Yet, despite their horrible track record, Oracle continues to tell users that it “provides safe and secure access to the word of amazing Java content.”

Software security has few absolutes – and Java is a living (or perhaps dying) example of how poorly a lot of software is designed.  It’s time for Oracle to wake up and smells the java coffee.

Related Posts:

• Taking Stock of Rustock
• Spam Volumes Dip After Spamit.com Closure
• Harvesting Data on the Xarvester Botmaster
• Feds Convict Stock Scammers, Overlook Spammers
• Top Spam Botnet, “Grum,” Unplugged

Think tank presses Blue Coat over censorship concerns
A Canadian think tank called on Tuesday for continued scrutiny of U.S. security vendor Blue Coat Systems after a new technical analysis showed wide use of its products in countries with human rights and censorship concerns.

Congresswoman proposes computer fraud law amendment to honor Aaron Swartz
A draft bill to exclude terms of service violations from the Computer Fraud and Abuse Act is to be introduced in the U.S. House of Representatives.

Security audit finds dev OUTSOURCED his JOB to China
Cunning scheme netted him ‘best in company’ awards: A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet.

Malware infects US power facilities through USB drives
Two U.S. power companies reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

6Scan launches free website vulnerability and malware scanning service
6Scan, a Web security startup based in Tel Aviv, Israel, launched a new service on Tuesday that can scan websites for security issues, like vulnerabilities and malware infections, and allows their owners to automatically fix the identified problems.

Latest Java patch is not enough, warns US gov: Axe plugins NOW
Metasploit boss says Oracle needs TWO years to make everything good: Security experts advise users to not run Java in their web browsers despite a patch from Oracle that mitigates a widely exploited security vulnerability.

Java exploit used in Red October cyberespionage attacks, researchers say
The hundreds of government, military and research organizations targeted in a large-scale cyberespionage operation dubbed Red October were not only attacked using malicious Excel and Word documents, but also with Web-based Java exploits, according to Seculert researchers.

Wombat Unveils Social Engineering Security Training Module
The training explains the psychology behind social attacks and gives practical tips for recognizing and avoiding them.

Company bosses slacking on hacking
Company bosses across the UK have a complacent attitude toward cybercrime and are inviting criminal attacks due to their sloppy approach to internet security, reveals new research from Swivel Secure. …

South Korea accuses North Korea of launching cyberattack against conservative Seoul newspaper
SEOUL, South Korea – South Korea says North Korea was behind a cyberattack against a conservative Seoul newspaper critical of Pyongyang.

Sandy Hook Truthers claim Newtown school massacre a hoax to spur gun control measures
Their theories appear to lack any basis in fact or common sense. But the movement is gaining momentum with both a college professor and a Fox News anchor questioning the official narrative

Quebec to legalize assisted suicide; Death a medical issue, health minister says
A panel has recommended the provincial government allow what it calls medical assistance to die in cases where a patient is close to death and unable to endure the pain

AMD accuses former top employees of stealing over 100,000 documents
Chip maker says the defendants gave trade secrets to their new employer, NVIDIA.

Probe into privacy breach of thousands to take months RANDY RICHMOND, QMI Agency
An investigation into the loss of sensitive medical and employment information of about 5,000 Canadians is likely months from completion.

A great movie script: Quebec man accused of heading $1B marijuana smuggling operation
Jimmy Cournoyer lived a playboy lifestyle with a professional model girlfriend, an elite $2-million sports car and lavish parties until it came to an end when he was arrested in Mexico

Facebooks friends-based foray into search puts user data to work
On Tuesday, the worlds largest social network unveiled a new tool dubbed Graph Search, which enables Facebook users to quickly search their friends interests, locations and photos

Majority of Canadians concerned about financial accountability on First Nations reserves: poll
More than four out of five Canadians say they dont want more money sent to aboriginal reserves unless proper, independent audits are conducted to ensure financial accountability

Class action lawsuit launched against government over missing student loan info
A Newfoundland lawyer will file a class-action lawsuit Wednesday in court against the Federal department that lost the personal information of 583,000 student loan borrowers.

Virut malware fuels Waledac botnet resurgence
This may not be the first time Virut has been used to spread the Waledac worm, whose goal is to earn money for its purveyors through rogue ad networks, online pharmacies, or outright fraud.

Online Privacy Is a Serious Matter, So Why Do Few People Care?
Facebook, Google and other collect and use consumer information in ways few people understand. It’s time to stop being so naive, say analysts.

Two US power plants infected with malware spread via USB drive
Investigators find no up-to-date antivirus, system backups for control systems.

Commtouch’s New Mobile Security For Android Combats Fast-Growing Number Of Mobile Threats
Solution offers cloud-assisted antivirus and Web security services

Feds lose student loan data for 583,000 people QMI Agency
The federal government has lost a USB stick containing the personal information of more than half a million student loan borrowers.

Texas congressman threatens impeachment as Barack Obama considers taking executive action on gun control
Facing powerful opposition to sweeping gun regulations, President Barack Obama is weighing 19 steps that could be taken through executive action alone, congressional officials said.

“Red October” spy campaign uncovered, rivals Flame virus
Researchers at Kaspersky believe the Red October campaign, which is spreading a data-sucking trojan known as Rocra, dates back at least five years, and is still ongoing.

Automated YouTube account generator offered to cyber crooks
You’re a spammer / malware peddler / phisher, and want to register hundreds of bogus accounts on a popular online service such as YouTube in order to lead users to your wares. But, you don’t want to c…

Wombat unveils social engineering security training module
Wombat released its social engineering training module to defend against social engineering threats, including spear phishing and social media-based attacks. Commonly defined as the art of exploiti…

Waledac botmasters use Virut malware to build a new botnet
Despite having been swooped down on by security companies and law enforcement a couple of times, the botmasters of the Waledac (Kelihos) botnet refuse to give up and are using new variants to set up n…

Quebec and Ontario top Canadas health care rankings while Newfoundland lags behind
The ranking compares the availability and quality of health services with their costs, and finds that spending more does not necessarily mean a better system

HHS settles first small data breach case at medical practice
The agreement underscores the importance of mobile device security and routine risk assessments.

So what’s my take on it?

First of all, there are three reasons that DHS may have made such a strong recommendation:

1. Their intelligence may indicate that the vulnerability is (or has the potential to be) exploited so frequently that it is a legitimate national security concern;
2. They may be over-reacting; or,
3. They may be frustrated with Oracle and applying pressure to fix Java.

While I don’t know what intelligence they have, I’d bet on a combination of 1 and 3.

For an exploitation to occur, a user has to visit a web site containing the malware. Those at highest risk are those who visit marginal web sites looking for porn, music, movies, and other material to download. However, malware may be left on compromised web sites and users directed to malware-laden sites through phishing-like emails. To some degree, we are all at risk.

So the question users face: To Java or not to Java?

At the risk of stating the obvious,  if you don’t really need Java uninstall it completely from your computer. Java has a poor security record. There is simply no point to having it installed if you don’t need it. If you’re unsure whether you need Java on your personal computer, uninstall it anyway. It’s easy to re-install the latest version if it turns out you really need it.

If you have a genuine need for Java applications installed on your PC, disable the java plug-in in your browser. Instructions to disable it in all browsers or selectively are here.

If you must use a web site that uses Java, the two browser approach is likely your best bet. Note that there is no way to selectively disable Java in Microsoft Internet Explorer (one of many reasons that IE should not be your routine use web browser), so your best bet is to install Google Chrome and disable the java plug in. (For a shortcut, type “chrome://plugins/” into the URL box.)

On the topic of Chrome, if you prefer a more secure browser environment in general, try turning on Chrome’s “click to play” option for plug-ins. Instead of plug-ins running automatically, you’ll have to click on them to load. Some users  might find it annoying, but it will stop web sites from automatically launching plug-ins, including Java.  You can find the option at “chrome://chrome/settings/content”:

*** UPDATED 2013-01-14 ***

Oracle has released an out-of-cycle update to Java to address this issue.  Windows users who wish the patch ASAP should go to Control Panel -> Java, select the Update tab, and click on “Update Now”.

