soars-in-us-as-criminals-get-more-sophisticated/ Identity fraud in the United States has risen to an all time high, according to a report from Javelin Strategy and Research. The 2010 Identity Fraud Survey Report reveals that the number of identity fraud victims in the country has risen by the highest amount in a single year since the survey started seven years ago. Wed, 10 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7216/identity-fraud-soars-in-us-as-criminals-get-more-sophisticated/ http://www.infosecurity-us.com/view/7185/adobe-sorry-for-late-flash-bug-patch/ Adobe has apologized for a bug in its Flash Player that it has only just patched, 16 months after it was originally filed. Wed, 10 Feb 2010 11:00:00 GMT http://www.infosecurity-us.com/view/7185/adobe-sorry-for-late-flash-bug-patch/ http://www.infosecurity-us.com/view/7184/stakkato-to-be-tried-in-sweden-for-cisco-hack/ The US Government has handed over responsibility for the trial of a young hacker accused of stealing Cisco source code to Sweden, his home country. Wed, 10 Feb 2010 10:00:00 GMT http://www.infosecurity-us.com/view/7184/stakkato-to-be-tried-in-sweden-for-cisco-hack/ http://www.infosecurity-us.com/view/7183/enisa-issues-golden-rules-for-mobile-social-networking-/ Today the European Network and Information Security Agency (ENISA) released a report on social networking via mobile devices. In honor of Safer Internet Day, and in an effort to remain unencumbered by our location here in the US, Infosecurity would like to share ENISA’s tips for more secure navigation of mobile social media. Tue, 09 Feb 2010 20:22:00 GMT http://www.infosecurity-us.com/view/7183/enisa-issues-golden-rules-for-mobile-social-networking-/ http://www.infosecurity-us.com/view/7177/it-spending-poised-for-increase-in-president-obamas-proposed-2011-budget/ Infosecurity reviewed spending on IT investments in President Obama’s proposed fiscal year 2011 budget. The Administration claims it will continue to support increased IT and information security outlays, but a look at IT spending from 2009 through the projected 2011 budget does not exactly support this assertion. Tue, 09 Feb 2010 16:28:00 GMT http://www.infosecurity-us.com/view/7177/it-spending-poised-for-increase-in-president-obamas-proposed-2011-budget/ http://www.infosecurity-us.com/view/7122/penn-state-researchers-hinder-worm-propagation/ Researchers at Penn State University have devised an algorithm designed to slow down the kind of rapidly-spreading network worm that can infect large portions of the internet quickly. Mon, 08 Feb 2010 20:32:00 GMT http://www.infosecurity-us.com/view/7122/penn-state-researchers-hinder-worm-propagation/ http://www.infosecurity-us.com/view/7121/irs-phishing-scam-targets-corporate-email/ Security firm eSoft is warning clients about an IRS phishing con that is specifically targeting businesses and corporate email accounts. Mon, 08 Feb 2010 19:12:00 GMT http://www.infosecurity-us.com/view/7121/irs-phishing-scam-targets-corporate-email/ http://www.infosecurity-us.com/view/7120/research-shows-china-was-the-internets-largest-malware-source-in-january/ A report from security vendor Kaspersky Lab shows that malware originating from China topped its monthly report of digital pollution providers, broken down by country of origin, for January 2010. Mon, 08 Feb 2010 17:19:00 GMT http://www.infosecurity-us.com/view/7120/research-shows-china-was-the-internets-largest-malware-source-in-january/ http://www.infosecurity-us.com/view/7118/microsoft-prepares-for-patch-tuesday/ Microsoft will not be patching last week's Internet Explorer vulnerability with this month's patch Tuesday releases, which are scheduled for tomorrow. Mon, 08 Feb 2010 17:00:00 GMT http://www.infosecurity-us.com/view/7118/microsoft-prepares-for-patch-tuesday/ http://www.infosecurity-us.com/view/7111/weekly-brief-february-8-2009/ Infosecurity rounds up the week's news Mon, 08 Feb 2010 16:29:00 GMT http://www.infosecurity-us.com/view/7111/weekly-brief-february-8-2009/ http://www.infosecurity-us.com/view/7085/iphone-backup-cracker-launched/ Moscow-based password cracking software company ElcomSoft has released a password breaker for iPhone backups. Fri, 05 Feb 2010 21:00:00 GMT http://www.infosecurity-us.com/view/7085/iphone-backup-cracker-launched/ http://www.infosecurity-us.com/view/7084/firefox-pulls-two-infected-addons-from-site/ Mozilla has had to pull two experimental add-ons for the Firefox browser from its website. The add-ons, which somehow made it through the quality control process, target Windows users with trojan malware. Fri, 05 Feb 2010 20:36:00 GMT http://www.infosecurity-us.com/view/7084/firefox-pulls-two-infected-addons-from-site/ http://www.infosecurity-us.com/view/7078/infosecurity-virtual-conference-on-end-point-security-offers-a-range-of-expert-viewpoints/ Infosecurity is pleased to report that a prestigious array of presenters have been lined up for the latest virtual conference, due to take place on February 25. Fri, 05 Feb 2010 16:27:00 GMT http://www.infosecurity-us.com/view/7078/infosecurity-virtual-conference-on-end-point-security-offers-a-range-of-expert-viewpoints/ http://www.infosecurity-us.com/view/7044/post-reports-on-partnership-between-google-and-the-nsa-to-prevent-cyberattacks/ An article in today’s Washington Post uncovers a somewhat hush-hush collaboration between Google and the National Security Agency in an effort to prevent future cyberattacks. Thu, 04 Feb 2010 21:00:00 GMT http://www.infosecurity-us.com/view/7044/post-reports-on-partnership-between-google-and-the-nsa-to-prevent-cyberattacks/ http://www.infosecurity-us.com/view/7043/us-named-country-with-most-malware/ Information security and data protection vendor Sophos has released a list of the top 10 countries hosting malware. The report reveals that websites in the US are accountable for hosting 37.4% of malware worldwide. Thu, 04 Feb 2010 20:57:00 GMT http://www.infosecurity-us.com/view/7043/us-named-country-with-most-malware/ http://www.infosecurity-us.com/view/7042/house-passes-cybersecurity-research-bill/ The House of Representatives has passed legislation designed to enhance cybersecurity research and development in the US. Thu, 04 Feb 2010 20:15:00 GMT http://www.infosecurity-us.com/view/7042/house-passes-cybersecurity-research-bill/ http://www.infosecurity-us.com/view/7041/us-illequipped-to-cope-with-mounting-cyberattack-threat/ The US is at risk of a crippling cyberattack and is currently unable to defend itself adequately, according to testimony given before Congress yesterday. Thu, 04 Feb 2010 19:35:00 GMT http://www.infosecurity-us.com/view/7041/us-illequipped-to-cope-with-mounting-cyberattack-threat/ http://www.infosecurity-us.com/view/7040/new-internet-explorer-bug-allows-personal-information-to-be-stolen/ Microsoft has discovered another flaw in Internet Explorer. The latest vulnerability could allow attackers to harvest any files from a victim's hard drive. Thu, 04 Feb 2010 19:00:00 GMT http://www.infosecurity-us.com/view/7040/new-internet-explorer-bug-allows-personal-information-to-be-stolen/ http://www.infosecurity-us.com/view/7010/researchers-develop-way-to-catch-online-gaming-cheats/ Researchers have formulated a way to identify cheating in online games in a discovery that could revolutionize the growing market for virtual gaming assets. Wed, 03 Feb 2010 20:56:00 GMT http://www.infosecurity-us.com/view/7010/researchers-develop-way-to-catch-online-gaming-cheats/ http://www.infosecurity-us.com/view/7011/mcafee-targets-small-to-mediumsized-businesses-with-quickstart-service/ McAfee has announced a service to help get SMBs up to speed with their security needs. Security Quickstart Services specifically targets small to medium-sized businesses, providing help with implementing, maintaining and optimizing security best practices. Wed, 03 Feb 2010 20:40:00 GMT http://www.infosecurity-us.com/view/7011/mcafee-targets-small-to-mediumsized-businesses-with-quickstart-service/ http://www.infosecurity-us.com/view/7009/internet-explorer-8-reaches-top-browser-spot/ Internet Explorer 8 is now the world's most-used browser, according to the latest figures from Network Applications. Wed, 03 Feb 2010 20:36:00 GMT http://www.infosecurity-us.com/view/7009/internet-explorer-8-reaches-top-browser-spot/ http://www.infosecurity-us.com/view/7008/us-navy-unveils-new-cyber-command/ Last week Adm. Gary Roughead, chief of US naval operations, officially announced the creation of the US Navy’s new Fleet Cyber Command, which aims to integrate the weapons of cyberspace and information within the Navy’s arsenal. The Fleet Cyber Command was formed in conjunction with re-establishment of the US 10th Fleet during a ceremony held at Ft. Meade, Maryland, on Jan. 29. Wed, 03 Feb 2010 18:17:00 GMT http://www.infosecurity-us.com/view/7008/us-navy-unveils-new-cyber-command/ http://www.infosecurity-us.com/view/6979/trustwave-report-reveals-companies-making-same-old-mistakes/ Compliance and security service provider Trustwave has released its 2010 Global Security Report. The company has found that companies are still suffering from attacks using familiar exploit types that have been around for years. Organizations are implementing new technologies without securing existing ones, the report found. Tue, 02 Feb 2010 20:57:00 GMT http://www.infosecurity-us.com/view/6979/trustwave-report-reveals-companies-making-same-old-mistakes/ http://www.infosecurity-us.com/view/6977/attack-fools-iphone-into-trusting-fake-certificates/ An anonymous researcher has posted a proof-of-concept attack that fakes a trusted root certificate on the iPhone. Researchers have confirmed that the attack works, making it possible for anyone to create a web page that is deemed to be trusted by Apple. Tue, 02 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/6977/attack-fools-iphone-into-trusting-fake-certificates/ http://www.infosecurity-us.com/view/6976/microsoft-enhances-sdl/ Microsoft announced three enhancements to its secure development lifecycle (SDL) initiative at the BlackHat DC conference this week. Tue, 02 Feb 2010 19:21:00 GMT http://www.infosecurity-us.com/view/6976/microsoft-enhances-sdl/ http://www.infosecurity-us.com/view/6974/report-shows-a-70-surge-in-malware-and-spam-on-web-20-services/ Research just published by Sophos claims to show a 70% increase in the number of companies reporting spam and malware attacks via social networks. Tue, 02 Feb 2010 18:33:00 GMT http://www.infosecurity-us.com/view/6974/report-shows-a-70-surge-in-malware-and-spam-on-web-20-services/ http://www.infosecurity-us.com/view/6946/weekly-brief-february-2-2010/ Infosecurity rounds up the week's news Tue, 02 Feb 2010 10:27:00 GMT http://www.infosecurity-us.com/view/6946/weekly-brief-february-2-2010/ http://www.infosecurity-us.com/view/6936/us-house-websites-hacked-after-state-of-the-union-/ Websites for 49 members of the US House of Representatives were hacked shortly after President Obama’s State of the Union address last Wednesday night. The attacks appear to have been carried out by the Red Eye Crew according to researchers at security consultant Praetorian Security Group. Mon, 01 Feb 2010 18:00:00 GMT http://www.infosecurity-us.com/view/6936/us-house-websites-hacked-after-state-of-the-union-/ http://www.infosecurity-us.com/view/6920/google-and-neustar-propose-security-fix-for-dns-geolocation-technology/ Google and DNS provider Neustar have jointly proposed an extension to the DNS protocol that would fix many of its security problems. Mon, 01 Feb 2010 14:19:00 GMT http://www.infosecurity-us.com/view/6920/google-and-neustar-propose-security-fix-for-dns-geolocation-technology/ http://www.infosecurity-us.com/view/6915/eff-launches-web-browser-entropy-tool/ A new tool released by privacy advocacy group EFF is designed to help users find out how identifiable their web browsers are online. Mon, 01 Feb 2010 13:51:00 GMT http://www.infosecurity-us.com/view/6915/eff-launches-web-browser-entropy-tool/ http://www.infosecurity-us.com/view/6896/facebook-users-plagued-by-rogue-application/ Facebook was plagued by security and privacy issues both real and imagined in the last week, as a real-life worm battled with an imaginary one in a competition to see which could petrify the service's users the most. Fri, 29 Jan 2010 21:40:00 GMT http://www.infosecurity-us.com/view/6896/facebook-users-plagued-by-rogue-application/ http://www.infosecurity-us.com/view/6895/pricewaterhousecoopers-loses-personal-records-of-alaska-public-employees/ PricewaterhouseCoopers has lost the personal records of 77 000 former and current public employees of the state of Alaska, it emerged this week. Fri, 29 Jan 2010 21:15:00 GMT http://www.infosecurity-us.com/view/6895/pricewaterhousecoopers-loses-personal-records-of-alaska-public-employees/ http://www.infosecurity-us.com/view/6894/google-chrome-web-browser-gets-more-security-features/ Google Chrome, the internet browser launched in late 2008, has been enhanced with a selection of new security features designed to make it harder for malware writers to infect client machines. Fri, 29 Jan 2010 20:33:00 GMT http://www.infosecurity-us.com/view/6894/google-chrome-web-browser-gets-more-security-features/ http://www.infosecurity-us.com/view/6890/iphone-cracker-repeats-exploit-on-playstation-3/ George Hotz, the first iPhone cracker – and who reportedly spent more than 500 hours developing the first jailbreak application for the Apple's iPhone back in 2007 – has apparently cracked the Sony Playstation 3. Fri, 29 Jan 2010 15:49:00 GMT http://www.infosecurity-us.com/view/6890/iphone-cracker-repeats-exploit-on-playstation-3/ http://www.infosecurity-us.com/view/6872/oil-and-gas-companies-hit-hardest-by-cyberwarfare/ The oil and gas sector has been the hardest hit by stealthy infiltration, according to a report from the Center for Strategic and International Studies (CSIS). The sector was hit by stealth attacks 17% more than the cross-sector average, with almost three oil companies in four having had hackers fly under their radar. Thu, 28 Jan 2010 22:42:00 GMT http://www.infosecurity-us.com/view/6872/oil-and-gas-companies-hit-hardest-by-cyberwarfare/ http://www.infosecurity-us.com/view/6871/plainscapital-bank-sues-customer-in-liability-over-account-security/ A legal case filed by a bank against a customer in the US promises to test the liability of customers in the event of security breaches. Dallas, Texas-based PlainsCapital bank is suing a business customer, Hillary Machinery, for not taking adequate measures to protect its banking details. Thu, 28 Jan 2010 22:00:00 GMT http://www.infosecurity-us.com/view/6871/plainscapital-bank-sues-customer-in-liability-over-account-security/ http://www.infosecurity-us.com/view/6869/all-is-not-ok-in-oklahoma-state-tax-website-victim-of-hack/ The website of the Oklahoma Tax Commission was the apparent victim of a hack yesterday, one in which visitors to the website were prompted to accept an Adobe license agreement and download software. The hack could not come a worse time for the Commission, whose site is undoubtedly experiencing an uptick in visitors as tax season approaches. Thu, 28 Jan 2010 20:16:00 GMT http://www.infosecurity-us.com/view/6869/all-is-not-ok-in-oklahoma-state-tax-website-victim-of-hack/ http://www.infosecurity-us.com/view/6868/software-and-application-evaluator-whatapp-nears-public-release/ This spring, a project under development to help assess the security and privacy of software applications will go public. WhatApp, an online resource where experts and the public alike can rate applications based on how well-behaved they are, will help consumers to exercise their privacy rights, said its project manager. Thu, 28 Jan 2010 19:15:00 GMT http://www.infosecurity-us.com/view/6868/software-and-application-evaluator-whatapp-nears-public-release/ http://www.infosecurity-us.com/view/6841/security-and-malware-threats-to-mac-and-apple-products-are-on-the-rise-/ An annual report from security software provider Intego acknowledges it was a busy year for security threats to Apple devices, including the Mac OS X and iPhones. And while the Mac OS may be a less frequent target of malware authors, security threats to Apple products are proliferating as these devices land in the hands of more and more users. Wed, 27 Jan 2010 19:23:00 GMT http://www.infosecurity-us.com/view/6841/security-and-malware-threats-to-mac-and-apple-products-are-on-the-rise-/ http://www.infosecurity-us.com/view/6807/us-oil-companies-hacked-report-links-attack-to-sources-within-china/ Reports in the Christian Science Monitor suggest that at least three large US oil companies have been the victims of targeted attacks. The custom-made spyware used in the attack appears to have sent the information to China, at least in one case. Tue, 26 Jan 2010 21:46:00 GMT http://www.infosecurity-us.com/view/6807/us-oil-companies-hacked-report-links-attack-to-sources-within-china/ http://www.infosecurity-us.com/view/6806/healthcare-hacks-on-the-rise/ Attempts to hack healthcare organizations doubled in the fourth quarter of last year, according to Atlanta-based managed security firm SecureWorks, setting the sector aside from others. Tue, 26 Jan 2010 21:13:00 GMT http://www.infosecurity-us.com/view/6806/healthcare-hacks-on-the-rise/ http://www.infosecurity-us.com/view/6805/technology-site-techcrunch-hacked/ Technology pundit site TechCrunch was victim of a hack over the weekend by attackers who defaced it, just days before Apple's release of its tablet device – arguably the most anticipated product in recent history. Tue, 26 Jan 2010 20:49:00 GMT http://www.infosecurity-us.com/view/6805/technology-site-techcrunch-hacked/ http://www.infosecurity-us.com/view/6803/mixed-predictions-on-anticipated-it-spending-for-2010/ Recent reports indicate that IT spending is set to increase in 2010. This comes on the heels of 2009, which saw negative IT spending growth worldwide and may have been the worst year on record for IT spending. Tue, 26 Jan 2010 16:50:00 GMT http://www.infosecurity-us.com/view/6803/mixed-predictions-on-anticipated-it-spending-for-2010/ http://www.infosecurity-us.com/view/6788/2010-virtual-conference-on-endpoint-security-beyond-the-perimeter-full-conference-programme-revealed/ Infosecurity US magazine is excited to announce the 2010 virtual conference on endpoint security, to be held on February 25, 2010. This one-day event brings a series of topical keynote sessions direct to your computer, giving you the flexibility to learn about the latest information security trends and challenges from wherever you are in the world. Tue, 26 Jan 2010 16:00:00 GMT http://www.infosecurity-us.com/view/6788/2010-virtual-conference-on-endpoint-security-beyond-the-perimeter-full-conference-programme-revealed/ http://www.infosecurity-us.com/view/6777/kaspersky-inadvertently-blocks-google-ads/ Kaspersky provoked a flurry of complaints from irate users after its anti-malware tool began blocking sites with Google advertisements yesterday. Mon, 25 Jan 2010 22:43:00 GMT http://www.infosecurity-us.com/view/6777/kaspersky-inadvertently-blocks-google-ads/ http://www.infosecurity-us.com/view/6776/weekly-brief-january-25-2010/ Infosecurity rounds up the week's news Mon, 25 Jan 2010 21:33:00 GMT http://www.infosecurity-us.com/view/6776/weekly-brief-january-25-2010/ http://www.infosecurity-us.com/view/6775/economy-forces-down-prices-for-dodgy-viagra/ Prices for male impotency drugs sold by spammers aren't as stiff as they once were, according to a new report from Messagelabs. The asking price for 'little blue pills' have softened up, as the economy has lost its staying power. Mon, 25 Jan 2010 21:23:00 GMT http://www.infosecurity-us.com/view/6775/economy-forces-down-prices-for-dodgy-viagra/ http://www.infosecurity-us.com/view/6704/prank-malware-spreads-across-internet/ Anti-virus company ESET has discovered what it thinks is a prank gone wrong. The company suspects that Win32/Zimuse, which has swept the US, was originally intended as a localized malware attack against a group of Slovakian bikers. Fri, 22 Jan 2010 20:50:00 GMT http://www.infosecurity-us.com/view/6704/prank-malware-spreads-across-internet/ http://www.infosecurity-us.com/view/6703/more-details-emerge-on-hydraq-trojan/ Hydraq, the trojan delivered by the Operation Aurora attackers, uses VNC techniques to stream live video from victims' machines, said Symantec in an analysis of the malware. Fri, 22 Jan 2010 20:20:00 GMT http://www.infosecurity-us.com/view/6703/more-details-emerge-on-hydraq-trojan/ http://www.infosecurity-us.com/view/6664/websense-protects-facebook-users-against-malware/ Websense has relaunched a spam protection service with a new feature set that protects Facebook users against malware. Thu, 21 Jan 2010 23:35:00 GMT http://www.infosecurity-us.com/view/6664/websense-protects-facebook-users-against-malware/ http://www.infosecurity-us.com/view/6663/microsoft-marlinspike-threaten-google-data-gathering-policy/ Google faced challenges to its search engine's data gathering policy this week from two sides. Microsoft bettered the search engine giant by revising its own search privacy policy, while security researcher Moxie Marlinspike delivered a service that allows users to bypass Google's data gathering procedures altogether. Thu, 21 Jan 2010 22:31:00 GMT http://www.infosecurity-us.com/view/6663/microsoft-marlinspike-threaten-google-data-gathering-policy/ http://www.infosecurity-us.com/view/6662/rockyou-users-display-poor-password-skills/ Social media site RockYou may be the subject of a lawsuit from disgruntled customers after it allowed 32 million of their accounts to be compromised, but new data suggest that many of its users are equally unsavvy when it comes to security, especially password security. Thu, 21 Jan 2010 21:48:00 GMT http://www.infosecurity-us.com/view/6662/rockyou-users-display-poor-password-skills/ http://www.infosecurity-us.com/view/6624/further-evidence-links-aurora-attack-to-china/ Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China. Thu, 21 Jan 2010 00:13:00 GMT http://www.infosecurity-us.com/view/6624/further-evidence-links-aurora-attack-to-china/ http://www.infosecurity-us.com/view/6623/internet-explorer-zeroday-vulnerability-spreads-to-microsoft-office-as-fixes-surface/ Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office. Wed, 20 Jan 2010 19:27:00 GMT http://www.infosecurity-us.com/view/6623/internet-explorer-zeroday-vulnerability-spreads-to-microsoft-office-as-fixes-surface/ http://www.infosecurity-us.com/view/6622/sourcefire-launches-faster-ips-configuration/ Sourcefire has increased the speed of its intrusion prevention system, or IPS, announcing support for a 20 Gbit/sec clustered model. Wed, 20 Jan 2010 19:00:00 GMT http://www.infosecurity-us.com/view/6622/sourcefire-launches-faster-ips-configuration/ http://www.infosecurity-us.com/view/6585/microsoft-promises-internet-explorer-patch-as-windows-zeroday-surfaces/ Microsoft has promised an Internet Explorer out-of-band patch for the zero-day vulnerability discovered earlier this month. In the meantime, a trusted researcher has highlighted a flaw in all versions of Microsoft Windows that could lead to privilege escalation. Tue, 19 Jan 2010 22:25:00 GMT http://www.infosecurity-us.com/view/6585/microsoft-promises-internet-explorer-patch-as-windows-zeroday-surfaces/ http://www.infosecurity-us.com/view/6584/phonefactor-develops-biometric-verification-system-for-phonebased-authentication-/ Multi-factor mobile authentication firm PhoneFactor has developed a biometric verification system for its phone-based authentication platform. The system uses biometric validation of a user's voiceprint to provide what it says is three-factor authentication. Tue, 19 Jan 2010 21:39:00 GMT http://www.infosecurity-us.com/view/6584/phonefactor-develops-biometric-verification-system-for-phonebased-authentication-/ http://www.infosecurity-us.com/view/6583/blackhats-replace-brawn-with-brain-in-attacking-networks/ Blackhats are working smarter rather than harder in attacks on network infrastructure, according to a comprehensive report on internet infrastructure security from Arbor Networks. Tue, 19 Jan 2010 21:32:00 GMT http://www.infosecurity-us.com/view/6583/blackhats-replace-brawn-with-brain-in-attacking-networks/ http://www.infosecurity-us.com/view/6540/fireeye-claims-protection-against-internet-explorer-zeroday-attack/ Security appliance company FireEye has said that its products can detect the latest zero-day vulnerability in Internet Explorer without any software patches. Mon, 18 Jan 2010 22:45:00 GMT http://www.infosecurity-us.com/view/6540/fireeye-claims-protection-against-internet-explorer-zeroday-attack/ http://www.infosecurity-us.com/view/6539/pdf-attacks-target-defense-community/ Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently. Mon, 18 Jan 2010 18:51:00 GMT http://www.infosecurity-us.com/view/6539/pdf-attacks-target-defense-community/ http://www.infosecurity-us.com/view/6537/internet-explorer-zeroday-code-goes-public/ The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend. Mon, 18 Jan 2010 18:19:00 GMT http://www.infosecurity-us.com/view/6537/internet-explorer-zeroday-code-goes-public/ http://www.infosecurity-us.com/view/6513/internal-security-risks-webinar-this-wednesday/ The internal security risk issue is fast becoming a boardroom topic in most organizations, especially now that relatively rare road warriors have given way to a truly mobile workforce, able to work from almost anywhere, in most businesses. Mon, 18 Jan 2010 00:45:00 GMT http://www.infosecurity-us.com/view/6513/internal-security-risks-webinar-this-wednesday/ http://www.infosecurity-us.com/view/6509/time-inc-employee-fired-over-customer-credit-card-issue-/ Time Inc has written to customers and the New Hampshire Attorney General's office, warning of a potential security breach following the possible misuse of customer credit card information by an employee. Sun, 17 Jan 2010 23:23:00 GMT http://www.infosecurity-us.com/view/6509/time-inc-employee-fired-over-customer-credit-card-issue-/ http://www.infosecurity-us.com/view/6508/weekly-brief-january-18-2010/ Infosecurity rounds up the security news from the past week. Sun, 17 Jan 2010 20:43:00 GMT http://www.infosecurity-us.com/view/6508/weekly-brief-january-18-2010/ http://www.infosecurity-us.com/view/6502/blackhats-and-whitehats-react-to-haiti-tragedy/ Blackhats and whitehats reacted with typical polarity to the disastrous Haiti earthquake this week. One faction unleashed a torrent of malware capitalizing on the tragedy, while the other organized a series of 'hackathons' to help develop technologies that would assist the humanitarian mission. Fri, 15 Jan 2010 22:34:00 GMT http://www.infosecurity-us.com/view/6502/blackhats-and-whitehats-react-to-haiti-tragedy/ http://www.infosecurity-us.com/view/6493/online-criminals-looking-to-profit-from-haiti-earthquake-/ Proving that there is no situation too tragic to exploit, cyber scofflaws have been quick to capitalize on the world’s interest in the recent earthquake in Haiti. With so many people looking to reach out and donate to victims of the tragedy, one group of black hats are attempting to rake in some of that cash by exploiting search engine optimization (SEO) techniques. Fri, 15 Jan 2010 16:21:00 GMT http://www.infosecurity-us.com/view/6493/online-criminals-looking-to-profit-from-haiti-earthquake-/ http://www.infosecurity-us.com/view/6474/isaca-launches-risk-management-certification/ Security organization ISACA has launched a new risk management qualification for information security professionals. The Certified in Risk and Information Systems Control (CRISC) certification targets professionals in the IT area who use information security controls to manage risk in technology environments. Fri, 15 Jan 2010 00:33:00 GMT http://www.infosecurity-us.com/view/6474/isaca-launches-risk-management-certification/ http://www.infosecurity-us.com/view/6473/darpa-enters-second-leg-of-cybersecurity-testing-project/ The Defense Advanced Research Projects Agency, or DARPA, has awarded $55.5m in contracts to bolster a secretive cybersecurity monitoring system, it was announced this week. Fri, 15 Jan 2010 00:12:00 GMT http://www.infosecurity-us.com/view/6473/darpa-enters-second-leg-of-cybersecurity-testing-project/ http://www.infosecurity-us.com/view/6472/internet-explorer-vulnerability-used-in-google-attack/ More details are emerging concerning the concerted attacks on over 20 technology companies, including Google, that were revealed earlier this week. The attackers targeted a vulnerability in Internet Explorer, according to Microsoft. It is now investigating the flaw, which could allow attackers to execute arbitrary code. Fri, 15 Jan 2010 00:00:00 GMT http://www.infosecurity-us.com/view/6472/internet-explorer-vulnerability-used-in-google-attack/ http://www.infosecurity-us.com/view/6431/hacked-google-threatens-to-pull-plug-in-china/ Google is threatening to unplug its controversial Chinese search engine, following a massive hacker attack on its infrastructure that it says was designed to access the accounts of human rights activists. And the company was not the attackers’ only target, it claims. Thu, 14 Jan 2010 00:32:00 GMT http://www.infosecurity-us.com/view/6431/hacked-google-threatens-to-pull-plug-in-china/ http://www.infosecurity-us.com/view/6432/connecticut-goes-after-health-net-for-breach/ The state of Connecticut is suing health insurer Health Net, following a data breach that saw 446 000 Connecticut residents’ records compromised, it said yesterday. Thu, 14 Jan 2010 00:30:00 GMT http://www.infosecurity-us.com/view/6432/connecticut-goes-after-health-net-for-breach/ http://www.infosecurity-us.com/view/6430/security-tops-datacenter-agenda-in-2010/ Security is the most important initiative for datacenter managers for the coming year, according to Symantec’s latest State of the Datacenter report. Thu, 14 Jan 2010 00:26:00 GMT http://www.infosecurity-us.com/view/6430/security-tops-datacenter-agenda-in-2010/ http://www.infosecurity-us.com/view/6415/facebook-and-mcafee-team-up-on-security/ Facebook has signed McAfee as a supplier to help protect its user base. The two companies have worked on a custom scanning and repair tool, along with education materials that will target the social networking giant's 350 million users. Wed, 13 Jan 2010 12:18:00 GMT http://www.infosecurity-us.com/view/6415/facebook-and-mcafee-team-up-on-security/ http://www.infosecurity-us.com/view/6412/employees-downloading-more-illegal-files/ Software as a service company ScanSafe has found a 55% increase in illegal download attempts over corporate networks. Wed, 13 Jan 2010 11:54:00 GMT http://www.infosecurity-us.com/view/6412/employees-downloading-more-illegal-files/ http://www.infosecurity-us.com/view/6391/adobe-issues-quarterly-patch/ Adobe distributed its first quarterly critical security update yesterday, finally patching a vulnerability that had been targeted by a zero day attack. Wed, 13 Jan 2010 00:34:00 GMT http://www.infosecurity-us.com/view/6391/adobe-issues-quarterly-patch/ http://www.infosecurity-us.com/view/6390/maryland-seeking-to-become-a-cybersecurity-hub/ The Governor of Maryland set out an aggressive campaign to position the state as a national hub for cybersecurity this week, launching a report cataloging Maryland's current efforts in the cybersecurity and electronic intelligence space. Wed, 13 Jan 2010 00:29:00 GMT http://www.infosecurity-us.com/view/6390/maryland-seeking-to-become-a-cybersecurity-hub/ http://www.infosecurity-us.com/view/6389/mba-in-cybersecurity-launched/ The University of Dayton, Ohio, and the Advanced Technical Intelligence Center (ATIC) are partnering to offer an MBA in cybersecurity management. Wed, 13 Jan 2010 00:24:00 GMT http://www.infosecurity-us.com/view/6389/mba-in-cybersecurity-launched/ http://www.infosecurity-us.com/view/6388/suffolk-county-national-bank-hacked/ Suffolk County National Bank received a nasty Christmas present on December 24th after discovering a hack that saw over 8,000 customers' accounts compromised. The breach is estimated to have cost $351 000, it warned investors. Wed, 13 Jan 2010 00:16:00 GMT http://www.infosecurity-us.com/view/6388/suffolk-county-national-bank-hacked/ http://www.infosecurity-us.com/view/6378/report-reveals-hacking-to-be-top-cause-of-data-breaches-in-2009/ Although the total number of reported data breach incidents fell year over year in 2009, the number of compromised records was still estimated at over 222 million. For the first time this past year, malicious attacks, which include hacking and insider theft, overtook human error as the leading cause of data breach in the US. This is according to a recent report compiled by the Identity Theft Resource Center, a San Diego-based non-profit that tracks occurrences of identity theft. Tue, 12 Jan 2010 16:00:00 GMT http://www.infosecurity-us.com/view/6378/report-reveals-hacking-to-be-top-cause-of-data-breaches-in-2009/ http://www.infosecurity-us.com/view/6344/microsoft-targets-security-issues-with-policy-site/ Microsoft has launched a technology policy website designed to encourage policy debates in key areas such as cloud computing, security, and privacy. Mon, 11 Jan 2010 16:29:00 GMT http://www.infosecurity-us.com/view/6344/microsoft-targets-security-issues-with-policy-site/ http://www.infosecurity-us.com/view/6318/massive-cyberfraud-ring-exposed/ Nineteen individuals have been charged with conspiracy to commit wire fraud after the FBI alleged a cybercrime conspiracy costing victims more than $15 million. Mon, 11 Jan 2010 00:57:00 GMT http://www.infosecurity-us.com/view/6318/massive-cyberfraud-ring-exposed/ http://www.infosecurity-us.com/view/6319/weekly-brief-january-11-2009/ Infosecurity rounds up the week's security news Mon, 11 Jan 2010 00:18:00 GMT http://www.infosecurity-us.com/view/6319/weekly-brief-january-11-2009/ http://www.infosecurity-us.com/view/6316/adobe-finally-jumps-on-silent-update-bandwagon/ It's official — Adobe is releasing an automatic silent updater for its PDF Reader product on April 13. The company confirmed the news to Infosecurity US this week. Fri, 08 Jan 2010 16:54:00 GMT http://www.infosecurity-us.com/view/6316/adobe-finally-jumps-on-silent-update-bandwagon/ http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/ The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Fri, 08 Jan 2010 16:24:00 GMT http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/ http://www.infosecurity-us.com/view/6280/2009-was-a-record-year-for-malware/ A PandaLabs report claims that 2009 will go down as perhaps the most prolific in malware history. In 2009, malware creators tapped into search tools used by the majority of web surfers, and exploited current events and popular culture. Thu, 07 Jan 2010 16:54:00 GMT http://www.infosecurity-us.com/view/6280/2009-was-a-record-year-for-malware/ http://www.infosecurity-us.com/view/6262/organizations-stumped-on-compromised-device-containment/ Over 40% of executives don't know how to stop compromised devices from polluting their networks, according to a poll conducted by Deloitte. Wed, 06 Jan 2010 16:28:00 GMT http://www.infosecurity-us.com/view/6262/organizations-stumped-on-compromised-device-containment/ http://www.infosecurity-us.com/view/6260/cybersitter-sues-china-for-22-billion/ US security firm CYBERsitter is suing the Chinese government for $2.2 billion for software piracy, after it allegedly used the company's source code as part of its controversial Green Dam project. Wed, 06 Jan 2010 15:25:00 GMT http://www.infosecurity-us.com/view/6260/cybersitter-sues-china-for-22-billion/ http://www.infosecurity-us.com/view/6259/pharma-victims-targeted-for-extortion-according-to-fda/ Online scammers are re-scamming Internet pharmaceutical customers with a new ploy: posing as government agents and extorting money from them, says the US Food and Drug Administration. Wed, 06 Jan 2010 14:56:00 GMT http://www.infosecurity-us.com/view/6259/pharma-victims-targeted-for-extortion-according-to-fda/ http://www.infosecurity-us.com/view/6256/cracked-usb-drives-show-nist-certification-is-not-so-secure/ Vendors of encrypted USB drives are recalling their NIST-certified products and issuing security updates after a fundamental flaw was found in the way that information is accessed. The flaw enables attackers to access encrypted data without trying to tackle the AES256 encryption algorithm used by the drives. Wed, 06 Jan 2010 14:29:00 GMT http://www.infosecurity-us.com/view/6256/cracked-usb-drives-show-nist-certification-is-not-so-secure/ http://www.infosecurity-us.com/view/6241/home-depot-fraudsters-charged-sentenced/ A Pennsylvania woman has been charged with identity theft and device fraud after forging driver's licenses and selling them on to third parties. Tue, 05 Jan 2010 17:00:00 GMT http://www.infosecurity-us.com/view/6241/home-depot-fraudsters-charged-sentenced/ http://www.infosecurity-us.com/view/6240/sophisticated-zeroday-hits-adobe-reader/ More details are emerging of a zero-day attack on Adobe's PDF reader and Acrobat applications, and security experts are calling it highly sophisticated. Moreover, anti-malware tools have been woefully poor at spotting it. Tue, 05 Jan 2010 16:29:00 GMT http://www.infosecurity-us.com/view/6240/sophisticated-zeroday-hits-adobe-reader/ http://www.infosecurity-us.com/view/6184/mcafee-hybrid-apps-will-be-hacker-target/ Applications that blur the boundaries between online and offline software will be a primary hacker target this year, according to McAfee. Mon, 04 Jan 2010 00:38:00 GMT http://www.infosecurity-us.com/view/6184/mcafee-hybrid-apps-will-be-hacker-target/ http://www.infosecurity-us.com/view/6183/ewu-exposes-130-000-student-records/ Eastern Washington University has notified present and former students of a massive data breach of its systems that could affect up to 130 000 people. Mon, 04 Jan 2010 00:00:00 GMT http://www.infosecurity-us.com/view/6183/ewu-exposes-130-000-student-records/ http://www.infosecurity-us.com/view/6182/weekly-brief-janary-4-2010/ Infosecurity rounds up the information security news from the holiday season. Sun, 03 Jan 2010 22:00:00 GMT http://www.infosecurity-us.com/view/6182/weekly-brief-janary-4-2010/ http://www.infosecurity-us.com/view/6155/isfs-howard-schmidt-becomes-us-cybersecurity-czar/ Howard Schmidt, president and CEO of the Information Security Forum (ISF) was appointed White House Cybersecurity Coordinator just before the Holidays. Tue, 29 Dec 2009 17:00:00 GMT http://www.infosecurity-us.com/view/6155/isfs-howard-schmidt-becomes-us-cybersecurity-czar/ http://www.infosecurity-us.com/view/6082/weekly-brief-december-21-2009/ Infosecurity rounds up the week's information security news. Mon, 21 Dec 2009 10:00:00 GMT http://www.infosecurity-us.com/view/6082/weekly-brief-december-21-2009/ http://www.infosecurity-us.com/view/6084/voip-vulnerabilities-on-the-rise/ The number of known vulnerabilities in VoIP products have almost tripled since 2006, according to a report from McAfee. Mon, 21 Dec 2009 09:55:00 GMT http://www.infosecurity-us.com/view/6084/voip-vulnerabilities-on-the-rise/ http://www.infosecurity-us.com/view/6083/conficker-still-rampant-in-some-countries-networks/ The Conficker worm is still thriving on networks in India, Chile, Russia and the Ukraine, where infection rates are up to 16%. Mon, 21 Dec 2009 09:45:00 GMT http://www.infosecurity-us.com/view/6083/conficker-still-rampant-in-some-countries-networks/ http://www.infosecurity-us.com/view/6086/watchguard-offers-managed-services-package-for-channel-partners/ Unified threat management vendor WatchGuard Technologies has enhanced its managed security offering with its Managed Security Services Program (MSSP). Mon, 21 Dec 2009 09:40:00 GMT http://www.infosecurity-us.com/view/6086/watchguard-offers-managed-services-package-for-channel-partners/ http://www.infosecurity-us.com/view/6085/identity-thief-gets-nine-years/ An identity thief who used victims' credentials to register credit cards fraudulently was sentenced to more than nine years in prison wihout parole late last week. Mon, 21 Dec 2009 09:33:00 GMT http://www.infosecurity-us.com/view/6085/identity-thief-gets-nine-years/ http://www.infosecurity-us.com/view/6025/adobe-admits-to-another-pdf-security-vulnerability/ Adobe has announced its latest zero-day security vulnerability in what has become a litany of such flaws this year - and this one won't be patched until halfway through January. Thu, 17 Dec 2009 19:00:00 GMT http://www.infosecurity-us.com/view/6025/adobe-admits-to-another-pdf-security-vulnerability/ http://www.infosecurity-us.com/view/6028/firefox-tops-apps-security-vulnerability-list-for-2009/ The Firefox browser topped the list of software applications with most security vulnerabilities in 2009, according to a report from application whitelisting firm Bit9. Thu, 17 Dec 2009 17:00:00 GMT http://www.infosecurity-us.com/view/6028/firefox-tops-apps-security-vulnerability-list-for-2009/ http://www.infosecurity-us.com/view/6023/secure-dns-server-launched/ Secure64 Software has released a DNS cache server that is designed to protect against cache poisoning attacks. Thu, 17 Dec 2009 15:15:00 GMT http://www.infosecurity-us.com/view/6023/secure-dns-server-launched/ http://www.infosecurity-us.com/view/5984/rogue-antivirus-tired-google-wave-wired-says-kaspersky/ Rogue anti-virus programs will become far less prevalent next year as other technologies such as Google Wave attract malware vendors' attention, said a forecast from Kaspersky this week. Thu, 17 Dec 2009 13:59:00 GMT http://www.infosecurity-us.com/view/5984/rogue-antivirus-tired-google-wave-wired-says-kaspersky/ http://www.infosecurity-us.com/view/5985/botnet-numbers-growing-fourfold-each-year/ The number of computers infected by botnet malware has almost quadrupled each year since 2004, according to a report to be released by Project Honey Pot next week. Wed, 16 Dec 2009 21:51:00 GMT http://www.infosecurity-us.com/view/5985/botnet-numbers-growing-fourfold-each-year/ http://www.infosecurity-us.com/view/5980/fortinet-ships-secure-email-appliances/ Unified threat management company Fortinet is shipping two new secure email appliances. The appliances, called FortiMail-5001A and -2000B, are aimed at high-volume carrier and managed service provider companies. Tue, 15 Dec 2009 18:36:00 GMT http://www.infosecurity-us.com/view/5980/fortinet-ships-secure-email-appliances/ http://www.infosecurity-us.com/view/5951/researcher-documents-koobface-google-reader-trick/ A Webroot researcher has documented the process that the Koobface malware uses to create malicious Google Reader pages. Tue, 15 Dec 2009 06:46:00 GMT http://www.infosecurity-us.com/view/5951/researcher-documents-koobface-google-reader-trick/ http://www.infosecurity-us.com/view/5950/google-chrome-in-anonymity-blunder/ The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports. Tue, 15 Dec 2009 06:35:00 GMT http://www.infosecurity-us.com/view/5950/google-chrome-in-anonymity-blunder/ http://www.infosecurity-us.com/view/5949/spam-volumes-exceeded-premccolo-levels-this-year/ One year after the McColo shutdown, spam volumes have not only recovered, but have grown beyond what they were before the rogue ISP was taken offline. Tue, 15 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5949/spam-volumes-exceeded-premccolo-levels-this-year/ http://www.infosecurity-us.com/view/5920/weekly-brief-december-14-2009/ Infosecurity sums up the week's information security news. Mon, 14 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5920/weekly-brief-december-14-2009/ http://www.infosecurity-us.com/view/5892/pentagon-site-still-at-risk/ A Romanian hacker has exposed security flaws in the Pentagon’s public website that have remained unfixed despite warnings of their existence at least nine months ago. Fri, 11 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5892/pentagon-site-still-at-risk/ http://www.infosecurity-us.com/view/5893/microsoft-fixes-browser-flaw/ Microsoft’s last Patch Tuesday of the year saw the release of fixes for five flaws in its Internet Explorer browser, including a critical zero-day security vulnerability that was first publicly disclosed three weeks ago. Fri, 11 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5893/microsoft-fixes-browser-flaw/ http://www.infosecurity-us.com/view/5894/hacker-makes-plea-bargain/ The hacker accused of helping to perpetrate the largest credit card theft in US history has agreed to plead guilty as part of a plea bargaining deal with federal prosecutors. Fri, 11 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5894/hacker-makes-plea-bargain/ http://www.infosecurity-us.com/view/5836/cybersecurity-task-force-established/ The Senate Select Committee on Intelligence has set up a bi-partisan taskforce on cybersecurity to evaluate potential online threats and provide recommendations for action to the US intelligence community. Thu, 10 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5836/cybersecurity-task-force-established/ http://www.infosecurity-us.com/view/5837/financial-institutions-battered-by-phishing-attacks/ Financial institutions are subjected to an average of 16 phishing attacks per week, costing them between $2.4 and $9.4 million in losses each year. Thu, 10 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5837/financial-institutions-battered-by-phishing-attacks/ http://www.infosecurity-us.com/view/5838/firms-failing-on-pci-dss/ A huge 81% of organizations that are subject to the Payment Card Industry’s Data Security Standard (PCI DSS) were found to be non-compliant prior to a data breach, according to a new study. Thu, 10 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5838/firms-failing-on-pci-dss/ http://www.infosecurity-us.com/view/5778/cloud-based-wireless-password-crack-service-launches/ A hacker who found a flaw in the SSL protocol last year has launched a new project that cracks wireless network passwords using a cloud based computing service. Tue, 08 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5778/cloud-based-wireless-password-crack-service-launches/ http://www.infosecurity-us.com/view/5806/isa-stimulus-not-regulation-to-spur-cybersecurity/ Market stimulus, not regulation, is the key to enhancing cybersecurity at a national level, according to a report issued by a cybersecurity advocacy group last week. Tue, 08 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5806/isa-stimulus-not-regulation-to-spur-cybersecurity/ http://www.infosecurity-us.com/view/5809/facebook-bolsters-online-safety-efforts/ Facebook is trying to quash concerns over the privacy and safety of its online users, by pulling together several advocacy groups to form a safety advisory board. Tue, 08 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5809/facebook-bolsters-online-safety-efforts/ http://www.infosecurity-us.com/view/5753/webinar-data-leak-prevention-security-and-log-management-webinar-scheduled/ The issue of data leaks have been in the news constantly these last 12 months, with a litany of companies hit by publicly embarrassing leaks, losses and thefts. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5753/webinar-data-leak-prevention-security-and-log-management-webinar-scheduled/ http://www.infosecurity-us.com/view/5764/weekly-brief-december-7/ Infosecurity magazine reviews the past week`s information security news. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5764/weekly-brief-december-7/ http://www.infosecurity-us.com/view/5769/adobe-to-patch-mystery-flaw-tomorrow/ Adobe has announced that it will be issuing a critical update for its Flash and Air products tomorrow - but isn't telling us what the vulnerabilities are. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5769/adobe-to-patch-mystery-flaw-tomorrow/ http://www.infosecurity-us.com/view/5774/google-launches-dns-service/ Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5774/google-launches-dns-service/ http://www.infosecurity-us.com/view/5718/malware-rebounds-as-cause-of-data-loss/ Malware has rebounded to become the biggest cause of data loss in organizations, according to a report from the Computer Security Institute (CSI). Malware infections far exceed the next most common cause - laptop and mobile hardware theft - said the 2009 CSI Computer Crime and Security Survey. Fri, 04 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5718/malware-rebounds-as-cause-of-data-loss/ http://www.infosecurity-us.com/view/5730/email-zeus-trojan-scams-on-the-rise/ Online criminals are stepping up their campaign to infectInternet users with the Zeus trojan, according to new research published by Atlanta-based managed security firm SecureWorks. Email campaigns in particular are on the rise, the company has said. Fri, 04 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5730/email-zeus-trojan-scams-on-the-rise/ http://www.infosecurity-us.com/view/5739/cameroon-is-worst-neighborhood-on-web-for-cybersecurity/ The Cameroon '.CM' domain tops the list of the riskiest top-level domains in terms of cybersecurity, according to a report from McAfee. Fri, 04 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5739/cameroon-is-worst-neighborhood-on-web-for-cybersecurity/ http://www.infosecurity-us.com/view/5641/feds-tighten-up-cybersecurity-hiring-policies/ The federal government is tightening up hiring policies for cybersecurity professionals by launching cybersecurity competency models for its employees. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5641/feds-tighten-up-cybersecurity-hiring-policies/ http://www.infosecurity-us.com/view/5649/bitly-tools-up-to-stop-spam/ URL shortening service Bit.ly has announced that it will be using three new services to help secure its service from spam and malware. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5649/bitly-tools-up-to-stop-spam/ http://www.infosecurity-us.com/view/5664/flu-spoof-delivers-trojan/ The inevitable H1N1 flu trojan attacks have started. Yesterday, McAfee detected a new H1N1-related spam campaign, spoofing emails from the Center for Disease Control (CDC) and asking victims to fill out a 'vaccination profile' as part of a state-wide flu vaccination program. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5664/flu-spoof-delivers-trojan/ http://www.infosecurity-us.com/view/5665/prevx-apologizes-over-microsoft-black-screen-claim/ Anti-malware firm Prevx has apologized to Microsoft after admitting that the 'black screen of death' - a condition that renders Windows unusable after bootup - was not caused by faulty system patches after all. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5665/prevx-apologizes-over-microsoft-black-screen-claim/ http://www.infosecurity-us.com/view/5667/webroot-stores-email-in-cloud/ Boulder, Colorado-based web security firm Webroot has expanded its range of cloud based security services with a software as a service (Saas) based email archiving offering. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5667/webroot-stores-email-in-cloud/ http://www.infosecurity-us.com/view/5614/weekly-brief-december-1-2009/ Infosecurity reports on the past week's news Tue, 01 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5614/weekly-brief-december-1-2009/ http://www.infosecurity-us.com/view/5647/ibm-snaps-up-guardium/ IBM has acquired Guardium, a company that sells enterprise database monitoring and security software. The acquisition gives IBM a software product that helps automate security compliance tasks, the companies said. Tue, 01 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5647/ibm-snaps-up-guardium/ http://www.infosecurity-us.com/view/5549/air-force-cybersecurity-unit-prepares-operations/ The newly-created 24 U.S. Air Force is about to bring limited aspects of its cybersecurity command operations center online. Mon, 30 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5549/air-force-cybersecurity-unit-prepares-operations/ http://www.infosecurity-us.com/view/5605/atm-skimming-sentenced/ Romanian fraudster Tibenu Szebeni has been given 27 months in prison and made to pay back $52 000 in ill-gotten gains after being convicted of ATM skimming. Mon, 30 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5605/atm-skimming-sentenced/ http://www.infosecurity-us.com/view/5610/bots-used-as-password-crackers/ Botnet machines are being used as password crackers, according to data released by Microsoft on Friday. Mon, 30 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5610/bots-used-as-password-crackers/ http://www.infosecurity-us.com/view/5546/microsoft-publishes-heapspraying-protection-research/ Microsoft has published an article describing a new tool that it hopes will thwart memory-based heap-spraying attacks on software. Thu, 26 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5546/microsoft-publishes-heapspraying-protection-research/ http://www.infosecurity-us.com/view/5547/allot-web-filtering-helps-isps-lock-out-child-pornography/ Allot Communications has launched WebSafe, a web filtering service targeting broadband service providers to help protect against illegal content such as child pornography. Thu, 26 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5547/allot-web-filtering-helps-isps-lock-out-child-pornography/ http://www.infosecurity-us.com/view/5502/symantec-hacked-in-sql-attack/ Symantec's Japanese support website has been hacked using an SQL injection attack, the company confirmed yesterday. Wed, 25 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5502/symantec-hacked-in-sql-attack/ http://www.infosecurity-us.com/view/5503/godfather-of-spam-ralsky-goes-down/ Spam king Alan Ralsky was sentenced to four years in jail this week, for pump-and-dump stock spamming. Nine other spammers were also sent to jail for the same crime. Wed, 25 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5503/godfather-of-spam-ralsky-goes-down/ http://www.infosecurity-us.com/view/5504/easing-economy-changes-spam-content/ Better economic conditions mean that spammers are once again advertising third party products and services, rather than mounting spam campaigns attempting to garner business for themselves, a new report from Kaspersky said this week. Wed, 25 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5504/easing-economy-changes-spam-content/ http://www.infosecurity-us.com/view/5453/employees-ready-to-steal-data-during-economic-crunch/ Economically challenged employees are likely to abandon their ethics in pursuit of new jobs by stealing corporate data, according to a survey from security firm Cyber-Ark. Tue, 24 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5453/employees-ready-to-steal-data-during-economic-crunch/ http://www.infosecurity-us.com/view/5478/iphone-banking-trojan-creates-botnet-from-apple-devices/ A third piece of iPhone malware has appeared, pushing the envelope further than ever before by creating a botnet of infected devices and acting as a banking trojan. Tue, 24 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5478/iphone-banking-trojan-creates-botnet-from-apple-devices/ http://www.infosecurity-us.com/view/5479/china-engaged-in-longterm-information-warfare-activity-says-us-government/ China is waging a long-term sustained information warfare campaign against the US, according to a report by the US-China Economic and Security Review Commission (USCC). Tue, 24 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5479/china-engaged-in-longterm-information-warfare-activity-says-us-government/ http://www.infosecurity-us.com/view/5419/mobile-working-raises-information-security-issues-for-government/ Mobile working and online collaboration are two of the most threatening trends when it comes to information security in the federal government, according to a report released by the Ponemon Institute. Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5419/mobile-working-raises-information-security-issues-for-government/ http://www.infosecurity-us.com/view/5420/canadians-too-privacy-intrusive-on-financial-data-logging/ The Canadian government is collecting more personal financial information on citizens than the law allows, according to the country's federal Privacy Commissioner. Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5420/canadians-too-privacy-intrusive-on-financial-data-logging/ http://www.infosecurity-us.com/view/5421/infosecurity-us-weekly-brief-november-23-2009/ Infosecurity US rounds up the last week's information security news. Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5421/infosecurity-us-weekly-brief-november-23-2009/ http://www.infosecurity-us.com/view/5422/health-net-comes-under-scrutiny-for-data-loss/ Medical insurance firm Health Net is under investigation by at least two Attorney Generals, following a data loss that has exposed up to 1.5 million customer records Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5422/health-net-comes-under-scrutiny-for-data-loss/ http://www.infosecurity-us.com/view/5382/imation-ships-wireless-usb-drive/ Imation has announced what it says is the world's first wireless USB external hard drive. Fri, 20 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5382/imation-ships-wireless-usb-drive/ http://www.infosecurity-us.com/view/5402/rogue-blogs-pollute-google-results/ Another round of SEO attacks has been discovered targeting Google. Criminals are crafting custom rogue blogs designed to target the 'long tail' of obscure Google searches to avoid having to compete with more popular searches in Google results, according to cyber intelligence company Cyveillance. Fri, 20 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5402/rogue-blogs-pollute-google-results/ http://www.infosecurity-us.com/view/5346/smart-grid-could-lead-to-privacy-stupidity-warns-commissioner/ A smart electricity grid could lead to some stupid privacy decisions, according to a report issued by the Information and Privacy Commissioner of Ontario, Canada. Thu, 19 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5346/smart-grid-could-lead-to-privacy-stupidity-warns-commissioner/ http://www.infosecurity-us.com/view/5378/dnssec-encrypted-domain-technology-gets-welcome-boost/ Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment. Thu, 19 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5378/dnssec-encrypted-domain-technology-gets-welcome-boost/ http://www.infosecurity-us.com/view/5380/gumblar-goes-into-overdrive/ The Gumblar botnet has moved into overdrive, changing its operating model to dramatically increase its infection rates, according to the latest monthly threat report from ScanSafe. Thu, 19 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5380/gumblar-goes-into-overdrive/ http://www.infosecurity-us.com/view/5323/defense-contractor-gets-serious-about-information-security/ Lockheed Martin has formed an information security alliance with a collection of technology providers that will focus on self-healing systems to help solve information security problems. Wed, 18 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5323/defense-contractor-gets-serious-about-information-security/ http://www.infosecurity-us.com/view/5324/mcafee-nations-engaged-in-cold-warstyle-cyberwarfare/ Nations are secretly stockpiling tools and techniques in preparation for sophisticated cyberwarfare against each other, McAfee said in its annual Virtual Criminology report yesterday. Wed, 18 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5324/mcafee-nations-engaged-in-cold-warstyle-cyberwarfare/ http://www.infosecurity-us.com/view/5325/los-alamos-fails-to-toe-information-security-line-again/ Los Alamos National Laboratory has spent $45 million on information security for its classified computer network in the past eight years, but it is still inadequate, according to a report from the Government Accountability Office. Wed, 18 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5325/los-alamos-fails-to-toe-information-security-line-again/ http://www.infosecurity-us.com/view/5276/network-ips-far-from-adequate-says-icsa-labs/ Seven in every 10 network IPS products never attain security certification because they are inadequate, according to a damning report from ICSA Labs, a division of Verizon business. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5276/network-ips-far-from-adequate-says-icsa-labs/ http://www.infosecurity-us.com/view/5281/astaro-offers-free-firewall-version-of-its-utm-system/ Unified threat management firm Astaro is offering a free version of its UTM product, focusing on firewall functions and targeting SMBs. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5281/astaro-offers-free-firewall-version-of-its-utm-system/ http://www.infosecurity-us.com/view/5289/microsoft-discovers-windows-7-zeroday-flaw/ Microsoft has discovered a zero-day denial of service vulnerability in the server message block (SMB) protocol used in Windows 7. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5289/microsoft-discovers-windows-7-zeroday-flaw/ http://www.infosecurity-us.com/view/5290/sophos-warns-against-tamiflu-scam/ Sophos has warned internet users against buying Tamiflu online, the drug designed to help stop people getting infected by the H1N1 virus also known as the swine flu. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5290/sophos-warns-against-tamiflu-scam/ http://www.infosecurity-us.com/view/5291/misconfigured-modems-leave-web-open-to-ddos-attacks/ Poorly configured cable and DSL modems are leaving the internet open to distributed denial of service (DDoS) attacks based on rogue DNS queries, according to research to be released this week by Infoblox. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5291/misconfigured-modems-leave-web-open-to-ddos-attacks/ http://www.infosecurity-us.com/view/5252/weekly-brief-november-16-2009/ Infosecurity rounds up this week's information security news. Mon, 16 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5252/weekly-brief-november-16-2009/ http://www.infosecurity-us.com/view/5222/microsoft-gets-agile-with-security-development-lifecycle/ Microsoft has announced guidance for applying secure programming techniques for agile software developers. The company rolled out new guidelines that will enable agile software developers to apply its Security Development Lifecycle (SDL) guidelines. Fri, 13 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5222/microsoft-gets-agile-with-security-development-lifecycle/ http://www.infosecurity-us.com/view/5223/trustwave-enters-incident-management-business/ Security and PCI compliance tools vendor Trustwave has launched an Incident Readiness Service to prepare and help protect organizations from security incidents, and help test incident response plans. Fri, 13 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5223/trustwave-enters-incident-management-business/ http://www.infosecurity-us.com/view/5224/megad-spam-count-zeroes-out-after-fireeye-botnet-takedown/ Spam sent by the Mega-D botnet has almost entirely disappeared, after US-based anti-malware appliance firm FireEye took it down. Fri, 13 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5224/megad-spam-count-zeroes-out-after-fireeye-botnet-takedown/ http://www.infosecurity-us.com/view/5187/indorse-beefs-up-image-watermarking/ InDorse Technologies has released a software program that embeds policy information directly within its watermarking designed to protect image data. The watermarking product, called InDorse Image Assurance (InDIA), is designed to prevent the distribution of pirated photos and video gaming images to unauthorized personnel. Thu, 12 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5187/indorse-beefs-up-image-watermarking/ http://www.infosecurity-us.com/view/5188/iphone-hacker-tool-unveiled/ Just days after an iPhone worm was discovered in the wild, Mac security firm Intego has discovered a hacker tool targeting the iPhone that exploits the same vulnerability. Thu, 12 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5188/iphone-hacker-tool-unveiled/ http://www.infosecurity-us.com/view/5189/report-federal-agencies-overstretched-on-cybersecurity/ Only half of the federal government's agencies feel that they have an adequate security budget, according to a report released this week. And yet, cybersecurity incidents are on the rise. Thu, 12 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5189/report-federal-agencies-overstretched-on-cybersecurity/ http://www.infosecurity-us.com/view/5150/facebook-hits-back-at-hacked-groups-claims/ Facebook hit back at a grassroots digital privacy group this week, after it criticized the social media giant's handling of its Groups functionality. Control Your Info, a group hoping to highlight information privacy flaws in social media applications, revealed that it is possible for anyone to take over ownership of a Facebook group that has no administrators. Wed, 11 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5150/facebook-hits-back-at-hacked-groups-claims/ http://www.infosecurity-us.com/view/5151/unisys-adds-more-secure-cloud-options/ Unisys has announced a locally-hosted version of its secure cloud computing system, along with updates to its existing managed public cloud offering. Wed, 11 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5151/unisys-adds-more-secure-cloud-options/ http://www.infosecurity-us.com/view/5153/phishers-prepare-christmas-campaign/ Phishers are gearing up for the Christmas holiday season, according to the latest report from Symantec. Phishing attacks were up 17% in October compared to the previous month, and phishers continue to automate their attacks by increasingly resourcing to phishing toolkits. Wed, 11 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5153/phishers-prepare-christmas-campaign/ http://www.infosecurity-us.com/view/5115/google-cloud-platform-used-for-botnet-control/ Botnet controllers have been using cloud