1. How Not to Buy Tax Software
   Scott Henry scoured the Web for a good deal on buying TurboTax. His search ended at Blvdsoftware.com, which advertised a great price and an instant download. But when it came time to install the software, Henry began to have misgivings about the purchase, and reached out KrebsOnSecurity for a gut-check on whether trusting the software with his tax information was a wise move.

   Five days after Henry purchased the product, blvdsoftware.com vanished from the Internet.

2. Spam crashes to historic low as malware explodes on mobiles
   Android Trojans soar, Mac viruses fall off a cliff: The volume of malware samples detected by McAfee passed the 75 million milestone late last year, the Intel-owned security firm reported this week.
3. Crap PINs give wallet thieves 1-in-11 jackpot shot
   What are the odds? Cambridge boffins work it out: Four-digit banking PINs are almost as insecure as website passwords, according to a study by Cambridge University computer scientists.
4. Councils spunk 515m in 4 years on CCTV
   Hey big spender, Birmingham: UK local authorities spent a total of 515m installing, operating and maintaining CCTV between 2007-11, according to the privacy campaign group Big Brother Watch.
5. ICO ‘enquiring’ about Google’s system for serving 3rd-party cookies
   Questions after Microsoft slams Chocolate Factory on privacy: Microsoft has claimed that Google has been serving third-party cookies capable of tracking users’ online behaviour even when those users have adjusted settings in the Internet Explorer browser to prevent it happening.
6. IBM arms robo-sysadmin QRadar with virus know-how
   X-Force gear combs through 13 billion threats a day: IBM is beefing up its enterprise security offerings by creating a security platform that is aware of real-time virus information, meaning that the system will be much quicker at recognising new threats.
7. News of the World hacker named after court block lifted
   Murdoch editor Andy Coulson fingered as key contact: A man accused of hacking into the computers of a former British Army intelligence officer on behalf of a News of the World editor has been named as Philip Campbell Smith, also a former British Army intelligence officer.
8. Experts: RSA weak keys flaw restricted to network devices
   Primal fear: Analysis Flaws in the way some of EMC’s RSA security division encryption keys are generated are down to a weakness in generating random numbers that’s restricted to network devices rather than digital certificates on websites, according to both RSA and cryptographic researchers.
9. Burlington, Ont. named riskiest Canadian city to go online
10. Symantec’s PCAnywhere Vulnerable to Source Code Attack
11. Megaupload CEO Kim Dotcom Granted Bail in New Zealand, But Banned From Net
12. Anonymous says power grid concerns are U.S. gov’t spin
13. How the European Internet Rose Up Against ACTA
14. Akamai Kona Site Defender Security Service Blocks DDoS Attacks
15. Anonymous, Hacktivists Try to Break the Internet: A Recap
16. CounterTack Launches Event Horizon 3.1 Platform and Three Intelligence Solutions Aimed At In-Progress Advanced Cyber Attacks
17. Webroot Rolls Out Cloud-Based Endpoint Security
18. Researchers defeat video CAPTCHA antispam tests
19. Megaupload founder Kim Dotcom faces new charges over file-sharing website
20. Fake RIAA copyright violation notification serves malware
21. Google now facing class-action suit over Safari cookie circumvention
22. When is a cybercrime an act of cyberwar?
23. Can crowd sourcing shake up education?
24. Malware surpassed 75 million samples in 2011

1. Home Sec splits Border Agency after passport checks fiasco
   May: Secure ID suspension lacked ‘ministerial consent’: Blighty’s Border Force is to be divorced from the UKBA following a series of embarrassing passport check gaffes last summer, the Home Secretary Theresa May told MPs yesterday.
2. Microsoft claims Google bypassed its browser privacy too
   P3P policy flaw gave automatic access: Microsoft has released data showing that Google has been bypassing the user-defined privacy settings in Internet Explorer by using incorrect P3P identification terms.
3. Security biz scoffs at Apple’s anti-Trojan Gatekeeper
   Apple dev ghetto fears – plus it only probes executables: Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.
4. Unions: MoD ‘mad to fire staff while increasing consultant spending’
   Calculator says no but watch the colonels: Analysis UK public-sector unions say that revelations of what the Ministry of Defence (MoD) spends on specialist consultants show that current plans to fire tens of thousands of staff will lead to increased expenditure. Could they be right?
5. Google plots Chrome web password generator
   How the secrets are stored and recovered is another matter: Google is developing a password-generating tool that will bolt into its Chrome browser.
6. Unique malware samples broke the 75 million mark in 2011
7. Online privacy debate falls victim to rhetoric
8. Anonymous targets Vic Toews over Internet surveillance bill, revives Vikileaks
9. Syrian dissidents claim government uses malware to spy on them
10. DDoS attackers target Russian election webcams
11. McAfee, Xerox Partner on Printer Security
12. When Is a Cybercrime an Act of Cyberwar?