1. Attackers Target Internet Explorer Zero-Day Flaw
   Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground.
2. Happy 3rd Birthday KrebsOnSecurity.com!
   It’s difficult to believe I’ve been doing this solo thing for so long, but as a thoughtful reader just reminded me, Dec. 29 marks the third anniversary of the KrebsOnSecurity.com blog! This past year, KrebsOnSecurity featured nearly 200 blog posts, entries that have generated some 5,700 reader comments. Reader feedback and comments add tremendous value [...]
3. Microsoft confirms zero-day bug in IE6, IE7 and IE8
   Microsoft on Saturday confirmed that Internet Explorer (IE) 6, 7 and 8 contain an unpatched bug — or “zero-day” vulnerability — that is being used by attackers to hijack victims’ Windows computers.
4. Why Social networks should be more like Facebook Poke
   When it comes to Facebook users and their messages, almost nobody knows who can see or share their posts on social networks. And that’s a problem that must be fixed, says Mike Elgan.
5. NYC mayor pins crime rate spike on iPhone, iPad theft
   If it weren’t for Apple kit, crime would be down: Major crime is on the rise in New York City, and Mayor Michael Bloomberg says the increase is due entirely to thefts of Apple’s iPhone and iPad devices, which he says are inordinately attractive to thieves.
6. Researchers find malware targeting Java HTTP servers
   Security researchers from antivirus vendor Trend Micro have uncovered a piece of backdoor-type malware that infects Java-based HTTP servers and allows attackers to execute malicious commands on the underlying systems.
7. Vancouver-bound tour bus crashes in Oregon, killing nine people and injuring at least 20 others
8. The threat landscape continues to expand rapidly
9. Crowd-sourcing site shuts down B.C. writers fundraiser for Syrian relatives trapped in war-torn Aleppo
10. Database hacking: The year that was
11. Microsoft says IE 6, 7, and 8 vulnerable to remote code execution
12. Hacker at Public Works went unnoticed for days, documents show
13. Concern mounts among those affected by federal government privacy breach
14. Cyber crooks shifting to smartphones
15. Most everything went wrong: Three years after an earthquake devastated Haiti, the reconstruction has barely begun
16. Higgs boson discovery may signal the worlds last physics experiment as scientists struggle to come up with next big question
17. Personal info for thousands lost by federal government
18. PandaLabs Reveals Most Unique Viruses Of 2012 In Its Annual Virus Yearbook
19. Personal information data of thousands of Canadians lost by federal government
20. You have a job to do and you do it: The rewarding and horrifying job of fighting child porn in Canada
21. DDoS Attacks on Major Banks Causing Problems for Customers
22. Mobile threats predicted top concern for 2013
23. North Korea is ready to conduct a third nuclear test, satellite photos show
24. Senate Approves Warrantless Electronic Spy Powers
25. Malware that steals from point-of-sale systems detected
26. Cybersecurity — A Vital New Year’s Resolution For Business And Consumers
27. Looking back: the five most important security stories of 2012
28. Victim of hours-long gang rape fighting for her life in hospital as teen in second attack commits suicide

1. Drones, phones and other 2012 privacy threats
   Verizon’s attempt to secure a patent for a so-called ‘snooping technology,’ which in this case would let television advertisers target individual viewers based on what they’re doing or saying in front of their sets, capped another challenging year for privacy advocates.
2. New WordPress vuln emerges
   W3 Total Cache has faulty defaults: Sorry to spoil the day for any sysadmins that thought today would be a slow day, but a security researcher has announced a serious vulnerability in the default configuration of a popular WordPress plugin.
3. Weve lost an American original: Desert Storm commander Stormin Norman Schwarzkopf dies at 78
4. McAfee Labs predicts the decline of Anonymous
5. Randi Zuckerberg mocked for Facebook privacy confusion
6. Analysts: Anonymous to decline in 2013
7. FTC Tightens Children’s Online Privacy Protection Act Regulation
8. What the…? Tech stories that made us do a double take
9. Sophos Unveils Thirteen IT Security Trends For 2013
10. U.S. gun control debate rages after newspaper publishes addresses of pistol permit holders
11. Paranoid China tightens Internet controls even more after Communists embarrassed by online reports

1. Ransomware scammers push panic button with bogus claims
   Cyber extortionists shilling “ransomware” have upped the ante by pushing users’ panic buttons with claims that their malware will wipe hard drives, a security firm said Monday.
2. Iranian official disputes report that power station was hit by virus attack
   A power station in the south of Iran has been hit by a cyberattack, an Iranian news agency reported Tuesday, citing a local civil defense official. But now agency and official are in dispute over whether he really made the remarks.
3. Year in Ideas: How vital oil infrastructure became a villain in Canada
4. Enterprises Starved for Security Threat Data to Justify Budget Hikes
5. From Internet Uprisings to John McAfee: The Year in Privacy and Security
6. Mark Zuckerbergs sister angry over Facebook privacy breach Alexander C. Kaufman, TheWrap.com
7. Another Iran facility hit with cyber attack, perhaps
8. Obama may issue cyber security order in early January

1. Exploring the Market for Stolen Passwords
   Not long ago, PCs compromised by malware were put to a limited number of fraudulent uses, including spam, click fraud and denial-of-service attacks. These days, computer crooks are extracting and selling a much broader array of data stolen from hacked systems, including passwords and associated email credentials tied to a variety of online retailers.
2. Feds Requiring Black Boxes in All Motor Vehicles
3. Iran deflects cyber attack on industrial sites
4. Iran ‘fends off new cyber attack’
5. Hackers of Steubenville Football Teams Web Site Demand Apology in Rape Case

1. Top 12 Security Slideshows of 2012
   As 2012 comes to a close, it’s time to reflect on the security trends of the year with this look at the hottest security slideshows of 2012.
2. Instagram furor triggers first class action lawsuit over terms of service changes
3. RIM pricing power with carriers slips as stock continues tanking
4. Iranian news agency reports another cyberattack by Stuxnet worm targeting industries in south

1. Google to scan Chrome extensions, bans auto-install
   Google-as-curator is upon us: Google has taken two steps to prevent its Chrome browser becoming an attack vector for malware that runs as extensions to the browser.
2. ProtectMyID from Experian helps guard against identity theft
   Identity theft is scary business, for sure. But it’s a threat that seems a whole lot less likely once you sign up for ProtectMyID, an online identity theft protection service that comes from Experian, a trusted credit-reporting company. ProtectMyID is not cheap though, as it costs $16 per month for regular monitoring.
3. Instagram takes a hit, but users may be too addicted to quit
   Even though it backed away from a controversial change to its Terms of Use policy, Instagram’s once glossy image has taken a big hit.
4. ‘Shake to charge’, similar crapps foul up Amazon Android store
   Thrown out of Google Play, now back in another bazaar: Security researchers have sniffed out dodgy apps floating around the Amazon App Store for Android-powered devices.
5. Poor SCADA security will keep attackers and researchers busy in 2013
   An increasing number of vulnerability researchers will focus their attention on industrial control systems (ICS) in the year to come, but so will cyberattackers, security experts believe.
6. Stabuniq malware found on servers at U.S. financial institutions
   Security researchers from Symantec have identified an information-stealing Trojan program that was used to infect computer servers belonging to various U.S. financial institutions.
7. 1Password for iOS keeps your digital life safe
   For a security mechanism that has existed since mankind traded places with apes to raise to the top of the food chain, passwords have shown a surprising longevity. Passwords act as gatekeepers to our email, banking, social media accounts, and just about anything else that we do, regardless of whether we are online or not.
8. Amazon, Google on collision course in 2013 as competition in ads, retail, mobile heat up
9. Where OS X security stands after a volatile 2012
10. Justice Canada study says spousal abuse costs country at least $7.4 billion a year
11. Canadian psycho Luka Magnotta named Canadian Press Newsmaker of the Year
12. Vatican convenes journalists, papal pardon expected for ex-butler who stole, leaked documents
13. Laptop stolen in Transpo bus swarming Mike Aubry
14. This is not an Old West shootout. Were talking about an elementary school: Teachers, parents angry at NRAs guns-in-schools proposal
15. National banking regulator advises on DDoS deluge
16. Symantec finds a new trojan that steals data from US banks, customers
17. Congress tweaks US video-privacy law so Netflix can get on Facebook
18. Prosecutors acted improperly in vetting jurors but misconduct wont quash convictions, Supreme Court rules
19. Congress Defeats E-mail Privacy Legislation Again
20. ESET: Mobile Malware, Botnets, Attacks On The Cloud And Data Breaches Expected To Grow
21. NRA calls for armed police in every U.S. school, mental illness registry in response to Newtown massacre
22. RIMs service-fee change spurs stock dive
23. Mobile malware, botnets and attacks on the cloud to rise
24. North Korea says it has detained a U.S. citizen after obtaining confession for crimes
25. 9 Ways Hacktivists Shocked The World In 2012