based systems such as the Google cloud platform as command and control nodes for infected PCs, said a researcher at Arbor Networks. Tue, 10 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5115/google-cloud-platform-used-for-botnet-control/ http://www.infosecurity-us.com/view/5068/spam-king-sanford-wallace-owes-facebook-us107m/ Spam king Sanford Wallace has been ordered to pay US$710.7 million to social networking company Facebook following a federal court case. Wallace is said to have compromised Facebook accounts using phishing emails, and used them to send spam to other members. Mon, 09 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5068/spam-king-sanford-wallace-owes-facebook-us107m/ http://www.infosecurity-us.com/view/5092/weekly-brief-november-9-2009/ Breaches, Certifications, Charges, Vulnerabilities, and Acquisitions. Infosecurity sums up the past week's news. Mon, 09 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5092/weekly-brief-november-9-2009/ http://www.infosecurity-us.com/view/5066/open-source-software-in-us-government/ The Department of Defense has updated its guidance on open source software for the first time since 2003. Sun, 08 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5066/open-source-software-in-us-government/ http://www.infosecurity-us.com/view/5067/pirate-bay-clampdown-saw-illegal-file-sharing-sites-rocket/ The closure of the popular Pirate Bay torrent tracking service earlier this year created a flood of alternative illegal file sharing sites and malware distribution hubs, according to a report released by McAfee. Sun, 08 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5067/pirate-bay-clampdown-saw-illegal-file-sharing-sites-rocket/ http://www.infosecurity-us.com/view/5063/swine-flu-could-give-internet-a-cold/ A physical pandemic such as the swine flu (H1N1) could swamp internet service providers serving residential users, according to a report from the Government Accountability Office – and the Department Of Homeland Security doesn't have a plan to deal with it. Sat, 07 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5063/swine-flu-could-give-internet-a-cold/ http://www.infosecurity-us.com/view/5065/ufo-hacker-gary-mckinnon-gets-lastminute-relief/ UK UFO hacker Gary McKinnon has been thrown a lifeline by UK home Secretary Alan Johnson following the production of medical evidence which suggests that his health could be at risk if extradited. Sat, 07 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5065/ufo-hacker-gary-mckinnon-gets-lastminute-relief/ http://www.infosecurity-us.com/view/5052/spearphishing-emails-target-customers-of-illequipped-banks/ The FBI has slammed poor security in financial institutions, after identifying a drastic rise in money being stolen from small to medium-sized businesses via spearphishing emails, it said in an intelligence note early this week. Fri, 06 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5052/spearphishing-emails-target-customers-of-illequipped-banks/ http://www.infosecurity-us.com/view/5053/antivirus-vendors-stonyfaced-at-loselose-/ Anti-virus companies are failing to get the joke after the release of a free arcade game for the Mac that deletes the users' files during play. Lose/Lose warns 'victims' that it is about to delete files on their hard drives before they begin playing, and it keeps its word. Fri, 06 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5053/antivirus-vendors-stonyfaced-at-loselose-/ http://www.infosecurity-us.com/view/5060/microsoft-releases-sirv7-network-worms-on-the-rise/ Network worms are on the rise again thanks to poor IT management in the enterprise, according to the latest Security Intelligence Report (SIR) from Microsoft. Dramatic successes among worms in enterprises have caused this category of malware to move from fifth place to second place worldwide. Fri, 06 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5060/microsoft-releases-sirv7-network-worms-on-the-rise/ http://www.infosecurity-us.com/view/4915/weekly-brief-nov-2-2009/ Spammers, breaches, cloud concerns, and government moves make this week's headlines in our infosecurity weekly brief. Mon, 02 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4915/weekly-brief-nov-2-2009/ http://www.infosecurity-us.com/view/4922/us-opens-cyber-security-command-centre/ The US has officially opened a state-of-the-art unified command center for government cybersecurity in Arlington, Virginia. Mon, 02 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4922/us-opens-cyber-security-command-centre/ http://www.infosecurity-us.com/view/4924/window-7-users-struggle-to-boot-up/ Windows 7 owners are having problems installing their new operating system, especially over Vista, according to comments on Microsoft's support site. Mon, 02 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4924/window-7-users-struggle-to-boot-up/ http://www.infosecurity-us.com/view/4890/twitter-not-adequately-checking-urls-says-kaspersky/ Twitter is failing to block malicious websites that are being posted to it via URL shortening services, according to researchers from Kaspersky, who have applied their own back-end service to help solve the problem. Fri, 30 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4890/twitter-not-adequately-checking-urls-says-kaspersky/ http://www.infosecurity-us.com/view/4859/tipping-point-gets-multithreaded-with-intrusion-prevention-system-launch/ Tipping Point unveiled its latest intrusion prevention system this week, featuring an updated software / hardware combo that the company said is better at handling many tasks at once. Thu, 29 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4859/tipping-point-gets-multithreaded-with-intrusion-prevention-system-launch/ http://www.infosecurity-us.com/view/4824/experts-downplay-cyberwarfare-/ A prominent strategic think tank published a report downplaying the potential for conflict in cyberspace, adding to influential voices that question the role of cyberwarfare. Wed, 28 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4824/experts-downplay-cyberwarfare-/ http://www.infosecurity-us.com/view/4842/fbi-director-almost-fell-for-phishing-attack/ The director of the FBI and the man charged with protecting the US from cyberthreats, Rober Mueller, has given up online banking after a phishing scare. Wed, 28 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4842/fbi-director-almost-fell-for-phishing-attack/ http://www.infosecurity-us.com/view/4754/weekly-brief-october-26-2009/ Information security: Breaches, walls, charges, tools, and deals. Mon, 26 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4754/weekly-brief-october-26-2009/ http://www.infosecurity-us.com/view/4761/man-jailed-for-selling-pirated-software-on-ebay/ A US court has sentenced a man to three years in jail for selling more than $1m worth of pirated software on eBay. Mon, 26 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4761/man-jailed-for-selling-pirated-software-on-ebay/ http://www.infosecurity-us.com/view/4762/rsa-europe-fbi-and-soca-need-help/ The US Federal Bureau of Investigation (FBI) and the UK Serious Organised Crime Agency (Soca) have called for greater collaboration with the IT security industry in fighting cybercrime. Mon, 26 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4762/rsa-europe-fbi-and-soca-need-help/ http://www.infosecurity-us.com/view/4693/rapid7-acquires-metasploit-open-source-project/ Rapid7, the vulnerability management security specialist, has acquired Metasploit, the ongoing open source security project that developed the Metasploit Framework. The move is billed as allowing Rapid7 to enhance its penetration testing technologies. Wed, 21 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4693/rapid7-acquires-metasploit-open-source-project/ http://www.infosecurity-us.com/view/4659/symantec-says-internet-users-plagued-by-fake-antivirus-software/ Research just published by Symantec claims to show that users are increasingly being fooled into installing fake anti-virus software - aka scamware - onto their machines. Tue, 20 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4659/symantec-says-internet-users-plagued-by-fake-antivirus-software/ http://www.infosecurity-us.com/view/4627/find-out-how-to-implement-leastprivilege-security-management-for-linux-and-unix/ A least-privilege security model has its merits, but it can be challenging to implement in for example Linux and UNIX environments where administrators often share passwords to root- or other superuser accounts. Find out how to implement least-privilege security management for Linux and UNIX for free on October 27 at 10am Pacific Time. Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4627/find-out-how-to-implement-leastprivilege-security-management-for-linux-and-unix/ http://www.infosecurity-us.com/view/4633/microsoft-security-essentials-gets-15-million-downloads-in-first-week/ More than 1.5 million Windows users downloaded Microsoft's free anti-virus and anti-malware tool, Security Essentials in the week after it was released, the software firm has claimed. Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4633/microsoft-security-essentials-gets-15-million-downloads-in-first-week/ http://www.infosecurity-us.com/view/4636/google-apps-ad-campaign-goes-global/ Google is to expand a mass-market advertising campaign for its cloud-based office software services beyond the US today. Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4636/google-apps-ad-campaign-goes-global/ http://www.infosecurity-us.com/view/4638/weekly-brief-october-19-2009/ US$4000 lost in Facebook scam; Michigan's airport website closed due to malware; the first Windows 7 security patches appear; and more. We report on the IT security news... Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4638/weekly-brief-october-19-2009/ http://www.infosecurity-us.com/view/4579/walmart-epos-system-source-code-hacked-how-secure-is-the-payment-card-data/ Reports are coming in that the source code of the Wal-Mart highly customized point-of-sale (EPOS) computer system - used in almost 900 of its stores across the US - has been hacked. Fri, 16 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4579/walmart-epos-system-source-code-hacked-how-secure-is-the-payment-card-data/ http://www.infosecurity-us.com/view/4600/lawsuits-fly-over-tmobile-sidekick-cloud-data-loss/ T-Mobile has reportedly been hit by two class action lawsuits alleging that the cellular carrier misled consumers into believing that their data was secure after data was lost in the cloud Fri, 16 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4600/lawsuits-fly-over-tmobile-sidekick-cloud-data-loss/ http://www.infosecurity-us.com/view/4539/report-the-department-of-homeland-security-could-try-harder-on-web-security/ The Department of Homeland Security is putting its websites at risk by failing to patch software and conduct regular security assessments, according to a report from the inspector general, Richard Skinner. Wed, 14 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4539/report-the-department-of-homeland-security-could-try-harder-on-web-security/ http://www.infosecurity-us.com/view/4549/us-phishing-attacks-decline-in-third-quarter/ The third quarter security trends report from Commtouch and its security alliance partners suggests that phishing is now on the decline, after peaking in the summer. Wed, 14 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4549/us-phishing-attacks-decline-in-third-quarter/ http://www.infosecurity-us.com/view/4562/qsa-system-is-broken-says-heartland-ceo/ In a session titled ‘Enhancing payment security in 2010’, Robert O. Carr, Chairman and CEO or Heartland Payment Systems - the subject of potentially the world’s biggest data security breach earlier this year - declared that the model used by quality security assessors (QSA) is “broken”. Wed, 14 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4562/qsa-system-is-broken-says-heartland-ceo/ http://www.infosecurity-us.com/view/4512/weekly-brief-october-13-2009/ Trends, Tussles, Tools, and Attacks: We round up the last week's information security news. Tue, 13 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4512/weekly-brief-october-13-2009/ http://www.infosecurity-us.com/view/4498/google-voice-under-us-federal-spotlight/ US communication authorities are investigating allegations by telecoms group AT&T that Google has an unfair advantage because Google Voice is not covered by federal rules that govern phone service providers. Mon, 12 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4498/google-voice-under-us-federal-spotlight/ http://www.infosecurity-us.com/view/4500/fbi-nets-100-in-operation-phish-phry/ Police and FBI agents yesterday charged nearly 100 people in the US and Egypt as part of Operation Phish Phry, one the largest cyber fraud phishing cases to date. Mon, 12 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4500/fbi-nets-100-in-operation-phish-phry/ http://www.infosecurity-us.com/view/4453/comcast-gets-proactive-with-malware-infected-customers/ Comcast is piloting a service that will notify customers that have been infected with malware, the company said this week. Fri, 09 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4453/comcast-gets-proactive-with-malware-infected-customers/ http://www.infosecurity-us.com/view/4454/adobe-reader-struck-by-yet-another-zeroday-security-flaw/ Adobe is warning that a critical security vulnerability in its Adobe Reader and Acrobat programs are being exploited in the wild. Fri, 09 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4454/adobe-reader-struck-by-yet-another-zeroday-security-flaw/ http://www.infosecurity-us.com/view/4444/football-and-hockey-seasons-off-to-a-malicious-start-on-web-says-esoft-/ Research revealed by eSoft, the web content filtering company, suggests there has a been a "startling increase" in compromised sports websites, including Fox Sports, the popular sports portal operated by Fox News. Thu, 08 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4444/football-and-hockey-seasons-off-to-a-malicious-start-on-web-says-esoft-/ http://www.infosecurity-us.com/view/4365/ibm-offers-sme-cloud-email-for-just-300-per-user/ IBM has surprised the cloud computing industry by launching a cloud-based email service - claiming to offer "reliability, privacy and security" - for just $3.00 per user per month. Tue, 06 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4365/ibm-offers-sme-cloud-email-for-just-300-per-user/ http://www.infosecurity-us.com/view/4346/weekly-brief-october-5-2009/ Deviousness, Defenses, and Disappointments - read all about the week's security news in our weekly brief. Mon, 05 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4346/weekly-brief-october-5-2009/ http://www.infosecurity-us.com/view/4370/rogue-malware-explodes-in-2009/ Business in rogue anti-virus software is booming, according to a new report from the Anti Phishing Working Group (APWG). In the first half of this year, the number of such programs plaguing internet users increased by 585%. Mon, 05 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4370/rogue-malware-explodes-in-2009/ http://www.infosecurity-us.com/view/4306/researchers-turn-wireless-network-into-xray-tool/ Researchers at the University of Utah have devised a way to visually monitor a room using cheap wireless sensors. The technique, known as ' variance-based radio tomography', effectively enables its users to see through walls, explain Jerry Wilson and Neal Patwari, authors of a paper on the subject. Fri, 02 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4306/researchers-turn-wireless-network-into-xray-tool/ http://www.infosecurity-us.com/view/4252/microsoft-ships-free-antivirus-tool/ Microsoft officially shipped Microsoft Security Essentials, its free anti-virus product, yesterday. The product, which had been beta tested under the codename Morro, is designed as a free software offering specifically for home users. Wed, 30 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4252/microsoft-ships-free-antivirus-tool/ http://www.infosecurity-us.com/view/4262/google-deactivates-gmail-email-account-after-us-bank-error/ In an interesting turn of events, a small bank in the US inadvertently emailed data on around 1300 of its customers to a random Gmail account. Then, after failing to contact the owner of the Gmail account, successfully requested a court to order Google to deactivate the Gmail account in question. Wed, 30 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4262/google-deactivates-gmail-email-account-after-us-bank-error/ http://www.infosecurity-us.com/view/4226/netflix-second-data-challenge-on-revealing-customers-dvd-rental-habits-has-privacy-experts-hopping-mad/ Privacy advocates are furious at plans by DVD rental service Netflix to unveil more data about the rental habits of its customers. Experts argue that the data could easily be used to identify customers and draw inferences about their lifestyles. Tue, 29 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4226/netflix-second-data-challenge-on-revealing-customers-dvd-rental-habits-has-privacy-experts-hopping-mad/ http://www.infosecurity-us.com/view/4220/weekly-brief-september-28-2009/ Takedowns, Tools, Threats, and Tsk, Tsk! We review the week's information security news. Mon, 28 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4220/weekly-brief-september-28-2009/ http://www.infosecurity-us.com/view/4168/malicious-advertising-malware-hit-popular-websites/ Popular websites have been made to serve up malware via malicious advertising delivered by advertising banner services. Fri, 25 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4168/malicious-advertising-malware-hit-popular-websites/ http://www.infosecurity-us.com/view/4131/hackers-pose-as-internet-telephony-firm-in-new-york-times-ad-scam/ The New York Times has admitted it has been the victim of a complex scam, in which a group of hackers purchased ad space on the famous publisher's website, then posed as internet telephony company Vonage, to infect users with malware. Thu, 24 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4131/hackers-pose-as-internet-telephony-firm-in-new-york-times-ad-scam/ http://www.infosecurity-us.com/view/4095/canon-printer-protects-data-in-copied-documents/ Printer company Canon has unveiled a printer that can automatically protect the data in copied documents. The Canon ImageRunner Advance printer, targeted at medium to large enterprises, features Scan Lock, a system which superimposes a watermark on copied documents, coded as a series of microdots. Wed, 23 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4095/canon-printer-protects-data-in-copied-documents/ http://www.infosecurity-us.com/view/4122/chatinthemiddle-phishing-attack-targets-online-banking/ RSA, the security division of EMC has discovered a phishing attack it calls ‘chat-in-the-middle’, which targets online banking customers tricking them into divulging username and passwords. Wed, 23 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4122/chatinthemiddle-phishing-attack-targets-online-banking/ http://www.infosecurity-us.com/view/4068/mit-projects-raise-privacy-questions/ Two experiments conducted at MIT are raising questions about the level of privacy among those who use modern tools such as mobile phones and social networks - and suggesting that there is even less of it than most of us already thought. Tue, 22 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4068/mit-projects-raise-privacy-questions/ http://www.infosecurity-us.com/view/4047/weekly-brief-september-21-2009/ Talk, Tools, Techniques, Trials, and Traps - get the lowdown on the week's security news in our weekly brief. Mon, 21 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4047/weekly-brief-september-21-2009/ http://www.infosecurity-us.com/view/4025/epic-obama-must-try-harder-on-electronic-privacy/ Eight months into its first year, the Obama administration could still try harder when it comes to electronic privacy and digital rights, according to a report card issued by an advocacy group. Fri, 18 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4025/epic-obama-must-try-harder-on-electronic-privacy/ http://www.infosecurity-us.com/view/4031/mobilecloud-workforce-security-issues-covered-in-webinar-recording/ An informative webinar - in which BigFix, Trend Micro and one of their joint customers in the healthcare sector looked at some of the problems in the mobile workforce and allied IT security sectors - was a great success this Thursday. Fri, 18 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4031/mobilecloud-workforce-security-issues-covered-in-webinar-recording/ http://www.infosecurity-us.com/view/3993/it-security-priorities-all-wrong-according-to-sans-/ IT managers are focusing on the wrong security threats, according to a report from the SANS Institute. Wed, 16 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3993/it-security-priorities-all-wrong-according-to-sans-/ http://www.infosecurity-us.com/view/3996/us-electricity-grid-could-suffer-cascading-blackouts-from-small-attacks/ A Chinese researcher has discovered weaknesses in the US electricity grid that could enable attacks causing cascading blackouts by attacking relatively small parts of the network. Wed, 16 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3996/us-electricity-grid-could-suffer-cascading-blackouts-from-small-attacks/ http://www.infosecurity-us.com/view/3963/infosecurity-weekly-brief-september-15-2009/ Breaches, threats, protections and security directions - we summarise what's been happening in the world of information security over the past week. Tue, 15 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3963/infosecurity-weekly-brief-september-15-2009/ http://www.infosecurity-us.com/view/3937/commuter-matching-website-highly-vulnerable-to-sql-injections/ RideMatch.info, a website used by