1. Zeus Trojan Author Ran With Spam Kingpins
   The cybercrime underground is expanding each day, yet the longer I research this subject the more convinced I am that much of it is run by a fairly small and loose-knit group of hackers. That suspicion was reinforced this week when I discovered that the author of the infamous ZeuS Trojan was a core member of Spamdot, until recently the most exclusive online forum for spammers and the shady businessmen who maintain the biggest spam botnets.

   Thanks to a deep-seated enmity between the owners of two of the largest spam affiliate programs, the database for Spamdot was leaked to a handful of investigators and researchers, including KrebsOnSecurity. The forum includes all members’ public posts and private messages — even those that members thought had been deleted. I’ve been poring over those private messages in an effort to map alliances and to learn more about the individuals behind the top spam botnets.

2. FTC urged to probe Google’s Safari-tracking gaffe
   Choc Factory blames Apple’s browser ‘functionality’ for ad slurp: Google is once again under fire after a Stanford researcher discovered that the search giant and other advertising outfits have circumnavigated the privacy settings of millions of Apple Safari users.
3. Brit student locked up for Facebook source code hack
   Unfriended, unliked, unfree: A British computer science student was jailed for eight months on Friday for hacking into the internal network at Facebook.
4. How Google and Apple exposed their Achilles heels this week
   Mobile payments and advertising are rocky ground for the big boys: Analysis In the massive tussle between Apple and Google, it is easy to forget that neither giant (for all their successes) is infallible. They are almost unbeatable in their core markets Apple in device design and user experience, Google in search, advertising and online software.
5. Anonymous threatens to DDOS root Internet servers
6. Anonymous threatens root Internet servers
7. Forensic toolkit with malware analysis technology
8. How enterprises can help stamp out spambots
9. Russian polling cameras face DDoS attacks
10. Admin logins with plain-text passwords plus names, addresses, e-mail addresses, telephone numbers
11. Iran stops oil sales to U.K., French companies, will sell our oil to new customers
12. Mac OS X Mountain Lion’s Gatekeeper Not Enough to Fight Malware
13. iOS, Android Apps Draw Concerns About Children’s Privacy Protection
14. Google, Mozilla Fix Serious Graphics Library Flaw in Chrome, Firefox
15. Goldman Sachs Code-Theft Conviction Reversed
16. Bits Blog: Preparing for DDoS Attacks or Just Groundhog Day
17. Anonymous Promises Regularly Scheduled Friday Attacks
18. Secret Service Shuts Down Then Reinstates JotForm
19. Feds Seize $50 Million in Megaupload Assets, Lodge New Charges
20. Malicious backdoor in open-source messaging apps not spotted for 3 months
21. Anonymous hacks FTC over Google privacy, ACTA
22. Feds Urge Court to Reject Laptop Decryption Appeal
23. Google Busted With Hand in Safari Browser Cookie Jar
24. Apple’s new OS X tightens screws on some malware
25. Lieberman: Cybersecurity Act of 2012 will help us protect critical infrastructure
26. Trend Micro Releases HijackThis Source Code To sourceforge.net
27. 8 Lessons From Nortel’s 10-Year Security Breach
28. Anonymous Antisec hackers break into and bring down FTC website
29. Kaspersky TDSSKiller review
30. Cutwail botnet intensifies spam spewing
31. The 15 worst data security breaches of the 21st century