1. China ‘enhances’ Great Firewall, teaches it to choke off VPNs
   If we sniff a private virty network… you’re toast: China has tightened the screws on its infamous web-filtering system, according to virtual private network providers.
2. End of days: Possessed POWERPOINT predicts Mayan Apocalypse
   Hardly the end of the world, OR IS IT?: Miscreants have crammed malware into a Microsoft PowerPoint presentation about today’s supposed Mayan Apocalypse. If someone emails you a .ppt slideshow titled Will the world end in 2012?, give it a wide berth unless the world really does end today and you’re feeling wild.
3. Apple shifts iTunes to HTTPS, sidesteps Chinas censors
   Great Firewall foiled for now: Apple has adopted HTTPS for searches and downloads on the version of iTunes used in China. The move comes at a time when China’s government prepares to step up regulation of online app stores and continues its crackdown on VPNs.
4. 10,000 Indian government and military emails hacked
   State-sponsored snoopers suspected of large scale incursion: Indias government and military have suffered one of the worst cyber attacks in the nations history, after over 10,000 email accounts belonging to top officials were compromised, despite a warning from the countrys cyber security agency.
5. Wells Fargo’s website buckles under flood of traffic
   Well Fargo urged its customers on Thursday to visit bank branches or use telephone banking due to continuing problems with its website.
6. Digital Citizens group focuses on Internet safety
   An Internet safety education campaign will point out scams and other online dangers with an initial target audience of children and seniors.
7. VMware patches ‘critical’ vulnerability
   VMware has issued a patch for its VMware View product that fixes a security vulnerability that could allow an unauthorized user to access system files.
8. FCC offers security advice to smartphone users
   The U.S. Federal Communications Commission is advising smartphone users on how to protect their mobile devices and data from mobile security threats.
9. Containerization and mobile threats
   For a short and very enjoyable history lesson, watch this Youtube video.
10. US: We’ll drag cyber-spies into COURT from their hideouts
    ‘And Iran to prosecute American programmers for Stuxnet?’: The US Department of Justice has floated a plan to advance criminal prosecutions against cyber-spies.
11. PGP, TrueCrypt-encrypted files CRACKED by 300 tool
    Plod at the door? Better yank out that power cable: ElcomSoft has built a utility that forages for encryption keys in snapshots of a PC’s memory to decrypt PGP and TrueCrypt-protected data.
12. Guidance on cybersecurity, private clouds and privacy
13. Lancope releases new threat intelligence for detecting attacks
14. Sudoku puzzle generating spreadsheet carries malware
15. Part Two: NNSA and private contractors nuclear safety culture responsible for Y-12 security breach?
16. Liberals join union defence
17. Trustonic Provides New Standard Of Trust And Security For Connected Device
18. Voltage Partners With PerspecSys To Improve Cloud Data Protection
19. Stabuniq trojan found on servers at U.S. banks
20. RIM earnings live: Can the BlackBerry maker gain momentum ahead of BB10?
21. Net Neutrality, Data-Cap Legislation Lands in Senate
22. BBB warns of fake charity sites after Newtown shooting
23. IBM Security Access Manager 7.0 Now Available
24. Obama Administration Outlines National Information Sharing Strategy
25. Senator introduces bill to regulate data caps
26. Behind closed doors at the UN’s attempted “takeover of the Internet”
27. The price for a Canadian passport is going up from $87 to $120
28. Duke Energy Warns Carolinas Customers About Bill Payment Scam
29. New Automated Risk-Based Payment Fraud Prevention Application
30. UpClicker Trojan Aims to Foil Automated Analysis
31. Survey: 61% Of IT Security Professionals Say Businesses More Vulnerable To Attack During Holidays
32. State Department tells John Kerry-led panel that security weaknesses led to deadly assault on Libyan consulate

1. Shocking Delay in Fixing Adobe Shockwave Bug
   The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) is warning about a dangerous security hole in Adobe’s Shockwave Player that could be used to silently install malicious code. The truly shocking aspect of this bug? U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won’t be fixing it until February 2013.
2. Samsung to fix Android device vulnerability
   Samsung said Wednesday it is working on an update for a software flaw that could allow attackers to siphon personal data from a phone.
3. Samsung to fix Androind device vulnerability
   Samsung said Wednesday it is working on an update for a software flaw that could allow attackers to siphon personal data from a phone.
4. Adobe to patch 2-year-old Shockwave flaw next year
   Adobe plans in February to close a dangerous hole in its Shockwave application that causes the application to be downgraded when a user launches older multimedia content, allowing hackers to target years-old vulnerabilities.
5. Apache plug-in doles out Zeus attack
   Points victims to Sweet Orange exploit server, slurps banking credentials: Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials.
6. It’s time to start patching the Human OS
   Computers and mobile devices store, process and transfer highly valuable information. As a result, your organization most likely invests a great deal in protecting them. Protect the end point and you protect the information. Humans also store, process and transfer information — people are in many ways are nothing more than another operating system, the Human OS.
7. FTC bolsters online children’s privacy rules
   Websites, mobile apps and online advertising networks targeting children will be required to follow new privacy regulations, including getting a parent’s permission before collecting geolocation information and photographs from kids, under new rules announced Wednesday by the U.S. Federal Trade Commission.
8. Zscaler adds IE version of HTTPS Everywhere security tool
   Cloud-based security services provider Zscaler has released an implementation for Internet Explorer of the HTTPS Everywhere browser security extension.
9. Android Trojan taints US mobes, spews 500,000 texts A DAY
   If you could just tear yourself from Angry Birds and check your bill…: A Trojan that infects Android devices is behind an increase in text message spam in the US.
10. WatchGuard Debuts XCS 280, XCS 580 Security Appliances
11. Cloud exploits and mobile device attacks on the horizon
12. 88% of corporate databases vulnerable to cybercrime
13. Bits Blog: Twitter Reacts to Anonymous Attacks on Westboro Baptist Church
14. People are in a very desperate mode: Fertility specialist faces misconduct charges in treatment of 30 women
15. Terence Corcoran: Bank Bashing 101
16. GravityZone By Bitdefender Hits Market February 2013
17. Voltage Secure Stateless Tokenization Advances Data Security For Enterprises, Merchants, And Payment Processors
18. WatchGuard Rolls Out Enhanced XCS 280 And XCS 580 Security Appliances
19. Only 47% Of SMBs Ask Partners About Their Security Processes
20. United States Is World Leader In Fastest Growing Type Of SMS Spam
21. The lowest kind of thievery: Scam artists exploit families coping with Newtown tragedy
22. Verizon DBIR Researchers Debunk 2013 Security Predictions Inbox x
23. Digital Defense Discovers Zero-Day Vulnerability In VMware
24. CrowdStrike Partners With Coverity To Ensure Software Security
25. New Report Highlighting Risks Of Intellectual Property Theft And Corruption In Supply Chains
26. ENISA Report: Smart Grid Security Needs Risk-Based Approach
27. Kids’ online privacy rules strengthened
28. Cosmo Strikes Again, Takes Over Another Westboro Twitter Account
29. Government toughens up online privacy rules for kids’ websites
30. Apache plugin turns legit sites into bank-attack platforms
31. Introducing the State Secrets Drinking Game
32. Free Web App Scanning With nCircle Purecloud
33. F.T.C. Broadens Rules for Online Privacy of Children
34. Montreal students create surprisingly realistic animation of baby being snatched by eagle score a viral hit
35. Android botnet detected on all major mobile networks
36. TSA Wants to Know if Airport Body Scanners are Nuking You
37. Montreal students create amazingly realistic animation of baby being snatched by eagle score a viral hit
38. U.S. Tightens Rules Protecting Children’s Online Privacy
39. 2012 Lessons Learned = Compliance
40. Chief of State Department security service resigns after Benghazi attack report: source
41. Dell buys data protection partner Credant Technologies
42. Feds reportedly plan to prosecute hackers sponsored by other nations
43. Attack Turns Android Devices Into Spam-Spewing Botnets
44. Apache malware targeting online banking
45. Benghazi attack report blames State Department for security failures, makes no mention of anti-Islam video
46. Torontos Chango partners with Facebook to serve up targeted ads based on search terms