several California-based companies and transportation boards to match commuters on similar routes, has been found to be potentially vulnerable to massive SQL injections that could result in the disclosure of users' personal data. Mon, 14 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3937/commuter-matching-website-highly-vulnerable-to-sql-injections/ http://www.infosecurity-us.com/view/3951/deploying-effective-it-security-on-a-tight-budget-webinar/ This week promises to be an exciting one for Infosecurity and its readers as, while President Obama is reportedly close to appointing a Frank Kramer, former assistant defense secretary under President Bill Clinton, as his new cybersecurity chief, we will be hosting a topical IT security webinar looking at how to protect your critical data on a budget. Mon, 14 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3951/deploying-effective-it-security-on-a-tight-budget-webinar/ http://www.infosecurity-us.com/view/3945/fake-antivirus-team-exploits-september-11-anniversary-/ Online scams related to holidays, global events, and popular news stories are common, but September 11 scammers really scraped the bottom of the moral barrel last week. Scareware scammers are using the eighth anniversary of the September 11 attacks to sell their fake anti-virus software to unsuspecting users. Sun, 13 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3945/fake-antivirus-team-exploits-september-11-anniversary-/ http://www.infosecurity-us.com/view/3922/identity-theft-911-looks-at-identity-theft-in-educational-environments/ Lapses in data security at major colleges and universities across the USA over the past four years have exposed tens of millions of personal records of students, alumni, faculty and staff and put them at risk of identity fraud and theft, according to a report from Identity Theft 911, the ID theft resolution service. Fri, 11 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3922/identity-theft-911-looks-at-identity-theft-in-educational-environments/ http://www.infosecurity-us.com/view/3864/astaro-offers-free-business-firewall-for-vmware/ Astaro Corp., has released a free business firewall for the VMware environment. The IT security vendor says that the firewall - which offers the base functionality of its Astaro Security Gateway Virtual Appliance by using a special license key - will allow organizations with virtual environments to secure their network from external threats. Thu, 10 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3864/astaro-offers-free-business-firewall-for-vmware/ http://www.infosecurity-us.com/view/3831/congress-weighs-changes-in-web-advertising-privacy/ Congress is working on proposed privacy legislation that would give consumers much more control over the personal and private information they generate and share with third-party companies on the internet during their everyday online activities. Wed, 09 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3831/congress-weighs-changes-in-web-advertising-privacy/ http://www.infosecurity-us.com/view/3862/microsoft-faces-two-zeroday-security-flaws/ Microsoft may be forced to release an out-of-cycle security update for a vulnerability published the same day as the firm released its September Patch Tuesday update. Wed, 09 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3862/microsoft-faces-two-zeroday-security-flaws/ http://www.infosecurity-us.com/view/3832/us-academics-develop-cloud-attack-methodology-/ A group of academics with the University of California in San Diego and MIT claim to have discovered a cloud attack methodology called a side channel attack. By signing up to Amazon's cloud computing service and placing a virtual machine on the same physical machine as a target application, they claim the security of the cloud application can be compromized. Tue, 08 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3832/us-academics-develop-cloud-attack-methodology-/ http://www.infosecurity-us.com/view/3809/weekly-brief-september-7-2009/ In this week’s information security news: Marshal8e6 rebrands as M86 Security; Australian federal police mock hackers - and are hacked in return; Raytheon releases industry's fastest cross-domain sharing solution; and more... Mon, 07 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3809/weekly-brief-september-7-2009/ http://www.infosecurity-us.com/view/3813/how-is-the-information-security-industry-coping-in-the-economic-downturn/ As the recession continues to chew into budgets, and cybercriminals see increased opportunity for looting, CISOs need to ensure that their information security defences remain strong but affordable. Find out more for free! Mon, 07 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3813/how-is-the-information-security-industry-coping-in-the-economic-downturn/ http://www.infosecurity-us.com/view/3798/how-to-protect-critical-data-on-a-tight-budget/ Whilst threats against business critical data have been rising steadily in recent times, almost all companies have had their IT security budgets cut or placed under intense scrutiny. Sat, 05 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3798/how-to-protect-critical-data-on-a-tight-budget/ http://www.infosecurity-us.com/view/3761/tollfree-pbx-hack-highlights-need-for-code-auditing-/ Reports that a North Carolina business has been left with a US$2500 phone bill after phone phreakers hacked its PBX via the firm's toll-free number shows the danger of failing to audit all aspects of a systems' software, said Fortify, the application vulnerability specialist. Fri, 04 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3761/tollfree-pbx-hack-highlights-need-for-code-auditing-/ http://www.infosecurity-us.com/view/3769/learn-about-how-to-keep-security-and-it-ready-for-a-pandemic/ With the recent scares about the swine flu, more and more businesses feel the need to plan for a pandemic, but are their security and IT up to the challenge? Fri, 04 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3769/learn-about-how-to-keep-security-and-it-ready-for-a-pandemic/ http://www.infosecurity-us.com/view/3734/virtualization-could-double-in-2010-but-what-about-security/ The number of organizations with at least half of their servers virtualized is expected to double in 2010 to 51%, according to a survey of 480 IT professionals about virtualization conducted by identity and access management vendor Centrify Corporation. Thu, 03 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3734/virtualization-could-double-in-2010-but-what-about-security/ http://www.infosecurity-us.com/view/3737/us-could-get-slower-broadband-than-the-uk/ The US could end up with slower broadband speeds than the UK if the Federal Communications Commission (FCC) accepts submissions on the definition of broadband from US internet service providers (ISPs). Thu, 03 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3737/us-could-get-slower-broadband-than-the-uk/ http://www.infosecurity-us.com/view/3701/windows-mobile-refresh-to-launch-in-october/ Microsoft will launch the latest version of its operating system for mobile devices next month. Wed, 02 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3701/windows-mobile-refresh-to-launch-in-october/ http://www.infosecurity-us.com/view/3706/network-box-looks-at-the-problem-of-authentication/ Many authentication systems are not secure, especially as users often fail to remember a multiple of usernames and passwords, according to security company Network Box’s latest white paper Authentication, Who Are you? Wed, 02 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3706/network-box-looks-at-the-problem-of-authentication/ http://www.infosecurity-us.com/view/3672/weekly-brief-september-1-2009/ In this week’s information security news: Trojan eavesdrops on Skype; Snow Leopard only recognizes two Trojans; private messages are sent to wrong recipients; search warrants are needed for digital data; and more… Tue, 01 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3672/weekly-brief-september-1-2009/ http://www.infosecurity-us.com/view/3674/web-20-no-a-business-enabled-or-a-security-nightmare-find-out-more-later-this-month/ Whilst Web 2.0-driven websites and services have made the mobile internet almost as popular as the desktop web, the technology is an information security manager's nightmare, with code extensibility, IP interactions and website flexibility driving a steamroller through traditional information security systems. So what are IT managers to do? Tue, 01 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3674/web-20-no-a-business-enabled-or-a-security-nightmare-find-out-more-later-this-month/ http://www.infosecurity-us.com/view/3619/google-patches-two-serious-flaws-in-chrome/ Google has patched two serious security holes in its Javascript and XML engines, according to a blog post on the Google Chrome website. Fri, 28 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3619/google-patches-two-serious-flaws-in-chrome/ http://www.infosecurity-us.com/view/3639/facebook-shuts-apps-privacy-loophole/ Facebook has amended its privacy practices and policies to give users more control over the information they keep on the social networking site, following a report from the Canadian Privacy Commissioner. Fri, 28 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3639/facebook-shuts-apps-privacy-loophole/ http://www.infosecurity-us.com/view/3641/us-civil-liberties-union-tells-uk-to-defend-mckinnon/ The American Civil Liberties Union has called on the UK foreign secretary to review the "lopsided" extradition treaty to prevent people like UFO hacker Gary McKinnon being "unfairly" removed from their home country to stand trial abroad. Fri, 28 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3641/us-civil-liberties-union-tells-uk-to-defend-mckinnon/ http://www.infosecurity-us.com/view/3552/phonefactor-allows-tradein-of-twofactor-security-tokens/ Two-factor security vendor PhoneFactor is taking its clue from the CARS Cash for Clunkers rebate announcing a Cash for Security Clunkers program where organisations can trade in their security tokens for a phone authentication platform. Tue, 25 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3552/phonefactor-allows-tradein-of-twofactor-security-tokens/ http://www.infosecurity-us.com/view/3511/weekly-brief-august-24-2009/ In this week’s information security news: Microsoft patch exploited by hackers; Office 2010 sandbox security welcomed by security industry; hackers get their revenge on police; and more… Mon, 24 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3511/weekly-brief-august-24-2009/ http://www.infosecurity-us.com/view/3516/data-breaches-who-has-been-named-and-shamed-in-the-last-year-find-out-more-on-24-september/ Infosecurity Magazine’s 2009 Virtual Conference on Information Security will look at recent data breaches in both public and private sectors in a session headed by Bloor Research, CheckPoint and the Open Security Foundation. Mon, 24 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3516/data-breaches-who-has-been-named-and-shamed-in-the-last-year-find-out-more-on-24-september/ http://www.infosecurity-us.com/view/3453/us-largest-card-incident-hacker-has-track-record-says-miami-herald/ As the fall-out in the Albert Gonzalez credit card hacking case - in which the card hacker was charged earlier this week with gaining unauthorized access to 130 million people's card details from major merchants - continues, the Miami Herald has published an interesting profile of the person that many are calling a super-hacker. Fri, 21 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3453/us-largest-card-incident-hacker-has-track-record-says-miami-herald/ http://www.infosecurity-us.com/view/3368/radisson-database-hacked/ Radisson Hotels & Resorts has announced that its computer systems have been accessed without authorisation between November 2008 and May 2009. Radisson is not saying, however, whether the unauthorised incursion was caused by hackers or an internal security issue, nor how many customers are affected by the incident. Thu, 20 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3368/radisson-database-hacked/ http://www.infosecurity-us.com/view/3356/us-man-charged-with-stealing-130-million-payment-card-details/ In what security experts are calling 'the largest ever identity theft case in modern history', a US man has been charged with stealing data relating to 130 million payment cards. Wed, 19 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3356/us-man-charged-with-stealing-130-million-payment-card-details/ http://www.infosecurity-us.com/view/3359/advance-internets-microsoft-deal-shows-local-ad-sales-freeforall/ Advance Internet, the division representing 36 newspaper websites owned by the Newhouse family, has entered into a ground-breaking deal with Microsoft. Wed, 19 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3359/advance-internets-microsoft-deal-shows-local-ad-sales-freeforall/ http://www.infosecurity-us.com/view/3296/delaware-man-fined-210-000-for-selling-pirate-software-online/ Whilst eBay and other major internet auction sites appear to have cleaned up their acts on the pirate software front, smaller sites are still letting some postings through. Tue, 18 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3296/delaware-man-fined-210-000-for-selling-pirate-software-online/ http://www.infosecurity-us.com/view/3194/ncsa-preps-for-national-cybersecurity-awareness-month/ The National Cyber Security Alliance (NCSA) - one of the primary promoters of National Cyber Security Awareness Month each October - has launched a website to encourage broad-based participation in education and awareness activities on cybersecurity this year. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3194/ncsa-preps-for-national-cybersecurity-awareness-month/ http://www.infosecurity-us.com/view/3197/campaign-monitor-hit-by-hacker-server-incursion/ Campaign Monitor, the Australia-based email marketing software developer, has warned users of compromise to its servers that took place over last weekend. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3197/campaign-monitor-hit-by-hacker-server-incursion/ http://www.infosecurity-us.com/view/3238/bigfix-podcasts-talk-about-security-compliance-issues-black-hat-and-defcon-/ If you want to hear an eclectic mix of views on recent events in the world of IT security, you could do worse that visit the Bigfix blog site, where Amrit Williams, the firm's chief technology officer, has been talking with industry luminary Ryan Russell in his latest podcast. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3238/bigfix-podcasts-talk-about-security-compliance-issues-black-hat-and-defcon-/ http://www.infosecurity-us.com/view/3240/webbased-malware-attacks-soaring-says-scansafe/ In its second quarterly report on IT security threats of 2008, software-as-a-service (SaaS) specialist ScanSafe reported that web-based malware had surged by over a third when compared to the first quarter of the year. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3240/webbased-malware-attacks-soaring-says-scansafe/ http://www.infosecurity-us.com/view/3277/weekly-brief-august-17-2009-/ In this week's information security briefs: Poor password management a rising problem; Gartner says that IT products and services are heading for regulation by 2015; how Google helped Twitter fend off its DDOS attacks, and more... Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3277/weekly-brief-august-17-2009-/ http://www.infosecurity-us.com/view/3283/voice-biometrics-the-challenges-and-opportunities-find-out-more-for-free-/ Infosecurity’s 2009 Virtual Conference on Information Security on 24 September includes a session on `Voice Biometrics - a new IT security technology entering the fast lane'. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3283/voice-biometrics-the-challenges-and-opportunities-find-out-more-for-free-/ http://www.infosecurity-us.com/view/3289/china-drops-internet-censorship-software-plan/ China has dropped controversial plans to force PC makers to install internet filtering software on all new computers. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3289/china-drops-internet-censorship-software-plan/ http://www.infosecurity-us.com/view/3180/mobile-laptop-usage-soaring-but-what-about-company-security/ The amusing tale of how New York coffee shops - apparently fed up with laptop users hogging their table space and using up electricity for hours on end - has a much darker message, according to Sean Glynn, Director at security vendor Credant Technologies. Wed, 12 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3180/mobile-laptop-usage-soaring-but-what-about-company-security/ http://www.infosecurity-us.com/view/3181/the-ipod-and-iphone-could-be-used-for-hacking/ Applications on the Apple iTunes website are arguably what makes the iPhone so popular in mobile phone circles, but a growing number of users are unlocking (jailbreaking) their iPhones, for the simple reason that it opens up the mobile to third-party applications. This means the iPod and iPhone could be used for hacking. Wed, 12 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3181/the-ipod-and-iphone-could-be-used-for-hacking/ http://www.infosecurity-us.com/view/3182/advice-for-safer-access-to-facebook-twitter-and-other-social-networking-sites/ As many readers of Infosecurity may have noticed, Web 2.0-driven social networking sites like Facebook and Twitter have become attractive targets for phishing and scamming attacks as online criminals follow the latest internet trends that are attracting the most users. Wed, 12 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3182/advice-for-safer-access-to-facebook-twitter-and-other-social-networking-sites/ http://www.infosecurity-us.com/view/3145/hold-software-providers-accountable-for-it-failures/ Regulation could protect businesses and governments from poor IT implementations that have cost billions of dollars. But at present, software is generally shipped with a disclaimer which states that the manufacturer does not guarantee it will work, unlike regulated industries such as pharmaceuticals where the supplier is held accountable for a failure in manufacturing. Tue, 11 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3145/hold-software-providers-accountable-for-it-failures/ http://www.infosecurity-us.com/view/3147/government-cybersecurity-guidelines-lacking-/ A new set of cybersecurity guidelines - released by NIST - the National Institute of Standards and Technology - leaves a lot to be desired when it comes to the protection needed for government agency computers, said the Cyber Secure Institute. Tue, 11 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3147/government-cybersecurity-guidelines-lacking-/ http://www.infosecurity-us.com/view/3127/koobface-social-networking-worm-gets-a-facelift/ Koobface, the first - and arguably the most successful of the social networking worms - is back, having been significantly tweaked by black hat hackers on the internet, reports Kaspersky Lab, the anti-malware and IT security vendor. Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3127/koobface-social-networking-worm-gets-a-facelift/ http://www.infosecurity-us.com/view/3129/twitter-facebook-still-suffering-from-internet-packet-delays/ The hacker attack on Twitter on Thursday afternoon UK time - which appears to have also spilled over to the Facebook social networking site - is now thought to have been the work of political activists who wanted to stop a pro-Georgian blogger - Cyxymu - from making his/her postings on the sites. Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3129/twitter-facebook-still-suffering-from-internet-packet-delays/ http://www.infosecurity-us.com/view/3131/weekly-brief-august-10-2009/ In this week's information security briefs: ISPs team up in bid to tackle botnet problem; Former superhacker Kevin Mitnick dumped by ISP; US cyber-security tsar steps down; US military worried over Twitter security and more... Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3131/weekly-brief-august-10-2009/ http://www.infosecurity-us.com/view/3142/whats-going-wrong-with-information-security-in-government-infosecuritys-virtual-conference/ Infosecurity is pleased to confirm further details of the 2009 Virtual Conference on Information Security, which takes place online on 24 September. Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3142/whats-going-wrong-with-information-security-in-government-infosecuritys-virtual-conference/ http://www.infosecurity-us.com/view/3093/us-phishing-attacks-soared-50-plus-during-july-/ Research just released by Symantec shows that phishing attacks rose 52% in July while spam - as a percentage of all email - stayed about the same compared as the previous month. Fri, 07 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3093/us-phishing-attacks-soared-50-plus-during-july-/ http://www.infosecurity-us.com/view/3069/symantec-teams-up-with-lifelock-to-expand-offline/ After 27 years in the online and IT world, Symantec is moving into the offline/off-computer world thanks to a partnership with LifeLock Inc., a proactive provider of identify theft protection. Thu, 06 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3069/symantec-teams-up-with-lifelock-to-expand-offline/ http://www.infosecurity-us.com/view/3071/managed-wireless-security-set-to-hit-1-billion-by-2014/ A study just released by ABI Research predicts a period of healthy growth for managed wireless security solutions, with growth averaging 27% a year for the period 2008 to 2014. Thu, 06 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3071/managed-wireless-security-set-to-hit-1-billion-by-2014/ http://www.infosecurity-us.com/view/3085/twitter-goes-down-under-a-sustained-ddos-attack/ At around 3:00 pm on Thursday afternoon, Twitter, the extraordinarily popular microblogging portal, fell silent, apparently the victim of a sustained distributed denial of service (DDOS) attack. Thu, 06 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3085/twitter-goes-down-under-a-sustained-ddos-attack/ http://www.infosecurity-us.com/view/3046/companies-invest-in-it-but-do-not-measure-it-value/ Despite 30% of IT security companies increasing their investments in IT this year, fewer than half have a shared understanding of IT value across the enterprise and two-thirds fail to fully measure it, according to ISACA. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3046/companies-invest-in-it-but-do-not-measure-it-value/ http://www.infosecurity-us.com/view/3050/watchguard-acquires-borderware-in-private-transaction/ Seattle-based WatchGuard Technologies - the unified threat management (USM) security vendor - has announced plans to buy privately-held BorderWare Technology, which employs around 90 staff, for an undisclosed sum. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3050/watchguard-acquires-borderware-in-private-transaction/ http://www.infosecurity-us.com/view/3052/mozilla-moves-swiftly-to-patch-ssl-loophole-in-firefox/ Programmers with the Mozilla Foundation have moved rapidly to patch one of the two SSL security flaws in web browsers, such as Firefox, identified by researchers at the Black Hat security briefings in Las Vegas late last week. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3052/mozilla-moves-swiftly-to-patch-ssl-loophole-in-firefox/ http://www.infosecurity-us.com/view/3053/twitter-quietly-checks-tweeted-urls-draws-criticism/ Twitter has quietly started checking URLs entered into tweets (user messages) on its microblogging service and immediately flown into a barrage of criticism about its checking methodology. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3053/twitter-quietly-checks-tweeted-urls-draws-criticism/ http://www.infosecurity-us.com/view/3028/arbor-networks-shows-how-iran-filters-and-blocks-internet-traffic/ Arbor Networks has published internet bandwidth usage figures from June and July that make fascinating reading if you ever wondered how less democratic governments such as Iran filters and blocks internet traffic for their citizens. Tue, 04 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3028/arbor-networks-shows-how-iran-filters-and-blocks-internet-traffic/ http://www.infosecurity-us.com/view/3030/defcon-researchers-warn-software-updates-can-be-hijacked/ Researchers with Radware were busy over the weekend showing a Defcon audience how a classic man-in-the-middle attack could be engineered when notebook computers attempt to seek out updates for their software across public access WiFi networks. Tue, 04 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3030/defcon-researchers-warn-software-updates-can-be-hijacked/ http://www.infosecurity-us.com/view/3031/zeus-botnet-traced-to-latvian-operation/ Researchers have been busy over the last few days tracing where the Zeus botnet is being controlled from, following investigations by the University of Alabama in the US, which tracked down the Zeus Bot virus to a raft of fake internet postcards circulating on the internet. Tue, 04 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3031/zeus-botnet-traced-to-latvian-operation/ http://www.infosecurity-us.com/view/2966/businesses-cough-up-6m-for-unlicensed-software/ Businesses across Europe, the Middle East and Africa have paid out £6 million this year to settle disputes with the Business Software Alliance. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2966/businesses-cough-up-6m-for-unlicensed-software/ http://www.infosecurity-us.com/view/2976/weekly-brief-august-3-2009/ In this week's information security briefs: AVG flags up iTunes as malware; hackers score $219 000 from city; Microsoft's sandboxing criticised, and more... Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2976/weekly-brief-august-3-2009/ http://www.infosecurity-us.com/view/2983/apple-moves-swiftly-to-fix-iphone-security-flaws/ A potentially serious iPhone security flaw identified by researchers at the Black Hat security briefings in Las Vegas last week has been quickly patched by Apple Computer. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2983/apple-moves-swiftly-to-fix-iphone-security-flaws/ http://www.infosecurity-us.com/view/2985/us-credit-reporting-system-flawed-claims-information-security-researcher/ Clever hackers are exploiting a number of loopholes in US credit reporting systems to substantially improve their credit rating and so gain access to zero percent loans and low-cost credit cards, an information security researcher said over the weekend. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2985/us-credit-reporting-system-flawed-claims-information-security-researcher/ http://www.infosecurity-us.com/view/2987/programme-available-for-the-virtual-conference-on-information-security-2009/ The programme for Infosecurity Magazine’s Virtual Conference on Information Security 2009 is now available with an exciting line-up of speakers from the IT security industry. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2987/programme-available-for-the-virtual-conference-on-information-security-2009/ http://www.infosecurity-us.com/view/2921/nasa-hacker-mckinnon-loses-extradition-appeal/ The UK hacker Gary McKinnon who became famous for hacking US military and NASA computers in 2001 and 2002 looking for evidence of UFOs, has lost his appeal against extradition to the USA. Fri, 31 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2921/nasa-hacker-mckinnon-loses-extradition-appeal/ http://www.infosecurity-us.com/view/2946/black-hat-san-francisco-meters-hacked-for-free-parking/ At the Black Hat security conference in Las Vegas, researchers have revealed how the security of San Francisco's plans to become a showcase for the US on computerised parking has been compromised. Fri, 31 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2946/black-hat-san-francisco-meters-hacked-for-free-parking/ http://www.infosecurity-us.com/view/2948/black-hat-researchers-reveal-more-flaws-in-secure-sockets-layer/ Researchers at the Black Hat security briefings in Las Vegas this week revealed a number of flaws that affect the secure sockets layer (SSL) system for secure internet web browsing. Fri, 31 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2948/black-hat-researchers-reveal-more-flaws-in-secure-sockets-layer/ http://www.infosecurity-us.com/view/2837/apple-claims-unlocking-iphones-could-knock-out-cell-sites/ Apple has reportedly caused a stir in copyright circles over claims that unlocking its iPhone handset from the partner network could cause the mobile to crash cellular base stations and even allow users to make free phone calls. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2837/apple-claims-unlocking-iphones-could-knock-out-cell-sites/ http://www.infosecurity-us.com/view/2864/black-hat-major-iphone-hack-to-be-revealed-today/ You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2864/black-hat-major-iphone-hack-to-be-revealed-today/ http://www.infosecurity-us.com/view/2867/black-hat-security-is-not-the-security-teams-problem-says-black-hat-keynote-speaker-douglas-merrill-/ This morning, 29th July 2009, at the Black Hat briefings in Las Vegas, Nevada, keynote speaker Douglas Merrill, told his audience that CISOs are getting information security wrong. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2867/black-hat-security-is-not-the-security-teams-problem-says-black-hat-keynote-speaker-douglas-merrill-/ http://www.infosecurity-us.com/view/2902/black-hat-information-security-trade-press-are-bound-to-google-/ At the BlackHat conference in Las Vegas, 29 July 2009, one conference session addressed the changing nature of the information security trade press. A panel of experienced journalists answered questions on the relationship between trade and mainstream media, the rise of Google news, and the financial challenges affecting the publishing industry. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2902/black-hat-information-security-trade-press-are-bound-to-google-/ http://www.infosecurity-us.com/view/2907/black-hat-legal-issues-come-free-with-cloud-computing/ The complications and concerns around cloud computing should not be underestimated, argued Alex Stamos, co-founder and partner of iSEC Partners, at the Black Hat conference in Las Vegas, 30 July 2009. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2907/black-hat-legal-issues-come-free-with-cloud-computing/ http://www.infosecurity-us.com/view/2908/black-hat-department-of-defense-call-for-three-cyberczars/ This morning, 30 July, at the Black Hat conference in Las Vegas, Robert Lentz, Senior Information Assurance Official for the Department of Defense, declared the need for two extra cyber-czar roles: one for identity, and one for information security training and education. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2908/black-hat-department-of-defense-call-for-three-cyberczars/ http://www.infosecurity-us.com/view/2829/ibm-acquires-ounce-labs-boosts-application-security/ IBM has acquired another IT security development firm - Ounce Labs - to add to its ITsec research and development efforts. Wed, 29 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2829/ibm-acquires-ounce-labs-boosts-application-security/ http://www.infosecurity-us.com/view/2831/symantec-develops-pooled-highend-cyberthreat-analysis-service/ Symantec has joined the growing ranks of IT security vendors that are offering their pooled information on the latest ITsec threats as a value-added outsourced option for major corporates. Wed, 29 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2831/symantec-develops-pooled-highend-cyberthreat-analysis-service/ http://www.infosecurity-us.com/view/2817/forensics-links-fake-online-postcards-to-zeus-bot/ The Computer forensics department at the University of Alabama has tracked down the Zeus Bot virus to a raft of fake internet postcards circulating on the Internet. Tue, 28 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2817/forensics-links-fake-online-postcards-to-zeus-bot/ http://www.infosecurity-us.com/view/2737/weekly-brief-july-27-2009/ Information security: Fox News, Eugene Kaspersky reveals all, Marshal8e6's new hosted email service and more... Mon, 27 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2737/weekly-brief-july-27-2009/ http://www.infosecurity-us.com/view/2782/cloud-security-examined-in-thursday-webinar-/ Cloud computing, along with the growing number of web 2.0-enabled sites and services many of us now access on a regular basis, is changing the face of IT security. Mon, 27 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2782/cloud-security-examined-in-thursday-webinar-/ http://www.infosecurity-us.com/view/2728/free-white-paper-and-webinar-explain-how-to-source-access-assurance-technology-on-a-tight-budget/ Access assurance is fast becoming a hot topic in regulatory and best practice circles, for the simple reason the technology that drives it can save a company a significant fine for failing to comply with the latest data protection. Sat, 25 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2728/free-white-paper-and-webinar-explain-how-to-source-access-assurance-technology-on-a-tight-budget/ http://www.infosecurity-us.com/view/2698/novell-to-hop-securely-into-the-cloud-next-week/ Novell is about to join the growing list of companies developing its security-enabled products for the cloud. Fri, 24 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2698/novell-to-hop-securely-into-the-cloud-next-week/ http://www.infosecurity-us.com/view/2702/vietnamese-cert-operation-in-trouble-for-tracking-hackers/ Reports on the Australasian newswires say that Vietnam Computer Emergency Response Team (CERT) has received an "official complaint" from its South Korean counterpart KrCERT, claiming the South Korean agency had never requested any help to investigate the attacks. Fri, 24 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2702/vietnamese-cert-operation-in-trouble-for-tracking-hackers/ http://www.infosecurity-us.com/view/2703/privacy-rankings-linkedin-and-bebo-high-facebook-and-myspace-average-badoo-low/ Cambridge academics have revealed that social networks that promote their security controls are likely to deter users from joining, and as a result privacy guidelines are inaccessible. Fri, 24 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2703/privacy-rankings-linkedin-and-bebo-high-facebook-and-myspace-average-badoo-low/ http://www.infosecurity-us.com/view/2666/isaca-leader-calls-for-fundamental-changes-to-it-security/ John Pironti, a senior member of ISACA, the not-for-profit IT security association with 86 000 members worldwide, has called for sweeping changes in the way enterprises across the US deal with information security. Thu, 23 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2666/isaca-leader-calls-for-fundamental-changes-to-it-security/ http://www.infosecurity-us.com/view/2667/tucows-review-shows-how-to-start-winxp-without-a-password/ If you ever wondered how to start Windows XP without a password and without going down to source code level, wonder no more, as Butterscotch's content producer Stacey Reed has posted an informative video tutorial showing how it's done. Thu, 23 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2667/tucows-review-shows-how-to-start-winxp-without-a-password/ http://www.infosecurity-us.com/view/2669/secure-cloud-login-technology-to-be-unveiled-next-week/ California's TriCipher has announced plans to unveil its myOneLogin authentication and identification technology on day three of the Cloud SSO event in San Diego on July 29th. Thu, 23 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2669/secure-cloud-login-technology-to-be-unveiled-next-week/ http://www.infosecurity-us.com/view/2643/fed-to-invest-55-billion-in-cybersecurity-over-next-six-years/ A report on US government cybersecurity pending predicts that the US government will spend around $55 billion on cybersecurity issues over the next six years. Wed, 22 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2643/fed-to-invest-55-billion-in-cybersecurity-over-next-six-years/ http://www.infosecurity-us.com/view/2622/smartphone-security-has-privacy-problems-/ WXPI, a Pittsburgh, Pennylvania-based TV station has quietly broken a story which could have profound repercusions on the security of so-called smartphones - mobile phones with computer-like qualities. Tue, 21 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2622/smartphone-security-has-privacy-problems-/ http://www.infosecurity-us.com/view/2603/weekly-brief-july-20-2009/ Information security: Microsoft, South Korea, China, Twitter, Facebook in the news... Mon, 20 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2603/weekly-brief-july-20-2009/ http://www.infosecurity-us.com/view/2604/botnets-arrive-on-mobile-phones-first-worm-has-been-spotted/ A mobile phone worm called Sexy Space has been spotted by Trend Micro and is the first, the IT security vendor says, to spread itself by spamming text (SMS) messages. Mon, 20 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2604/botnets-arrive-on-mobile-phones-first-worm-has-been-spotted/ http://www.infosecurity-us.com/view/2609/one-in-six-spam-emails-from-usa/ The USA continued to be the top email spam country in the second quarter of 2009 making up 15.6% of global spam traffic, according to a report on the latest trends in spam from IT security and data protection firm Sophos. Mon, 20 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2609/one-in-six-spam-emails-from-usa/ http://www.infosecurity-us.com/view/2568/new-trojan-malware-variants-evade-major-antivirus-engines-claims-commtouch-/ Based on an analysis of two billion emails and internet transactions processed by its OEM anti-spam and anti-malware customers every day, CommTouch says that millions of email-borne malware such as Trojans and viruses bypassed several major anti-virus engines during the second quarter of 2009. Fri, 17 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2568/new-trojan-malware-variants-evade-major-antivirus-engines-claims-commtouch-/ http://www.infosecurity-us.com/view/2550/cybercriminals-adopt-business-strategies/ Online criminals are using state of the art business strategies to commit cybercrimes, says network equipment maker Cisco. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2550/cybercriminals-adopt-business-strategies/ http://www.infosecurity-us.com/view/2551/businesses-face-deluge-of-patches-from-microsoft-and-oracle/ IT security administrators will have to deal with more than 10 security patches from Oracle and nine from Microsoft this week. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2551/businesses-face-deluge-of-patches-from-microsoft-and-oracle/ http://www.infosecurity-us.com/view/2554/twitter-company-files-leaked-in-cloud-computing-security-failure/ Twitter has once again been hit by a lapse of security, this time with a hacker posting a set of internal company documents from the Twitter site and service, lifted from the GoogleApps online data sharing and collaboration system. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2554/twitter-company-files-leaked-in-cloud-computing-security-failure/ http://www.infosecurity-us.com/view/2562/obama-administration-defends-bush-warrantless-wiretapping-program/ President Obama is maintaining the secrecy of a wiretapping program authorised by his predecessor, George W Bush, a Department of Justice lawyer told a San Francisco courtroom on Wednesday. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2562/obama-administration-defends-bush-warrantless-wiretapping-program/ http://www.infosecurity-us.com/view/2536/firefox-reputation-takes-a-battering-on-the-security-front/ The reputation of Mozilla's popular Firefox web browsing software - now into version 3.5 - took a battering this week as the Secunia security research advisory team revealed a flaw in the way the browser handles Javascript calls. Wed, 15 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2536/firefox-reputation-takes-a-battering-on-the-security-front/ http://www.infosecurity-us.com/view/2537/iphone-may-be-weak-link-in-company-information-security-defences/ Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources. Wed, 15 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2537/iphone-may-be-weak-link-in-company-information-security-defences/ http://www.infosecurity-us.com/view/2544/swine-flu-influx-of-roaming-and-home-workers/ With the growing threat of swine flu, more and more employees are working from home, says Californian online security provider ScanSafe. Wed, 15 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2544/swine-flu-influx-of-roaming-and-home-workers/ http://www.infosecurity-us.com/view/2531/microsoft-warns-ie-users-of-another-activex-vulnerability/ Microsoft is warning Internet Explorer users of attacks that attempt to exploit an ActiveX vulnerability affecting MS Office and ISA Server. Tue, 14 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2531/microsoft-warns-ie-users-of-another-activex-vulnerability/ http://www.infosecurity-us.com/view/2496/google-chrome-os-no-viruses-malware-or-security-updates/ As Google announced the future launch of its Google Chrome operating system (OS) based on an open source Linux kernel, it also claimed that “users don’t have to deal with viruses, malware and security updates. It should just work”, but is that possible? Mon, 13 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2496/google-chrome-os-no-viruses-malware-or-security-updates/ http://www.infosecurity-us.com/view/2505/575-variants-of-koobface-detected-during-june-says-kaspersky-lab/ Researchers with Russian IT security vendor Kaspersky Lab say they detected 575 new variants of the Koobface worm during June. Mon, 13 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2505/575-variants-of-koobface-detected-during-june-says-kaspersky-lab/ http://www.infosecurity-us.com/view/2507/more-weaknesses-in-ecommerce-and-sslvpn-connections-revealed/ A report just published by Ben Chai - a director with Incoming Thought Limited and editor of the SecurityVibes portal - claims to show that a security flaw in the secure sockets layer (SSL) internet protocol has been used by criminals to circumvent supposed secure e-commerce website. Mon, 13 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2507/more-weaknesses-in-ecommerce-and-sslvpn-connections-revealed/ http://www.infosecurity-us.com/view/2495/net-hacks-and-hoaxes-more-sophisticated-than-ever-says-network-box/ Network Box, the managed security internet service provider, has published a free guide explaining - in plain English - a guide to spotting common hoaxes, hacks and other internet horrors. Fri, 10 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2495/net-hacks-and-hoaxes-more-sophisticated-than-ever-says-network-box/ http://www.infosecurity-us.com/view/2484/south-korea-and-us-sites-under-internet-assault/ South Korea - which has the largest number of DSL broadband connections per head of population in the world - is under a sustained internet attack Thu, 09 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2484/south-korea-and-us-sites-under-internet-assault/ http://www.infosecurity-us.com/view/2466/social-security-numbers-guessable-say-academics/ Two researchers from Carnegie Mellon University claim that it is possible to predict a person's social security number by using statistical analysis, throwing the security of a key personal identifier into doubt. Wed, 08 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2466/social-security-numbers-guessable-say-academics/ http://www.infosecurity-us.com/view/2448/waledec-botnet-sweeps-web-in-july-4-campaign/ The team behind the Waledec botnet mounted a new malware campaign over the July 4 weekend that has infected thousands of PCs. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2448/waledec-botnet-sweeps-web-in-july-4-campaign/ http://www.infosecurity-us.com/view/2450/internet-luring-law-to-include-sending-of-sexually-explicit-messages-sexting/ The state of Colorado has updated a law designed to protect children on the internet from sending of sexually explicit messages, known as 'sexting', to include cell phones too. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2450/internet-luring-law-to-include-sending-of-sexually-explicit-messages-sexting/ http://www.infosecurity-us.com/view/2453/gartner-expects-it-spending-to-fall-6-in-2009/ Worlwide IT spending could fall 6% to US$3.2 trillion in 2009, according to Connecticut-based IT research and advisory company Gartner. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2453/gartner-expects-it-spending-to-fall-6-in-2009/ http://www.infosecurity-us.com/view/2456/online-game-eve-sees-virtual-ebank-robbed-by-ceo/ The CEO of a virtual gaming bank within the space trading game EVE Online, has run off with 200bn of virtual credits trading them in for real world cash of £3115 (US$5100) through the black market. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2456/online-game-eve-sees-virtual-ebank-robbed-by-ceo/ http://www.infosecurity-us.com/view/2438/quocirca-releases-encryption-value-analysis-report/ Quocirca, the business and IT research analysis company, has released a report looking at how encryption can add value to an organisation. Mon, 06 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2438/quocirca-releases-encryption-value-analysis-report/ http://www.infosecurity-us.com/view/2436/weekly-brief-july-6-2009/ Techniques, Tools, Concerns, Crimes, and Crashes Sun, 05 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2436/weekly-brief-july-6-2009/ http://www.infosecurity-us.com/view/2437/coldfusion-sites-under-attack/ An attack is sweeping sites using Adobe's ColdFusion scripting system, according to information received by the SANS Institute. Sun, 05 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2437/coldfusion-sites-under-attack/ http://www.infosecurity-us.com/view/2419/new-trojan-causes-problems-for-google-adsense-advertisers/ A nasty new trojan that triggers multiple click-throughs on Google AdSense - the pay-per-click sponsored web search service operated by Google - has been discovered by SecureWorks. Thu, 02 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2419/new-trojan-causes-problems-for-google-adsense-advertisers/ http://www.infosecurity-us.com/view/2359/phone-phreaker-sentenced/ An 18-year-old, legally blind hacker has been sentenced to 11 years in jail following a string of crimes revolving around phone phreaking. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2359/phone-phreaker-sentenced/ http://www.infosecurity-us.com/view/2360/jacksons-death-rocks-net/ Never one to miss a trick, the blackhat community capitalised on the death of Michael Jackson over the weekend by seeding the web with spam and malware designed to steal email addresses and join the troubled star's fans to botnets. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2360/jacksons-death-rocks-net/ http://www.infosecurity-us.com/view/2361/weekly-brief-june-30-2009/ Danny Bradbury explores some of the more interesting stories in the security field from the last week. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2361/weekly-brief-june-30-2009/ http://www.infosecurity-us.com/view/2362/java-delays-approval-of-oracles-sun-takeover/ The US Department of Justice (DoJ) wants more time to consider Oracle's $7.4bn Sun deal before giving its approval. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2362/java-delays-approval-of-oracles-sun-takeover/ http://www.infosecurity-us.com/view/2380/sanfords-mistress-my-hotmail-account-was-hacked/ The Argentinian woman at the centre of the Mark Sanford scandal has said that her Hotmail account was hacked. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2380/sanfords-mistress-my-hotmail-account-was-hacked/ http://www.infosecurity-us.com/view/2311/us-cyberwarfare-unit-now-official/ The Pentagon has officially ratified the US cyber warfare unit first rumoured in April. US defense secretary Robert Gates issued a memo this week creating the unit, which will be known as USCYBERCOMM. Thu, 25 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2311/us-cyberwarfare-unit-now-official/ http://www.infosecurity-us.com/view/2295/facebook-plugs-hole-in-profile-security/ Facebook has plugged a major security hole that researchers say enabled any member of the site to view other users' personal information. Wed, 24 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2295/facebook-plugs-hole-in-profile-security/ http://www.infosecurity-us.com/view/2289/atm-malware-likely-to-spread/ The malware that has been infecting automated teller machines in eastern Europe could be about to spread to other places in the world, according to the company that uncovered the fraud. Experts at SpiderLab, the research arm of security firm Trustwave, say that there is "increased activity" around this particular strain of malware in other parts of the world. Tue, 23 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2289/atm-malware-likely-to-spread/ http://www.infosecurity-us.com/view/2290/cisos-not-ready-to-deperimeterize-say-experts/ Chief information security officers are still ignoring the need for deperimeterization, according to a survey carried out by security firm Netwitness, and the MIS Training Institute. Tue, 23 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2290/cisos-not-ready-to-deperimeterize-say-experts/ http://www.infosecurity-us.com/view/2291/researchers-build-browserbased-darknet/ Researchers have developed technology that enables users to participate in an anonymous, private communication session using nothing but an HTML 5-compliant web browser. Tue, 23 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2291/researchers-build-browserbased-darknet/ http://www.infosecurity-us.com/view/2261/weekly-brief-june-22-2009/ Danny Bradbury documents Tools, Twitter, Law, Hacked, Patched, and the Totally Whacked this week. Mon, 22 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2261/weekly-brief-june-22-2009/ http://www.infosecurity-us.com/view/2240/brad-pitt-more-dangerous-than-hugh-jackman-mcafee-rates-risky-search-terms-online/ Searching for ‘Brad Pitt’ is riskier than searching for ‘Hugh Jackman’ according to a McAfee study on the most dangerous search terms online. Fri, 19 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2240/brad-pitt-more-dangerous-than-hugh-jackman-mcafee-rates-risky-search-terms-online/ http://www.infosecurity-us.com/view/2231/goldencashworld-botnet-malware-and-hacker-data-exchange-portal-revealed/ Security researchers with Finjan have uncovered a highly sophisticated online botnet, malware and hacker exchange network for buying and selling access to infected PCs. Wed, 17 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2231/goldencashworld-botnet-malware-and-hacker-data-exchange-portal-revealed/ http://www.infosecurity-us.com/view/2196/lawmakers-seek-to-revamp-real-id/ Lawmakers in the US have introduced a bill that they hope will fix what they see as flaws in the controversial 2005 REAL ID act. The new bill introduces checks and balances to protect consumer privacy, according to congressional leaders and privacy watchdogs. Tue, 16 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2196/lawmakers-seek-to-revamp-real-id/ http://www.infosecurity-us.com/view/2197/chinese-computer-protection-system-against-malware-insecure-say-researchers/ Researchers at the University of Michigan have criticized an alleged initiative by the Chinese government to protect the public's computers from malware, arguing that it creates significant vulnerabilities on users' machines. Tue, 16 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2197/chinese-computer-protection-system-against-malware-insecure-say-researchers/ http://www.infosecurity-us.com/view/2203/learn-about-resilience-and-optimization-on-ibm-power-systems/ Vision Solution’s explores the data protection, recovery and optimization technologies and strategies for running AIX and IBM i (i5/OS) environments in its white paper State of Resilience & Optimization on IBM Power Systems. Tue, 16 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2203/learn-about-resilience-and-optimization-on-ibm-power-systems/ http://www.infosecurity-us.com/view/2176/weekly-brief-june-15-2009/ Information Security - Tools, Law, Techniques, Attacks, and Defenses Mon, 15 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2176/weekly-brief-june-15-2009/ http://www.infosecurity-us.com/view/2182/pbx-hacking-moves-into-the-professional-domain-as-arrests-stack-up-/ PBX hacking - the act of cracking into a company PBX and selling long distance/international telephone time to third parties at a discount - is alive and well, despite several years of being out of the news. Mon, 15 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2182/pbx-hacking-moves-into-the-professional-domain-as-arrests-stack-up-/ http://www.infosecurity-us.com/view/2121/apple-releases-safari-40-to-counter-security-flaws/ Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit Wed, 10 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2121/apple-releases-safari-40-to-counter-security-flaws/ http://www.infosecurity-us.com/view/2123/majority-break-information-security-policies-survey/ The majority of employees admit to serious non-compliant workplace behaviour when it comes to information security, according to a study from the Ponemon Institute and sponsored by Californian secure flash drive provider IronKey. Wed, 10 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2123/majority-break-information-security-policies-survey/ http://www.infosecurity-us.com/view/2096/learn-about-pdf-security/ LockLizard explores the pitfalls of PDF security in its white paper 10 Things You Really Wished You Had Known About PDF Security. Tue, 09 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2096/learn-about-pdf-security/ http://www.infosecurity-us.com/view/2050/indian-authorities-taking-no-chances-with-cybercafe-users/ The anonymity of cybercafe users in India is being severely curtailed, in a bid to stamp out illegal, fraudulent and terrorist usage of this popular method of gaining internet access. Mon, 08 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2050/indian-authorities-taking-no-chances-with-cybercafe-users/ http://www.infosecurity-us.com/view/2052/weekly-brief-june-8-2009/ Information security: Privacy, enforcement, attacks, and defenses Mon, 08 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2052/weekly-brief-june-8-2009/ http://www.infosecurity-us.com/view/2030/infosecurity-experts-hard-to-get-despite-economic-downturn/ Hiring managers are struggling to fill infosecurity positions due to a mismatch between salary expectations and skill levels, and current demand, information security education and certification organisation (ISC)2 has found it its latest jobs survey. Fri, 05 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2030/infosecurity-experts-hard-to-get-despite-economic-downturn/ http://www.infosecurity-us.com/view/2017/isc2-offers-live-online-cissp-review-seminar/ Florida-based information security education and certification provider (ISC)2 has introduced Live OnLine Official (ISC)2 CISSP CBK Review Seminar, said to be the first online certified information systems security professional (CISSP) learning courses with live instructions. Thu, 04 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2017/isc2-offers-live-online-cissp-review-seminar/ http://www.infosecurity-us.com/view/2009/prepare-for-end-of-office-2000-security-updates/ Users of Office 2000 should start preparing for Microsoft’s withdrawal of its security update service for Office 2000 from 14 July this year, warns California-based security software provider Fortify Software. Wed, 03 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2009/prepare-for-end-of-office-2000-security-updates/ http://www.infosecurity-us.com/view/1964/obama-cyberczar-to-be-handpicked/ President Obama finally announced the results of Melissa Hathaway's 60-day cybersecurity review on Friday, and unveiled plans to hand pick a senior official responsible for cybersecurity policy. Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1964/obama-cyberczar-to-be-handpicked/ http://www.infosecurity-us.com/view/1972/boobytrapped-directx-files-now-being-used-by-hackers/ Microsoft has warned about hackers starting to use DirectX-enabled files to give them remote access to users' PCs across the internet. Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1972/boobytrapped-directx-files-now-being-used-by-hackers/ http://www.infosecurity-us.com/view/1984/weekly-brief-june-1-2009/ Information security: Tools, Techniques, Law, Attacks and Defenses Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1984/weekly-brief-june-1-2009/ http://www.infosecurity-us.com/view/1990/twitter-worm-steals-user-details/ A worm on Twitter is tricking users into giving up their user details at the same time as redirecting victims to a dating website where the aggregate number of views result in affiliate revenue. Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1990/twitter-worm-steals-user-details/ http://www.infosecurity-us.com/view/1938/kaspersky-researcher-criticizes-facebook-developer-policy-/ Malware attacks are becoming more targeted and more focused on social networks, according to a researcher at Kaspersky, who slammed Facebook for problems with its application certification process. Fri, 29 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1938/kaspersky-researcher-criticizes-facebook-developer-policy-/ http://www.infosecurity-us.com/view/1922/open-group-advises-on-risk-management-methods/ Independent consortium the Open Group is trying to resolve what it sees as confusion about risk management in the industry by publishing a guide to choosing a risk management methodology. Wed, 27 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1922/open-group-advises-on-risk-management-methods/ http://www.infosecurity-us.com/view/1880/weekly-brief-may-26-2009/ Information security attacks, defenses, vulnerabilities, and losses Tue, 26 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1880/weekly-brief-may-26-2009/ http://www.infosecurity-us.com/view/1856/antimalware-groups-align-themselves/ Anti-malware efforts took a significant step forward this week with the announcement of an initiative to try and bring legitimate software businesses together and lock out malware writers. Fri, 22 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1856/antimalware-groups-align-themselves/ http://www.infosecurity-us.com/view/1840/gao-slams-federal-agencies-for-poor-information-security/ The Government Accountability Office criticised Federal agencies this week for poorly implementing information security controls, arguing that most of them were deficient. Thu, 21 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1840/gao-slams-federal-agencies-for-poor-information-security/ http://www.infosecurity-us.com/view/1844/survey-shows-information-security-awareness-is-high-yet-compliance-is-low-/ SAI Global’s Benchmarking Survey 2008 finds that 95% of employees believe information security is important, but that there is a lack of knowledge and training surrounding how to identify and report incidents. Thu, 21 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1844/survey-shows-information-security-awareness-is-high-yet-compliance-is-low-/ http://www.infosecurity-us.com/view/1820/mcafee-acquires-solidcore-for-whitelisting-technology/ McAfee will acquire Solidcore Systems, a whitelisting specialist, in a US$33m deal which will allow McAfee to integrate Solidcore's technology into its blacklisting malware detection and prevention products, as well as to bolster its high-end corporate IT security offerings. Wed, 20 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1820/mcafee-acquires-solidcore-for-whitelisting-technology/ http://www.infosecurity-us.com/view/1833/gumblar-malware-attack-sweeps-web/ A modified attack that alters Google searches is taking the web by storm according to security researchers, who have identified more malware domains being used in the attack. Wed, 20 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1833/gumblar-malware-attack-sweeps-web/ http://www.infosecurity-us.com/view/1792/infosecurity-weekly-brief-may-18-2009/ Infections, Intrusions, Protections and Misdirections Mon, 18 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1792/infosecurity-weekly-brief-may-18-2009/ http://www.infosecurity-us.com/view/1788/unlimited-online-backup-from-fsecure/ An unlimited online backup solution, which works automatically in the background, has been launched by Finnish IT security service provider F-Secure. Fri, 15 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1788/unlimited-online-backup-from-fsecure/ http://www.infosecurity-us.com/view/1777/pentagon-security-cleared-worker-charged-with-cyber-espionage/ A US defense worker who had a Pentagon security clearance has been charged with providing classified information to Chinese officials. Thu, 14 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1777/pentagon-security-cleared-worker-charged-with-cyber-espionage/ http://www.infosecurity-us.com/view/1769/software-piracy-on-the-rise/ Worldwide software piracy is on the rise, according to a study by the Business Software Alliance and analyst firm IDC. Wed, 13 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1769/software-piracy-on-the-rise/ http://www.infosecurity-us.com/view/1767/forrester-questions-the-security-of-cloud-computing/ With the economic downturn, cloud computing is seen as a way to improve operational efficiency, reduce headcounts and help with the bottom line, but according to the report from Massachusetts-based Forrester Research on cloud computing, organisations should not jump on the ‘cloud wagon’ before considering security and privacy concerns. Tue, 12 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1767/forrester-questions-the-security-of-cloud-computing/ http://www.infosecurity-us.com/view/1768/estonia-now-firmly-on-the-fbi-cybercrime-map/ The importance of Estonia, one of the most Internet-connected and e-trading nations on earth, has ramped up a notch or two with the FBI, which has announced plans to station a cybercrime expert and his/her team in the country later this year. Tue, 12 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1768/estonia-now-firmly-on-the-fbi-cybercrime-map/ http://www.infosecurity-us.com/view/1746/governments-must-cooperate-on-cyber-security-report/ Governments around the world must work together to address the issue of cyber security, according to a report from Deloitte. Mon, 11 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1746/governments-must-cooperate-on-cyber-security-report/ http://www.infosecurity-us.com/view/1757/infosecurity-weekly-brief-may-12th-2009/ Danny Bradbury rounds up the most important news in the security space from the last week. Mon, 11 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1757/infosecurity-weekly-brief-may-12th-2009/ http://www.infosecurity-us.com/view/1731/heartland-takes-us126m-hit-for-breach/ Heartland Payment Systems has revealed that it lost US$12.6m as a result of its 2008 data breach, in the same week that it finally regained official Payment Card Industry Data Security standard (PCI DSS) compliance. Fri, 08 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1731/heartland-takes-us126m-hit-for-breach/ http://www.infosecurity-us.com/view/1738/bt-investigation-into-ebay-hard-drives-reveals-us-air-defence-launch-secrets-/ The latest annual BT investigation into the sale of second-hand hard drives on the internet has turned up trumps, with researchers buying a hard drive on the internet auction website eBay, containing the launch procedures for a US military air defence system. Fri, 08 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1738/bt-investigation-into-ebay-hard-drives-reveals-us-air-defence-launch-secrets-/ http://www.infosecurity-us.com/view/1739/web-20-sites-prime-hacker-target-says-report/ Web 2.0-driven websites are now a premier target for hackers, amounting to 21% of all reported hacking incidents, according to an IT security report from the Secure Enterprise 2.0 Forum. Fri, 08 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1739/web-20-sites-prime-hacker-target-says-report/ http://www.infosecurity-us.com/view/1724/fake-search-engines-used-to-divert-users-to-malware-infected-websites/ Hackers are starting to create fake search engine sites to divert hapless internet users to malware infected websites, says PandaLabs, the research operation of Panda Security. Thu, 07 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1724/fake-search-engines-used-to-divert-users-to-malware-infected-websites/ http://www.infosecurity-us.com/view/1703/google-chrome-trumps-browser-pack-in-update-test/ Users of Google's Chrome browser are the most likely to be running the latest version of the software compared to other browsers, according to a study released this week. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1703/google-chrome-trumps-browser-pack-in-update-test/ http://www.infosecurity-us.com/view/1711/parabons-grid-technology-simulates-ddos-site-attacks/ Parabon Computation has launched a new service that simulates a distributed denial of service (DDoS) attack on a company Web site. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1711/parabons-grid-technology-simulates-ddos-site-attacks/ http://www.infosecurity-us.com/view/1713/global-security-challenge-competition-open-for-entries/ The fourth annual Global Security Challenge Competition where security entrepreneurs compete for up to US$500 000 in cash grants, is open for entries until 15 June 2009. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1713/global-security-challenge-competition-open-for-entries/ http://www.infosecurity-us.com/view/1716/rsa-splunks-sales-benefit-from-economic-downturn-/ Splunk, the vendor who calls itself “the google for data centres” are seeing an increase in sales due to the high crime that comes hand in hand with an economic downturn. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1716/rsa-splunks-sales-benefit-from-economic-downturn-/ http://www.infosecurity-us.com/view/1691/palo-alto-networks-formally-launches-in-the-uk/ After several years of offering its products via a few specialist systems integrators in the UK, California's Palo Alto Networks has established a formal presence in the country. Tue, 05 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1691/palo-alto-networks-formally-launches-in-the-uk/ http://www.infosecurity-us.com/view/1698/conficker-and-facebook-twitter-attacks-dominate-q1-email-threats/ The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch. Tue, 05 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1698/conficker-and-facebook-twitter-attacks-dominate-q1-email-threats/ http://www.infosecurity-us.com/view/1679/infosecurity-europe-firms-get-access-to-military-grade-forensics/ It's not often that firms supplying specialist network forensics technology to US government agencies are allowed to supply their systems software to civilian companies, especially outside of the United States, but Utah-based Solera Networks has achieved this. Fri, 01 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1679/infosecurity-europe-firms-get-access-to-military-grade-forensics/ http://www.infosecurity-us.com/view/1670/fisma-inches-closer-to-reform/ Legislation has been introduced into the US Senate that would reform existing cybersecurity regulations, just as federal CISOs condemned existing rules as out of touch with current security concerns. Thu, 30 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1670/fisma-inches-closer-to-reform/ http://www.infosecurity-us.com/view/1596/adobe-reader-hit-by-more-zeroday-flaws/ Two more zero-day flaws have been found in Adobe Reader that could lead to users' machines being compromised. Wed, 29 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1596/adobe-reader-hit-by-more-zeroday-flaws/ http://www.infosecurity-us.com/view/1557/pentagon-readies-cyber-warfare-unit/ The Obama administration is setting up a new unit inside the Pentagon that will be responsible for offensive cyber warfare, according to reports in the Wall Street Journal - and the unit will be headed by the current director of the National Security Agency. Tue, 28 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1557/pentagon-readies-cyber-warfare-unit/ http://www.infosecurity-us.com/view/1593/infosecurity-europe-president-obamas-blackberry-revealed/ The guys on the Blackberry stand at the Infosecurity Europe show weren't willing to talk specifically about it, but it looks like the White House has taken delivery of a custom Blackberry smartphone for President Obama. Tue, 28 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1593/infosecurity-europe-president-obamas-blackberry-revealed/ http://www.infosecurity-us.com/view/1491/infosecurity-weekly-brief-april-27/ Last week, Infosecurity Magazine was at the RSA show in San Francisco. A variety of vendors launched new products. Mon, 27 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1491/infosecurity-weekly-brief-april-27/ http://www.infosecurity-us.com/view/1541/rsa-recession-will-hit-small-information-security-companies-hard-say-experts-/ Despite the need for security being exaggerated in an economic downturn, smaller IT security companies will suffer, says Dave Hansen, Corporate SVP &GM Security Business Unit at CA, speaking to Infosecurity at the RSA conference in San Francisco. Mon, 27 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1541/rsa-recession-will-hit-small-information-security-companies-hard-say-experts-/ http://www.infosecurity-us.com/view/1422/rsa-lumension-and-microsoft-ink-whitelisting-deal/ Endpoint security company Lumension teamed up with Microsoft at the RSA show to launch a software whitelisting service. The move, which sees the companies sharing information about legitimate software applications, lends increasing credence to the idea that blacklisting malicious software by signature is becoming less tenable as the number of malware variants increases. Wed, 22 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1422/rsa-lumension-and-microsoft-ink-whitelisting-deal/ http://www.infosecurity-us.com/view/1424/finjan-uncovers-one-of-worlds-largest-botnets/ Finjan has uncovered what appears to be one of the largest bot networks controlled by a single cybercrime gang, with 1.9 million infected zombie computers forming the swarm. Wed, 22 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1424/finjan-uncovers-one-of-worlds-largest-botnets/ http://www.infosecurity-us.com/view/1436/rsa-symantec-ceo-enrique-salem-calls-for-automated-information-security-/ In his keynote at RSA in San Francisco, Symantec CEO Enrique Salem called for a significant shift in the way vendors and end-users approach information security. Change, said Salem, is needed to fight the current targeted threat landscape. Wed, 22 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1436/rsa-symantec-ceo-enrique-salem-calls-for-automated-information-security-/ http://www.infosecurity-us.com/view/1421/rsa-nsa-director-lieutenant-general-alexander-asks-rsa-conference-to-work-with-nsa-to-secure-nation-/ Director of NSA, Lieutenant General Keith B Alexander, congratulated the information security industry on its excellent work in his keynote address to RSA conference attendees in San Francisco on 21 April 2009. Tue, 21 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1421/rsa-nsa-director-lieutenant-general-alexander-asks-rsa-conference-to-work-with-nsa-to-secure-nation-/ http://www.infosecurity-us.com/view/1383/infosecurity-weekly-brief-april-20-2009/ Government, Twitter, Tools and the law. Mon, 20 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1383/infosecurity-weekly-brief-april-20-2009/ http://www.infosecurity-us.com/view/1403/email-authentication-needs-to-be-taken-seriously-ota/ Research from the Online Trust Alliance (OTA) claims to show that companies need to take email authentication a lot more seriously than they presently do, as well as implement the technology on much more widespread basis. Mon, 20 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1403/email-authentication-needs-to-be-taken-seriously-ota/ http://www.infosecurity-us.com/view/1331/skype-not-as-secure-as-you-might-think/ Although VOIP afficionadoes are wont to promote the encrypted nature of Skype Internet telephony calls, it's now becoming accepted that the use of a compressed data mode within Skype opens the gates to pattern recognition and slow, but steady, text-based decoding of the voice transmissions as a result. Wed, 15 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1331/skype-not-as-secure-as-you-might-think/ http://www.infosecurity-us.com/view/1334/symantec-report-observes-surge-in-malicious-code-for-2008/ Security provider, Symantec, found that malicious code activity continued to grow at a record pace throughout 2008, with the most prominent target being confidential information, according to the Symantec Internet Security Threat Report Volume XIV. Wed, 15 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1334/symantec-report-observes-surge-in-malicious-code-for-2008/ http://www.infosecurity-us.com/view/1295/infosecurity-weekly-brief-april-13-2009/ Powerpoint, Porn and Twitter Tue, 14 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1295/infosecurity-weekly-brief-april-13-2009/ http://www.infosecurity-us.com/view/1178/mccartney-site-serves-up-zeus-malware/ Paul McCartney's site was serving up the Zeus trojan for three days, according to UK security firm ScanSafe. The attack, in which paulmccartney.com was compromised with malicious Javascript, appears to have been tailored to coincide with interest in his New York reunion concert last weekend. Wed, 08 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1178/mccartney-site-serves-up-zeus-malware/ http://www.infosecurity-us.com/view/1251/infosecurity-gets-twittered-up/ Infosecurity magazine are now on Twitter. Please ‘follow’ us to receive our latest news, views and industry comments. Wed, 08 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1251/infosecurity-gets-twittered-up/ http://www.infosecurity-us.com/view/1008/infosecurity-the-week-in-brief/ Ghost in the machine The Information Warfare Monitor published a report on GhostNet, a cyber-espionage network that it discovered after conducting a security audit for the Dalai Lama's Tibetan Government in Exile. Almost 1300 machines were discovered in a micro-botnet controlled from servers mainly in Chinese IP blocks. The 30% of machines that it identified were of high importance to Chinese interests, it found. The Dalai Lama has condemned the whole affair, and the Chinese government is denying everything. Mon, 06 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1008/infosecurity-the-week-in-brief/ http://www.infosecurity-us.com/view/1047/sql-injection-attack-leads-to-command-execution/ SQL injection will take a new turn later this month at Black Hat Europe, when a security researcher shows how to take control of a database server using the technique. Fri, 03 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1047/sql-injection-attack-leads-to-command-execution/ http://www.infosecurity-us.com/view/1016/us-cybercrimes-soar-by-33-in-2008/ Cybercrimes in the United States hit record numbers last year, according to a report from the Internet Crime Complaint Centre (IC3), a partnership between the FBI and the National White Collar Crime Centre. Thu, 02 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1016/us-cybercrimes-soar-by-33-in-2008/ http://www.infosecurity-us.com/view/1267/week-in-brief-30032009/ Conflicker, Congress and Pink Floyd Mon, 30 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1267/week-in-brief-30032009/ http://www.infosecurity-us.com/view/1266/another-firefox-flaw-emerges/ Mozilla's Firefox browser has been hit by a zero-day bug that could enable attackers to execute arbitrary code. The bug, issued by security researcher Guido Landi, can corrupt the browser's memory using a maliciously-crafted file. Fri, 27 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1266/another-firefox-flaw-emerges/ http://www.infosecurity-us.com/view/1265/mac-os-x-attacked/ Anti-virus firm Sophos has identified a new infection vector for RSPlug, a Trojan horse targeting OS X. Graham Cluley, senior technology consultant for the company, has demonstrated an attack in which the malware is downloaded as part of a malicious high definition media player application. Thu, 26 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1265/mac-os-x-attacked/ http://www.infosecurity-us.com/view/1264/researcher-to-blow-lid-off-secure-retail-networks/ Next month, a security researcher will unveil a hack that he says could provide backdoor access into thousands of US networks. Rob Havelt, practice manager for the Spider Labs penetration testing laboratory within security firm Trustwave, will demonstrate how to hack into the frequency hopping spread spectrum (FHSS) networks that underpin everything from barcode scanning systems in retail through to some mobile IP phones. Wed, 25 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1264/researcher-to-blow-lid-off-secure-retail-networks/ http://www.infosecurity-us.com/view/812/infosecurity-the-week-in-brief-/ Bugs, browsers, bureaucracy, backtracks and busts. Mon, 23 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/812/infosecurity-the-week-in-brief-/ http://www.infosecurity-us.com/view/761/grey-goose-2-ties-kremlin-more-closely-to-georgia-cyberattacks/ The follow-up to the Grey Goose cyberwar document has more closely linked Russia to the cyberwar against Georgia. The Kremlin's FSB tried to cloak its operations by mimicking the activities of loosely-connected criminal group the Russian Business Network, claims the explosive report, released today. Fri, 20 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/761/grey-goose-2-ties-kremlin-more-closely-to-georgia-cyberattacks/ http://www.infosecurity-us.com/view/781/worm-attacks-windows-rpc-flaw/ More worm activity has been spotted targeting a recently discovered Windows flaw. Fri, 20 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/781/worm-attacks-windows-rpc-flaw/ http://www.infosecurity-us.com/view/742/microsoft-to-launch-exploitability-analysis-tool/ Microsoft will announce an open source tool on Friday designed to help programmers filter out serious security flaws in their programs before they ship. Members of the company's Trustworthy Computing team, speaking at Vancouver-based security conference CanSecWest, will unveil !exploitable, a software tool that analyses crash data from programs and prioritizes key security flaws. Thu, 19 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/742/microsoft-to-launch-exploitability-analysis-tool/ http://www.infosecurity-us.com/view/710/indorse-launches-rights-management-system/ InDorse Technologies has launched a rights management system designed to discover and semi-automatically tag data with usage policies. Wed, 18 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/710/indorse-launches-rights-management-system/ http://www.infosecurity-us.com/view/685/antiphishing-group-in-infosharing-move/ The Anti-Phishing Working Group (APWG) is preparing a common cyber-crime reporting system that will include a hosted database and a universal crime reporting format. The non-profit group is hoping to make it easier for private and public sector groups to work together on tracking online criminals. Mon, 16 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/685/antiphishing-group-in-infosharing-move/ http://www.infosecurity-us.com/view/687/infosecurity-weekly-brief-march-16-2009/ Palin, patches and Mac hack. This week in brief. Mon, 16 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/687/infosecurity-weekly-brief-march-16-2009/ http://www.infosecurity-us.com/view/646/expert-calls-for-cyberspace-monroe-doctrine/ A mixture of private sector and congressional witnesses slammed the US for a lack of cohesion in its cyber security stance this week, calling for better leadership in the defense of the country's "cyber turf". Thu, 12 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/646/expert-calls-for-cyberspace-monroe-doctrine/ http://www.infosecurity-us.com/view/626/microsoft-preps-global-anticyber-crime-push/ Microsoft has teamed up with academia and law enforcers to create an initiative that it hopes will formalize cyber security training worldwide. Wed, 11 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/626/microsoft-preps-global-anticyber-crime-push/ http://www.infosecurity-us.com/view/557/the-week-in-brief/ Cyber intelligence There were big shakeups afoot in the US cyberintelligence community. Rod Beckström, last year's controversial pick for head of the secretive National Cybersecurity Center, resigned amid stormy allegations of bureacratic roadblocks. Mon, 09 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/557/the-week-in-brief/ http://www.infosecurity-us.com/view/556/mahalo-employee-nailed-for-botnet-crime/ An employee of the human-powered search engine Mahalo[http://www.mahalo.com/] was sentenced to four years in prison this week for operating a botnet. Fri, 06 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/556/mahalo-employee-nailed-for-botnet-crime/ http://www.infosecurity-us.com/view/549/conficker-concern-continues/ Conficker continued to garner attention from security vendors this month as it spread across the internet. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/549/conficker-concern-continues/ http://www.infosecurity-us.com/view/550/heartland-breach-generates-storm-of-lawsuits/ Embarrassment over the massive data breach suffered by Heartland Payment Systems has turned out to be only the start of the firm's problems. The company, which announced the potential compromise of an as-yet undisclosed number of card records, is now on the receiving end of lawsuits from at least eight banks and credit unions. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/550/heartland-breach-generates-storm-of-lawsuits/ http://www.infosecurity-us.com/view/551/phishing-sites-hacked-into-via-google/ Phishing sites are mainly legitimate web sites that are being hacked via 'evil' web searches, reveals a report by a trans-Atlantic team of researchers. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/551/phishing-sites-hacked-into-via-google/ http://www.infosecurity-us.com/view/553/ponemon-cost-of-breaches-rising/ The Ponemon Institute has published its annual survey analyzing the cost of data breaches, and has found them rising. Its report, 2008 Annual Study: The Cost of a Data Breach, analyzed input from 43 US firms and found that the cost of the average breach was up 2.5% from last year. It had risen even more sharply since 2006, climbing 11%. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/553/ponemon-cost-of-breaches-rising/ http://www.infosecurity-us.com/view/555/nypd-victim-of-data-theft-/ The New York Police Department's Pension Fund has admitted that the personal records of up to 80,000 police officers may have been compromised, following the theft of unencrypted data tapes from a disaster recovery facility. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/555/nypd-victim-of-data-theft-/ http://www.infosecurity-us.com/view/548/damballa-updates-botnet-detection-/ Damballa has updated its botnet detection product with a host of new features, while slamming other anti-virus vendors for failing to spot large percentages of malware. Tue, 03 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/548/damballa-updates-botnet-detection-/ http://www.infosecurity-us.com/view/547/infosecurity-the-week-in-brief/ Arrests A Chinese official has reportedly been arrested for taking backhanders to help one local anti-virus company disrupt the business of another. Yu Bing, director of the internet monitoring department of Beijing’s Public Security Bureau, allegedly took 4.5m Yuan ($657,000) to frame executives at antivirus company Micropoint and stop its products reaching the market. The money was said to have come from antivirus firm Rising, according to reports. Mon, 02 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/547/infosecurity-the-week-in-brief/ http://www.infosecurity-us.com/view/542/update-dpp-has-insufficient-evidence-to-prosecute-mckinnon-in-uk/ Karen Todner, solicitor for NASA hacker Gary McKinnon has issued a statement disclosing that the Office of the Director of Public Prosecutions (DPP) “do not consider that they have sufficient evidence before them to prosecute Mr McKinnon in the United Kingdom.” Fri, 27 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/542/update-dpp-has-insufficient-evidence-to-prosecute-mckinnon-in-uk/ http://www.infosecurity-us.com/view/544/cansecwests-pwn2own-cracking-contest-goes-twintrack/ The three-day Pwn2Own cracking contest - which kicks off on March 18 at the CanSecWest security conference in Vancouver - is always a popular headliner, mainly because of its healthy reward for great system and software hacks. Fri, 27 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/544/cansecwests-pwn2own-cracking-contest-goes-twintrack/ http://www.infosecurity-us.com/view/546/id-theft-tops-consumer-complaint-list/ Identity theft continues to be the top consumer complaint in the US, according to the Federal Trade Commission. Fri, 27 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/546/id-theft-tops-consumer-complaint-list/ http://www.infosecurity-us.com/view/539/microsoft-admits-excel-zeroday-flaw/ Microsoft has warned customers about a zero-day flaw in Excel that could allow for remote code execution if specially-crafted files are opened in the spreadsheet program. Thu, 26 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/539/microsoft-admits-excel-zeroday-flaw/ http://www.infosecurity-us.com/view/538/infosecurity-the-week-in-brief/ Black Hat DC This week, Black Hat DC was on in Arlington, VA. Moxie Marlinspike announced a new attack against SSL that forces HTTPS traffic into HTTP to allow a man in the middle attack. Dan Kaminsky, who discovered the infamous DNS flaw last year and criticized SSL at the the time, reacts here. He also resolved at the conference to take two months off work to promote the adoption of DNSSEC - a more secure DNS standard that has not been widely implemented. Mon, 23 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/538/infosecurity-the-week-in-brief/ http://www.infosecurity-us.com/view/536/facebook-moves-to-save-face-on-tcs/ Social networking giant Facebook has back-tracked on a controversial decision to retain users' information, even when they close their accounts. Fri, 20 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/536/facebook-moves-to-save-face-on-tcs/ http://www.infosecurity-us.com/view/535/microsoft-conficker/ Microsoft's Conficker Cabal has been steadily registering domain names targeted by the Downadup/Conficker worm in a bid to choke off its update mechanism. Wed, 18 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/535/microsoft-conficker/ http://www.infosecurity-us.com/view/533/arrests-made-in-heartland-breach/ Timothy J. Johns, Jeremy A. Frazier and Tony Acreus, all in their early twenties, were arrested while using stolen credit card numbers to make purchases in Leon County, Tallahassee. Tue, 17 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/533/arrests-made-in-heartland-breach/