1. ‘The full harm to Apple cannot be calculated’
   Plus LightSquared’s rage as the FCC ‘changes its mind’: Quotw This was the week when MySpace, which some of you may remember as once being a social network, came back from the dead thanks to its reinvention as a “meaningful social entertainment experience around content” with a million new users signing on since December last year.
2. DNS flaw reanimates slain evil sites as ghost domains
   Life after death trick could be exploited by cyber-crooks: Analysis Cyber-crooks may be able to keep malicious domains operating for longer – even after they are revoked – by manipulating the web’s Domain Name System (DNS).
3. Waledac malware returns after two years with password-stealing capabilities
4. DDoS attackers start targeting IPv6 networks
5. Shylock financial malware back ‘with a vengeance’
6. The 15 worst data security breaches of the 21st Century
7. Cybersecurity bill would create costly regulations, say critics
8. McCain, GOP Vow Alternative Cybersecurity Bill
9. How mobile malware is maturing
10. Birth dates, Social Security numbers and financial data such as income, assets and liabilities to be exposed due to unknown external sources
11. Analyze mobile apps for malware threats
12. New powerful bot spreads by email
13. Fake Facebook notification delivers keylogger
14. Trusteer warns of Shylock malware resurgence
15. New US cybersecurity act could be costly for some critical system vendors
16. Waledac malware branches out into Bitcoin stealing
17. IPv6 networks targetted by DDoS attackers
18. Google Chrome update fixes 12 vulnerabilities and patches Flash Player
19. Birth dates, Social Security numbers and such financial data as income, assets and liabilities to be exposed due to unknown external sources
20. Foursquare, Twitter Guilty of Slurping User Data: Report
21. McCain: Cybersecurity Bill Ineffective Without NSA Monitoring the Net
22. Secret Service Seizes JotForm.com, Nuking Millions of Online Forms
23. More Patients Support EHRs, But Worry About Privacy
24. CIA Hunts For Malware In Binary Code
25. New cyber security bill is bipartisan, but has its critics
26. Aberdeen Group Sees Classification As Key To Successful Data Loss Prevention
27. AlgoSec Automates Management Of Next-Generation Network Security Infrastructure
28. Android Malware Grew 3,000 Percent in 2011: Report
29. Al-Qaeda has likely infiltrated Syria opposition, behind recent suicide bombings: U.S. intelligence chief
30. Lawmaker Demands DHS Cease Monitoring Blogs, Social Media
31. Genetics Inspired Research Prevents Cyber Attacks
32. Exotic XSS bug in Adobe Flash controlled users’ Web accounts
33. Acunetix Web Rolls Out Vulnerability Scanner 8
34. NASDAQ and BATS stock exchange websites hit by hackers
35. Adobe confirms new zero-day Flash bug
36. Google Chrome update fixes high-severity vulnerabilities and patches Flash Player
37. How to Become an Ethical Hacker
38. Senators Unveil Major Cybersecurity Bill
39. Adobe patches seven vulnerabilities in new zero-day Flash bug
40. Vic Toews further embarrassed after Vikileaks cyberfoe gets six times his number of followers on Twitter
41. Nortel Breach Highlights Security Vulnerabilities of All Enterprises
42. 45% Of European IT Decision Makers View Security And SLAs As Leading Barriers To Cloud
43. Customers’ names, e-mail addresses, usernames, and plain-text passwords acquired by hackers
44. Customers’ credit card numbers acquired by hacker
45. Customer records with username, password, phone number, address, and bank account info acquired by hacker
46. 46,000 offenders’ names, Social Security numbers, date of birth, addresses, and criminal offense acquired by hacker; 500 redacted entries dumped on the Internet
47. 350.000 user records (username, encrypted password, e-mail, full name, country of residence) from porn site obtained via inactive forum and published online
48. 120 patients’ records were accessed inappropriately by former clerk
49. The escalating cost of US cybersecurity plans

1. Flash Player Update Nixes Zero-Day Flaw
   Adobe has issued a critical security update for its ubiquitous Flash Player software. The patch plugs at least seven security holes, including one reported by Google that is already being used to trick users into clicking on malicious links delivered via email.

   In an advisory released Wednesday afternoon, Adobe warned that one of the flaws — a cross-site scripting vulnerability (CVE-2012-0767) reported by Google — was being used in the wild in active, targeted attacks designed to trick users into clicking on a malicious link delivered in an email message. The company said the flaw could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. A spokesperson for the company said this particular attack only works against Internet Explorer on Windows.