1. Baby got .BAT: Old-school malware terrifies Iran with del *.*
   New nasty capable of causing about an hour of annoyance: A surprisingly simple disk-wiping malware has set off alarm bells in Iran after surfacing in the Middle East nation.
2. Trend Micro updates security app to detect Samsung attacks
   Trend Micro has updated its mobile security software to detect potential attacks on several Samsung Electronics devices that have a flaw that could allow a malicious application to access all of the phone’s memory.
3. Man who hacked celebrity email accounts sentenced to prison
   Christopher Chaney, a Florida man who admitted to illegally accessing email accounts belonging to more than four dozen celebrities, was sentenced to 10 years in federal prison on Monday.
4. SANS NetWars tests cybersecurity pros against peers
   Organizers played “Eye of the Tiger” and “We are the Champions” over the loudspeakers as participants in the SANS Institute’s NetWars Tournament of Champions sat down at their laptops and prepared for action.
5. FireEye Outlines India Strategy to Secure APT Landscape
   In an exclusive interaction, Stephanie Boo, regional director, South Asia Pacific, FireEye, articulates the huge business opportunity for channel partners across APT market.
6. Naked Scarlett Johansson pic snatch bloke gets 10 YEARS
   Saucy celeb snap plunderer: ‘What a relief’: A US man who hacked into the email accounts of celebrities including Scarlett Johansson and Mila Kunis and later leaked their nude photos has been sentenced to 10 years in prison.
7. Dell Reaches Agreement To Acquire Credant
8. Stephen Harper steps in to save Radarsat upgrade after budget cutbacks threatened satellite programs future
9. Manitoba whistleblower put under house arrest after warning of government fraud, read 156 books while collecting his pay
10. Muskrat folly
11. New Voltage Secure Stateless Tokenization Able To Reduce PCI Scope By 90%
12. Cigital And Arxan Technologies Form Partnership To Help Organizations Assess And Mitigate App Security Risk
13. RSA Opens New Anti-Fraud Command Center In Collaboration With Purdue University
14. Ubiquitous Internet Connections Will Allow Death By Device And Massive Over-The-Air Theft By 2014
15. Vulnerabilities In Java And Adobe Will Be Main Targets For Cybercriminals In 2013
16. DOE Cyber Security Audit Shows Incident Reporting, Management Hurdles
17. Anonymous activist pleads innocent to Stratfor charges
18. Kim Jong-un is Times man of this year, North Korea declares after online prankster flood reader poll
19. Samsung smartphone flaw allows root access
20. Anonymous Posts Westboro Church Members’ Personal Information
21. Banks Back Under Attack by Claimed Hacktivists
22. AVG And Yahoo Team On Secure Search
23. White House rejects Boehners Plan-B fiscal cliff proposal, defends move on taxes
24. Judge OKs Warrantless Cell-Site Data in Landmark Privacy Case
25. White House rejects Boehners plan-b fiscal cliff proposal, defends move on taxes
26. ARM, Partners Create Trustonic for Greater Mobile Device Security
27. Europe Weighs New Data Breach Rules For Critical Companies
28. Hacker gets 10 years in prison for Johansson, Aguilera photo leaks
29. Zscaler HTTPS Everywhere Tool Comes to Internet Explorer
30. BlackBerry 7.1 Achieves CESG Security Approval
31. FCC, Lookout Offer Smartphone Security Checker
32. Android botnet spreads SMS spam
33. Report: data caps just a “cash cow” for Internet providers
34. Information Commissioner slams four councils over data breaches

1. Point-of-Sale Skimmers: No ChargeYet
   If you hand your credit or debit card to a merchant who is using a wireless point-of-sale (POS) device, you may want to later verify that the charge actually went through. A top vendor of POS skimmers ships devices that will print out “transaction approved” receipts, even though the machine is offline and is merely recording the customer’s card data and PIN for future fraudulent use.
2. Android botnet sends SMS spam through Android phones
   In a new twist, spammers have built a botnet that sends SMS spam through infected Android phones, shifting the potentially pricey cost of sending spam to victims.
3. Conmen DID use leaked info of sporty civil servants… to attack HMRC
   But why did gov only tell data’s owners 3 years later?: Criminals used the personal data of 100,000 civil servants that was swiped in early 2010 in an attack on HMRC around the same time, The Register has discovered. Now, almost three years later, the government is still scrabbling around trying to work out whodunnit… and only recently ‘fessed up to the individuals concerned that their data had been snaffled.
4. Security, big data, growth and Dotcom
   People accuse Kim Dotcom of many things, both good and bad and not always without merit. However whatever your views of his exploits, one thing you can’t take away from the eccentric German — and now Kiwi adoptee — is the fact that he has completely redefined the word “Dotcom”. Sure there was all that interweb stuff too, but let’s focus on the superficial first.
5. Complexity the worst enemy of security
   Computerworld Hong Kong (CWHK): Are we actually any more secure today than we were five years ago?
6. The new cybercop center of Hong Kong
   You read it in Computerworld Hong Kong: the Hong Kong Police have launched a Cyber Security Center to provide round-the-clock services. The HKP made an investment of HK$9 million in hardware and software for the new facility.
7. Improved Carberp malware targets U.S. banks
   The creators of Carberp, a banking Trojan program used exclusively in Russian-speaking countries, have started to sell an improved version of the malware together with custom scripts that would allow cybercriminals to target U.S. online banking customers, according to researchers from Russian security firm Group-IB.
8. Anonymous hacks Westboro Baptists over Sandy Hook protests
   Other hackers join the fray: Anonymous has posted personal data of many members of the Westboro Baptist Church and is promising to shut down the religious sect after it announced plans to protest the funerals of those killed at Sandy Hook Elementary School last week.
9. Single sign-on moves to the cloud
   We are awash in passwords, and as the number of Web services increases, things are only going to get worse. Trying to manage all these individual passwords is a major problem for enterprise security. Many end users cope by re-using their passwords, which exposes all sorts of security holes.
10. More data-wiping malware found in Iran
    A new piece of malware that deletes entire partitions and user files from infected computers has been found in Iran, according to an alert issued Sunday by Maher, Iran’s Computer Emergency Response Team Coordination Center.
11. Apple loses bid to ban Samsung devices as fans turn bearish
12. Android botnet abuses people’s phones for SMS spam
13. Get ready for invited break-ins, malware-ridden apps and spoof attacks
14. Its horrible optics: Mark Carney under fire for vacation at Liberal MPs house
15. Expensive questions: It cost taxpayers $150,000 to answer a single query from a Liberal MP
16. Convicted sex offenders have a right to online privacy, advocates say
17. Pension shakeup needed
18. Cosmo the God Hijacks Twitter Account of Hateful Church
19. New group acts as financially-shielded middleman for WikiLeaks, others
20. Scarlett Johansson Hacker Gets 10 Years
21. Key Points on the Ponemon Study on Patient Privacy
22. RIM enlists 120 U.S. companies to begin testing BlackBerry 10
23. Anonymous strikes after group plans Newtown vigil protest
24. Broadcasters Demand Dish Stop Commercial Skipping
25. Newtown begins to bury littlest victims of school massacre
26. Anonymous continues its hack offensive against Westboro Baptist Church
27. Online hoaxes rampant in wake of Newtown elementary school massacre
28. LockPath Adds HITRUST Common Security Framework To Keylight Platform
29. Developer warns of critical vulnerability in many Samsung smartphones
30. Destructive malware attacking Iranian computers
31. Accused U.S. hacker McKinnon to face no charges in U.K.
32. Scarlett Johansson hacker set for sentencing
33. Iranian computers attacked by new malicious data wiper program
34. RIM results could fuel more BlackBerry 10 buzz
35. Payment processor for scareware cybercrime ring jailed
36. Nurse who committed suicide after falling for royal prank laid to rest in India
37. Divorce records reveal Adam Lanzas mother had full authority over him as portrait of killers family life emerges
38. Public report examines why police failed to catch B.C. serial killer Robert Pickton
39. Newtown prepares to bury first victims of massacre as schools future becomes unclear
40. How to bring down mission-critical GPS networks with $2,500

1. LogMeIn, DocuSign Investigate Breach Claims
   Customers of remote PC administration service LogMeIn.com and electronic signature provider DocuSign.com are complaining of a possible breach of customer information after receiving malware-laced emails to accounts they registered exclusively for use with those companies. Both companies say they are investigating the incidents, but so far have found no evidence of a security breach.
2. LogMeIn, DocuSign Invesigate Breach Claims
   Customers of remote PC administration service LogMeIn.com and electronic signature provider DocuSign.com are complaining of a possible breach of customer information after receiving malware-laced emails to accounts they registered exclusively for use with those companies. Both companies say they are investigating the incidents, but so far have found no evidence of a security breach.
3. Egyptian hacker claims to find Yahoo flaws
   A hacker in Egypt has released vague details of three vulnerabilities he claims to have found within Yahoo’s website, the second time in two months he found problems in the website of a major technology company.
4. Website aims to bypass block on payments to WikiLeaks
   A new website, set up by Pentagon Papers whistleblower Daniel Ellsberg and some other civil rights activists, aims to crowdsource donations for WikiLeaks and three other organizations.
5. After Newtown tragedy, cops target social net pranksters
   In the wake of the tragic school shooting in Newtown, Conn, police warned that they will prosecute anyone purposefully posting false information related to the incident on social networks.
6. Hackers warn: We’ll hit US banks… again
   Insecure PHP web apps powering zombie DDoS assault: Hackers who claimed responsibility for a series of denial of service attacks against US banks in September have warned the US they plan to renew their assault shortly.
7. Preston Gralla: Is your fridge an IRS snitch?
   Neither federal and state law nor the courts have come close to catching up with the privacy implications of so much of our data existing in a realm beyond our complete control.
8. First Mac OS X fake installer pops up, racks up your mobe bill
   Russian music app? Nope, it’s an SMS trojan: Crooks have developed a new Mac OS X-specific Trojan that mimics the behaviour of a legitimate software installer.
9. ‘We are screwed!’ Fonts eat a bullet in Microsoft security patch
   Eternal vigilance is the price of wingdings: Windows users were surprised to find that a Microsoft security update stopped fonts from working on their PCs.
10. Samsung devices vulnerable to dangerous Android exploit
    A suspected fault in how Samsung Electronics has implemented the Android’s kernel in several of its devices could allow a malicious application to gain total control over the device.
11. BlackBerry blacklists the ‘Pooh’ gang
    A report surfaced recently contending that BlackBerry OS 10 will include a list of 106 prohibited passwords designed to prevent the clueless from choosing the likes of 123456, blackberry, or the ever-popular “password” as their password.
12. Security flaw found in Samsung’s system-on-chip
    Cluster of Exynos-powered Galaxy devices could be rooted by apps: A member of an XDA developers forum who calls him-or-herself alephzain claims to have found a flaw in several Samsung handsets and tablets that could allow attackers to enjoy access to their RAM.
13. How to activate Windows Defender in Windows 8
    Like every new Windows release, Windows 8 is more secure than the operating systems that came before it. That’s due in large part to three major enhancements: An increased emphasis on UEFI Secure Boot optimizations, the extension of the SmartScreen Filter across the operating system, and the default inclusion of a more robust version of Windows Defender, which now protects against all kinds of malware–not just spyware.
14. McAfee warns of Project Blitzkrieg hack attack on US banks
    No, not that McAfee, the other McAfee: Security firm McAfee warns that there is a credible threat of a coordinated Spring offensive against at least 30 US banks next year by Eastern European fraudsters.
15. Microsoft: We’re working to ‘adjust’ IE’s mouse tracking
    A U.K. analytics firm that warned earlier this week of an information leak in Internet Explorer (IE) today rebuked Microsoft for downplaying the bug.
16. SMS stealing apps uploaded to Google Play by Carberp banking malware gang
    Several malicious Android apps designed to steal mobile transaction authentication numbers (mTANs) sent by banks to their customers over SMS (Short Message Service) were found on Google Play by researchers from antivirus vendor Kaspersky Lab.
17. Microsoft: IE mouse tracking vuln no big deal. Sort of…
    Will fix it anyway. Probably…: Microsoft has dismissed allegations that Internet Explorer can allow attackers to track the position of the user’s mouse cursor, arguing that the original report was self-serving and that the observed behavior does not represent a credible threat.
18. Google Maps for iPhone violates European data protection law, German watchdog says
    When users install Google Maps on their iPhone, the option to share location data with Google is switched on by default. By doing this, Google violates European data protection law, according to a German data protection watchdog.
19. Dutch script kiddie pwns 20,000 Twitter profiles
    How much do you have in common with the other lusers?: A Dutch teenager successfully hijacked 20,000 Twitter profiles to post a message dissing their owners for being slack with security.
20. UK.gov backs away from ISP level filtering plan to protect kids
    Parents, keeping your broadband clean is up to you: The government has decided to stop short of forcing telcos to filter websites at a network level, after discovering that there wasn’t a major “appetite” for such a system among parents who want to prevent their kids from accessing supposedly inappropriate material online.
21. We cant tolerate this anymore: Obama signals action over gun laws
22. Ransomware demands survey completion instead of cash
23. Iran hit by new data-wiping cyberattack
24. Anonymous sets sights on an old enemythe Westboro Baptist Church
25. The Senkaku islands are our territory: Japanese nationalists return to power in a landslide victory
26. Canadian army struggles to hold on to war time intelligence gains amid budgets cuts
27. Gunman Adam Lanza killed himself as police closed in, shot all victims multiple times
28. Newtown shooting victims named; Police have very good evidence regarding Adam Lanzas motives
29. Heroes of Newtown: Sandy Hook principal died lunging at gunman, others shielded students with their bodies
30. Newton shooting victims named; Police have very good evidence regarding Adam Lanzas motives
31. World Briefing | Europe: Britain: Police Say They Wont Charge Hacker
32. The heroes of Newtown: Sandy Hook Elementary staff died protecting students
33. Shattered: Family of nurse who died after royal prank speaks about her death
34. Brilliant but remote: Police still hunting for motive that drove goth Adam Lanza to kill 27
35. Rhetoric isnt enough: After Obamas tearful call for meaningful action, could latest tragedy be gun-control tipping point?
36. Adam Lanza, the Newtown school shooting suspect, was a 20-year-old honours student who lived with his mother
37. 28 dead, including 20 children, in mass U.S. school shooting: official
38. 27 dead, including 20 children, in mass U.S. school shooting: official
39. My ability to make life-saving decisions is hampered: Paramedics complain of staff and vehicle shortages that put public in danger
40. State Secrets Defense Corners Judge in Catch-22 Predicament
41. New Smart Card Management System Introduced By Versatile Security
42. John McAfee back in U.S.
43. Verizon to Test Support for One Password for Whole Internet
44. Banking trojan on offer again, this time with sky-high price tag
45. Internet Safe From Globalized Censorship as UN Treaty Fails
46. U.S. banks fend off hacker activist attacks Jim Finkle and Rick Rothacker, REUTERS
47. Bank Attackers Used PHP Websites As Launch Pads
48. Startup Roundup: Canopy Labs raises $1.5M, CN Tower elevator pitches and Ottawas new incubator
49. Nurse who died after royal prank call left suicide note criticizing hospital staff: report
50. S.C. Security Blunders Show Why States Get Hacked

1. Feds Convict Stock Scammers, Overlook Spammers
   On Wednesday, the U.S. Justice Department announced that it had obtained convictions against a cybercrime gang that committed securities fraud through the use of botnets and spam. Oddly enough, none of the botmasters or spammers that assisted in the scheme were brought to justice or identified beyond their hacker handles. This blog post may change that.
2. Project Blitzkrieg e-banking heist is a credible threat, McAfee says
   Project Blitzkrieg, a coordinated attack against U.S. banking customers allegedly planned for the spring of 2013, is a real and credible threat, security researchers at McAfee have said.
3. Yet another eavesdrop vulnerability in Cisco phones
   Security groundhog day: A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when its on the hook.
4. DDoS attacks against U.S. banks peaked at 60 Gbps
   Some of the distributed denial-of-service (DDoS) attacks that targeted the websites of U.S. financial institutions this week have peaked at 60 Gbps, according to researchers from DDoS mitigation provider Arbor Networks.
5. Dexter malware targets point of sale systems worldwide
   Payment cards plundered in 40 countries: You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems.
6. Suspected fake internet cop trio collared by real cops
   Ransomware demanded on-the-spot 100 fines from victims: UK cops have arrested three people in Staffordshire on suspicion of running a ransomware scam that fooled victims into paying 100 fines.
7. UK cops: How we sniffed out convicted AnonOps admin ‘Nerdo’
   Hint: Sometimes gamer tags give the game away: Analysis of IRC logs and open source intelligence played a key role in the successful police prosecution that led up the conviction of a member of Anonymous for conspiracy to launch denial of service attacks against PayPal and other firms.
8. The 30-year-old prank that became the first computer virus
   Elk Cloner creator Rich Skrenta looks back: To the author of Elk Cloner, the first computer virus to be released outside of the lab, its sad that, 30 years after the self-replicating code’s appearance, the industry has yet to come up with a secure operating system.
9. Scathing auditor general report finds OPP lost track of evidence, police vehicles
10. U.S. federal agency gives RIM another chance with plan to test BlackBerry 10 smartphone
11. HITRUST And (ISC)2 Launch First Certification For Healthcare Info Security Professionals
12. Police arrest three over ransom malware attacks
13. Royal radio hoax staff moved into safehouses as inquest reveals nurse hanged herself, left three suicide notes
14. Review: Googles new Maps app for iPhone is an absolute smash hit
15. Team GhostShell leaks data from 1.6 million accounts
16. Attorney General Secretly Granted Gov Ability to Develop and Store Dossiers on Innocent Americans
17. Tony Clement picks new fight with budget watchdog over $20K gap over cost of civil servants
18. Encryption: Debunking the Top 10 Myths About This Data Defense
19. 2012 Data Breaches: A Look Back
20. Non-Harmful Phone Spoofing OK, Appeals Court Says
21. Hackers Breached Heating System Via Industrial Control System Backdoor
22. Mobile Users Remain Safe (Mostly) in 2013, Lookout Says
23. ‘Dexter’ Malware Caught Swiping Credit Card Numbers From POS Systems
24. Fraudsters plan spring strike on U.S. banks
25. State Secrets Front and Center in Dragnet Surveillance Case
26. Canada joins Western countries rejecting UN Internet treaty over fears of government control
27. HITRUST, ISC2 to Create Credential Program for Health Care Data Security
28. Total Defense Launches Cloud Security Solution
29. ALU’s Kindsight Introduces New Mobile Security Features, Expands Protection
30. ForgeRock News — Adaptive Authentication
31. Massive bank cyberattacks planned
32. Bits Blog: Android Malware Creeps Into Cellphone Bills
33. Susan Rice withdraws her name from consideration for U.S. Secretary of State
34. Top 7 security predictions for 2013
35. Fake CitiBank credit card statement leads to malware

1. New Findings Lend Credence to Project Blitzkrieg
   “Project Blitzkrieg,” a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2003, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a formidable crime machine in preparation for the project.
2. Internet Explorer flaw gives ad trackers a sneaky edge — for now
   Some advertising analytics companies are using a vulnerability in Microsoft’s Internet Explorer browser for a questionable edge in figuring out if web users are seeing display advertisements buried within web pages.
3. Microsoft: Most PCs running pirated Windows in China have security issues
   Microsoft launched a new anti-piracy campaign in China to highlight the security risks of buying counterfeit software.
4. Japan police offer first-ever reward for wanted hacker
   Police in Japan are looking for an individual who can code in C#, uses a “Syberian Post Office” to make anonymous posts online, and knows how to surf the web without leaving any digital tracks — and they’re willing to pay.
5. Hacking bazaar ExploitHub gets hacked, database leaked
   But online shop denies $250k of exploits were pinched: Online boutique ExploitHub, which sells code to attack software security holes, has been plundered by hackers. A database snaffled from the marketplace was dumped online as proof of the raid.
6. Internet Explorer tracks cursor even when minimised
   Keep calm: its only being exploited by adware blood-suckers … probably: A security researcher has published yet another reason not to use Internet Explorer for anything, under any circumstances: it can track your mouse cursor movements, even when its minimised.
7. After vote, Facebook moves to update privacy settings
   Despite Facebook users losing out on a privacy policy vote earlier this week, the social network moved today to make its privacy tools easier for them to access.
8. Microsoft Santa gifts you with 5 critical fixes in Xmas Patch Tuesday
   Still using Word? You’ll want to read this: December’s Patch Tuesday brought seven bulletins from Microsoft, five of which cover critical security vulnerabilities.
9. Feds smash international cybercrime ring with Power of Facebook
   Ad-men and G-men form potent globo force: The FBI have said that with the help of Facebook, they’ve taken down an international crime gang who went on an $850m botnet spree.
10. Guatemalan judge orders McAfee released from detention
    Just wants to ‘fish and swim’, no more aerotrekking: A Guatemalan judge has reportedly ordered the release of John McAfee, after ruling the anti-virus pioneer turned Belizean manhunt target was being detained illegally.
11. Radio hoax nurse found hanging in her room with three suicide notes, inquest reveals
12. Mac users hit with fake installer and SMS fraud
13. Motivations, trends and measurement of IT security spending
14. Cybersecurity company using hackers own devices against them
15. Marois wants to sell $6M Montreal home to European businessman, but law prohibits sale of agricultural land to foreigners
16. Facebook Teams With Federal Authorities to Bust $850 Million Botnet
17. Sentinel IPS Announces The Global Release Of An Industry-First Collective Intelligence Scoring System
18. Expiring Warrantless Spy Bill to be Reauthorized By Years End
19. Mac OS X users targeted in SMS scam
20. Will Apple bid for TomTom?
21. FBI nabs 10 for Yahos worm spread on Facebook
22. SafeNet, Inc., Sells Government Solutions Business Unit To Raytheon Company
23. WhiteHat Security Brings New Standards To Mobile Application Security
24. nCircle PureCloud Automatically Scans For Zero-Day Threats
25. How an Internet-connected Samsung TV can spill your deepest secrets
26. Facebook Helps Feds Crack $850 Million Botnet Ring
27. NCP Engineering Releases Secure Enterprise Management Version 3.0
28. $1.4-billion in unpaid corporate taxes being written off in Ontario: Auditor-General
29. Could A Thumb Drive Stop Stuxnet?
30. Habits Of Highly Successful Security Awareness Programs
31. New Mac trojan tricks users into paying pricey cell phone fees
32. Facebook assists in FBI bust of major international cyber crime operation
33. FBI arrests down Facebook botnet that stole $850 million
34. FBI snares $850 million Butterfly botnet ring with help of Facebook
35. Key Citadel developer banned from online crime forum
36. Royal hoax nurse left suicide note, reports say: Autopsy results to be revealed Thursday
37. John McAfee ordered released (formal ruling coming soon), says software pioneers lawyer
38. Researchers uncover Tor-powered Skynet botnet
39. Most Dangerous Holiday Web Search Terms Of 2012
40. FBI, International Law Enforcement Disrupt International Organized Cybercrime Ring Related To Butterfly Botnet
41. Despite Lack Of Trust, Internet Users’ Security Behaviors Far From Ideal, RoboForm Study Finds
42. Exploit tool hitting Joomla and WordPress sites
43. 10 Nations Facing the Most Pervasive Threats From Malware, Botnets

1. Critical Updates for Flash Player, Microsoft Windows
   Adobe and Microsoft have each released security updates to fix critical security flaws in their software. Microsoft issued seven update bundles to fix at least 10 vulnerabilities in Windows and other software. Separately, Adobe pushed out a fix for its Flash Player and AIR software that address at least three critical vulnerabilities in these programs.
2. Samsung TV vulnerability could let a hacker change the channel
   If you’re watching TV and the channel suddenly changes, you may not have sat on the remote control by accident.
3. ExploitHub admits ‘embarrassing oversight’ led to hack
   A marketplace where security researchers can sell details on software bugs said it was compromised on Tuesday due to an “embarrassing oversight” that left its web server vulnerable.
4. ExploitHub admits ‘embarrassing oversight’ lead to hack
   A marketplace where security researchers can sell details on software bugs said it was compromised on Tuesday due to an “embarrassing oversight” that left its web server vulnerable.
5. US law enforcement busts cybercrime rings with help from Facebook
   U.S. law enforcement agencies with the help of Facebook have arrested 10 people from various countries in connection with international cybercrime rings that targeted users on the social network.
6. Russian space research org targeted by mystery malware attack
   Korean message forum becomes cyber-espionage hub: Security researchers have discovered a targeted attack against Russian hi-tech firm that appears to originate in Korea.
7. Samsung’s smart TVs ‘wide open’ to exploits
   The downside to being ‘more like a PC’: Samsung’s Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers.
8. Microsoft quashes critical bugs in IE10, Windows 8, Word
   Microsoft today patched a dozen vulnerabilities in Internet Explorer, Windows, Word and Exchange, fixing flaws in the new IE10 for the first time and crushing bugs in Windows 8 and Windows RT for the second month running.
9. Attacker steals old passwords from Oz defence academy site
   Security fail sparks usual hypegasm: An attack on Australian Defence Force Academy systems operated by the University of New South Wales (UNSW), has spilled 20,000 user records.
10. Girl gang targets Microsoft’s Seattle stores for $5,000 theft spree
    Sounds like a job for the Rain City Superhero Movement: Seattle police are on the lookout for a group of female thieves who are targeting Microsoft retail stores on its home turf.
11. Dexter malware infects point-of-sale systems worldwide, researchers say
    Researchers from Israel-based IT security firm Seculert have uncovered a custom-made piece of malware that infected hundreds of point-of-sale (PoS) systems from businesses in 40 countries in the past few months and stole the data of tens of thousands of payment cards.
12. Look out, world! Are you ready for John McAfee: THE MOVIE?
    Antivirus thrillseeker flogs manhunt film rights: Antivirus pioneer John McAfee, who found himself at the centre of Central America’s hottest manhunt in recent history, has sold the exclusive film rights to his life story.
13. Arrests over $850m Facebook crime
14. Shamed by Mugshot Sites, Arrestees Try Novel Lawsuit
15. Facebook helps Feds take down international cybercrime ring
16. Custom-made malware is infecting POS terminals
17. Israel cyber security incubator program established by Ben-Gurion University of the Negev
18. Facebook User Policy Vote Ends With a Whimper
19. Cloud Security Will Overtake On-Premise Systems in Three Years: Gartner
20. Survey Exposes New Cloud Security Flaws
21. Ixia Unveils IxNetwork 7.0
22. Bond And Bourne Fuel Belief That Cyberhacking Is Easy So Why Fight It, U.K. Study Shows
23. Survey Of IT Professionals Reveals Discrepancy Between Support Of And Implementation Of Desktop Privilege Control
24. Microsoft, Adobe patch a range of vulnerabilities
25. Microsoft Releases Critical IE, Word Fixes on Year’s Final Patch Tuesday
26. Russian space, telecom industries targeted by espionage
27. FTC finds little improvement in mobile privacy for children
28. Chubb Cyber Endorsement Addresses Increase In Bank Account Takeover Frauds
29. Android users face rise in SMS fraud apps, reckons Bitdefender
30. Anonymous spokesman charged with linking to stolen data
31. Cellphone users want $50 cap on international data roaming fees, study says
32. Ikea monkey owner says she wants Darwin back as videos reveal her life with well-dressed monkey
33. Average public servant costs taxpayers $114K a year, PBO reveals
34. Closing arguments set in pretrial hearing for US soldier charged in WikiLeaks case
35. “Dexter” malware steals credit card data from point-of-sale terminals
36. Royal prank call may have been illegal, experts say as radio station donates $500,000 to nurses family

1. A Closer Look at Two Bigtime Botmasters
   Over the past 18 months, I’ve published a series of posts that provide clues about the possible real-life identities of the men responsible for building some of the largest and most disruptive spam botnets on the planet. I’ve since done a bit more digging into the backgrounds of the individuals thought to be responsible for the Rustock and Waledac spam botnets, which has produced some additional fascinating and corroborating details about these two characters.
2. Chinese Espionage Attacks Against Ruskies?
   Hardly a week goes by without news of a cyber espionage attack emanating from China that is focused on extracting sensitive data from corporations and research centers in the United States. But analysis of a recent malware campaign suggests that Chinese cyberspies may be just as interested in siphoning secrets from Russian targets
3. Parliament: Snoop Charter plan ‘too sweeping’, ‘misleading’, ‘suspicious’
   ‘Goes much further than it need or should’: Theresa May’s communications data draft bill is far too broad and needs to be slimmed down, concluded MPs and peers who have spent many months scrutinising the Home Secretary’s lambasted plans to massively increase the surveillance of online activity in the UK.
4. GhostShell hackers release 1.6 million NASA, FBI, ESA accounts
   Hacktivist crew signs off for Christmas: The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1.6 million account details purloined from government, military, and industry.
5. Vote ends on Facebook privacy changes, for good
   The user vote over Facebook’s latest proposed privacy policy change is over and the small number of voters who took part means Facebook can proceed with its plans.
6. Boffin: Android’s on-board malware scanner utterly FAILS
   App blocker detects just 15% of malware: Google has added new anti-malware capabilities to Android 4.2 “Jelly Bean,” but relying on them to block malicious apps might not be a good idea, says a computer science boffin from North Carolina State University.
7. Police-themed ransomware speaks to victims — literally
   A new variant of a Trojan program called Reveton that prevents victims from using their computers and displays rogue messages from law enforcement agencies is using localized voice messages to trick victims into paying made-up fines, according to researchers from antivirus vendor Trend Micro.
8. John McAfee: Let me go to the USA – or old Blighty
   You can trust what I say – I don’t use McAfee AV: Former anti-virus mogul turned fugitive John McAfee has appealed to be allowed to return to the United States rather than deported from Guatemala to Belize.
9. Saudi Aramco: Foreign hackers tried to cork our gas output
   Worm outbreak targeted oil giant’s output: Hackers who used the Shamoon worm to attack oil giant Saudi Aramco were bent on halting its fuel production, according to the company and Saudi government officials.
10. Ira Winkler: Stupid users, or stupid infosec?
    When security professionals see stupidity all around them, shouldn’t they ask themselves whether it’s their own precautions that are lacking?
11. DataMotion Announces SecureMail Gateway Email Encryption
12. Fake Better Business Bureau notifications carry malware
13. Ultra-secure memory sticks with anti-malware features
14. Panda Cloud Antivirus 2.1 released
15. Anonymous’s Public Face Indicted
16. Ikea monkey Darwin checks into his new home at animal sanctuary in rural Ontario
17. Supreme Court Asked to Review $222K Landmark File-Sharing Case
18. Newly Released Ponemon Report: Healthcare Data Breach on the Rise
19. Panda Security Launches Panda Cloud Antivirus 2.1 With Anti-Exploit Technologies
20. Public Buses Across Country Quietly Adding Microphones to Record Passenger Conversations
21. U.S. regulators start probe into childrens online privacy Diane Bartz, REUTERS
22. Canadians are tired and frustrated: Liberal contender Garneau calls for more wireless competition
23. Google’s Android Malware Detection Falls Short
24. FTC Probing Childrens Mobile Apps for Privacy Breaches
25. Microsoft Patch Tuesday Ensnares Windows RT Users
26. Former Anonymous spokesman indicted for sharing stolen card data
27. FTC: disclosures severely lacking in kids’ mobile appsand it’s getting worse
28. Commander: WikiLeaks suspect’s treatment closely watched by US supervisors
29. Hackers encrypt medical centre’s patient data, ask for ransom
30. Biggest U.K. Brands Failing To Protect Their Customers From Online Fraud, New Research Find
31. Bat Blue Networks Expands Its Cloud Security Offering To Europe
32. Android’s built-in malware scanner gets a failing grade
33. Embattled software founder John McAfee says return to the U.S. is his only hope now
34. Hassan Rasouli case before Supreme Court will have profound effect on end-of-life care decisions
35. Anonymous No Longer: Hacktivist Spokesman Charged
36. 200,000 new malicious programs detected every day
37. Ransom hackers encrypt medical centre’s entire database

1. ‘UK DNA database by stealth’ proposed in 100m NHS project
   Mighty archive to ‘unlock the power of DNA’ – Cameron: Prime Minister David Cameron is to announce plans for the NHS to create a massive database of patients’ DNA, which experts have advised could lead to massive health benefits and advances in medical technology. However the creation of such a database has obvious and far reaching privacy implications.
2. Delta Air Lines publishes privacy policy, but reseacher finds a fault
   Delta Air Lines quickly published a privacy policy for its mobile application after being sued by California’s attorney general, but a privacy researcher has already found a fault with it and the app.
3. Parliament to unleash barrage of criticism on Snoopers’ Charter
   Unseen spook Farr back again with plan to tap the UK net: The joint parliamentary committee scrutinising the governments Communications Data Bill – universally dubbed the Snoopers’ Charter – is set to slate the draft law in its official report published tomorrow.
4. Tor node admin raided by cops appeals for help with legal bills
   ‘I’m on my own and require a good lawyer’ says bloke: A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node.
5. That square QR barcode on the poster? Check it’s not a sticker
   Crooks slap on duff codes leading to evil sites: Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites.
6. Hong Kong cops open 700k cyber security centre
   27-man centre will try to spot and combat CNI attacks: The Hong Kong government has thrown HK$9 million (730,000) at a new Cyber Security Centre in a bid to tackle the growing threat to critical infrastructure in the Special Administrative Region of China.
7. Pakistan Cyber Army declares war on Chinese, Bangladeshi sites
   Hacktivists go on web defacement spree: Hacktivists claiming to hail from the Pakistan Cyber Army have defaced over 400 Chinese government web sites and also hit in excess of 20 Bangladeshi government sites.
8. Tor network used to command Skynet botnet
   Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It’s likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7.
9. Rare critical Word vuln is the star of December Patch Tuesday
   Microsoft cheese a bit less swiss this year: Microsoft is planning to release seven bulletins next Tuesday, five of which tackle critical vulnerabilities, as part of its final Patch Tuesday update of 2012.
10. Facebook sued over App Center data sharing in Germany
    German consumer organizations are suing Facebook because the social network keeps sharing personal data with third-party app makers without getting explicit consent from users.
11. Multipurpose Necurs Trojan infects over 83,000 computers
12. Beware of Bitcoin miner posing as Trend Micro AV
13. Anonymous spokesman indicted for threats, stolen credit cards
14. DataMotion unveils SecureMail Gateway
15. Saudi Aramco Says Hackers Took Aim at Its Production
16. Hugo Chavez heading back to Cuba for surgery as cancer resurfaces, names VP as successor
17. Canadas top court asked to settle battle over Tommy Douglas intelligence dossier
18. Former Anon spokesperson indicted for allegedly linking to stolen information
19. Suicide of Kate Middleton nurse tragic beyond words: hospital chairman joins condemnation of Aussie DJ hoax
20. I made a vow to his memory: Bill Browder wins fight to ban corrupt Russian business in memory of dead friend
21. I made a vow to his memory: Bill Browder wins fight to ban corrupt Russian business in the U.S. in memory of dead friend
22. No greater friend: The bond between Netanyahu and Harper goes beyond statecraft
23. Feds Charge Anonymous Spokesman For Circulating Hacked Stratfor Credit Cards
24. Identify Theft Is a Growing Risk in Health Care: Ponemon Report
25. Awareness There, Policies Lacking: Results Of A New SANS Survey On Application Security Policies In Enterprises
26. Damballa Failsafe 5.1 Unveils Breach Confirmation And Instant Replay Capabilities
27. Nine out of 10 hospitals lost personal data in last two years
28. BlackBerry maker RIM gets good news from 2013 IT predictions by IDC
29. US man linked to hacker group Anonymous faces new charges tied to attack on intelligence firm
30. California sues Delta Air Lines over mobile privacy
31. E.U. Panel to Pressure Google on Privacy Rules
32. Aussie DJs drop off Twitter after being bombarded by thousands of angry messages in wake of nurses apparent suicide
33. TAKEOVER ALERT! HP is now worth less than it spent in its acquisition binge
34. Australian radio DJs removed from air after nurse they fooled with Kate Middleton prank call dies
35. Mobile Browsers Fail Georgia Tech Safety Test
36. SIA And GTSC Announce Collaboration
37. Jacintha Saldanha, who died in suspected suicide after Kate Middleton radio hoax, was an excellent nurse
38. Data Breach & C-Suite
39. Jacintha Saldanha, who committed suicide after Kate Middleton radio hoax, was an excellent nurse
40. Search for survivors continues while death toll from Philippine typhoon climbs past 500
41. Fraser Institute criticizes Dalton McGuintys poor fiscal management in ranking of Canadas premiers
42. 2nd Quantico brig commander taking stand in WikiLeaks case; she took away GI’s underwear
43. Kate Middleton hospital receptionist who put through prank call from Aussie DJs found dead in apparent suicide
44. U.K. hacker convicted for taking part in Anonymous attacks
45. Breach of health records shocks B.C. minister Margaret MacDiarmid