2. ‘Predictably random’ public keys can be cracked – crypto boffins
   Battling researchers argue over whether you should panic: Analysis Cryptography researchers have discovered flaws in the key generation that underpins the security of important cryptography protocols, including SSL.
3. Sensitive council data sent to hundreds via PERSONAL EMAIL
   ICO fines Cheshire East 80k for data breach: Cheshire East council has been fined 80,000 by the Information Commissioner’s Office (ICO) for failing to have adequate security measures in place when emailing personal information.
4. Euro data protection: Great for punters, not for biz – MoJ wonk
   Whitehall man seeks views on ‘disproportionate’ draft law: Comment A colleague of mine went to a lecture on the European Commission’s proposed Data Protection Regulation last week*. One of the speakers was John Bowman, Head of International Data Protection and Policy at the UK’s Ministry of Justice. His opening question to the floor was: “How many of you here represent consumer groups?”
5. Twitter mobile apps storing address books for 18 months
   Company promises fix in next refresh: Twitter has become the latest in a growing list of companies caught storing users data without making it explicit.
6. Critical IE update dominates Valentines Patch Tuesday
   Explorer patch the only one giving sysadmins the fear: The Valentines Day edition of Patch Tuesday brought nine security bulletins that collectively address 21 software vulnerabilities.
7. Google tightens its Wallet after PIN reset goof
   Now only proper hackers can steal punters’ dosh: Google has started provisioning electronic wallets again having fixed the more trivial security flaw in its product – though determined hackers will still get in.
8. Two U.S. drone strikes kill at least 13 militants in Pakistans tribal badlands
9. Malicious sites increase 240%
10. Nortel collapse linked to Chinese hackers
11. Apple Changing App Privacy Policy After Path Snafu
12. Romanian police arrest alleged hacker in Pentagon, NASA breaches
13. Hacker TinKode arrested for NASA and Pentagon attacks
14. Mozilla Warning Certificate Authorities About Issuing MITM SSL Certs
15. Transcript: Ontario business subsidies are costly, with few results
16. TSA Denies it Targets Attractive Female Passengers for Body Scans
17. Pre-Owned MP3 Seller Accuses Capitol Records of Sabotage
18. Adobe Patches Zero-Day XSS Flaw, Six Other Bugs in Flash Player
19. Adobe patches Flash because of ongoing attacks
20. Waledac Botnet Reappears as New Password Stealing Variant
21. Nortel collapse linked to hacking attack
22. Lighthouse Security Group Announces Next-Generation Lighthouse Gateway Cloud Identity And Access Management Platform
23. Application Security Inc.’s New DbProtect Active Discovery Finds Forgotten And Previously Unknown Databases
24. Twitter feed ‘leaks’ Vic Toews’ alleged divorce details
25. Websense Adds Modular Chassis That Scales For Large Enterprises And Prevents Data Loss
26. Commtouch Launches Outbound Spam Protection Module For Parallels Plesk Panel
27. Catbird, VMware Team On Cloud Sec App
28. Laptop stolen from nurse’s car contained 500 patients’ names, social security numbers, date of birth, home addresses, medicare ID numbers and diagnosis
29. Two incidents involving loss of service users’ files during office relocation.
30. Laptop reported missing by an employee when boarding a plane contained personal data of 16 employees, including details of appraisals and supervision notes.
31. Unencrypted laptop left on bus contained personal data relating to approximately 325 employees including name, address, date of birth and salary.
32. Stolen laptop contained child swimming lesson details on 2,300 children
33. Nortel hackers helped kill company, academic says
34. Philips reports security breach
35. Senators Unveil Cybersecurity Bill to Empower Homeland Security
36. Download InfoWorld’s Malware Deep Dive report
37. Malware Network Threats Rising, How to Defend Yourself
38. Yahoo must deal with Asian assets soon, analyst urges
39. Code from slain spam botnet recycled to steal passwords
40. Cheshire East Council fined PS80,000 for email data breach
41. The rise of information stealers and pay-per-install malware
42. The new and improved Kelihos botnet
43. Biometric Authentication Business Launches
44. Porticor Unveils Encryption And Key Management Solution Protecting Cloud Data
45. Trend Micro Develops Advanced Cloud-Based Mobile Application Scanning Technology
46. A sessional (contract) worker had his unencrypted personal laptop stolen during a burglary; the laptop contained some sensitive personal data relating to up to seven families.
47. Council signed undertaking after four separate breaches in a two-month period involving accidental disclosure of personal information
48. Personal info of 6,845 customers and 686 employees was on three unencrypted laptops stolen in two incidents
49. Name, address, date of birth, NHS number, school and registered GP of 47 children lost in internal post
50. City employees’ Social Security numbers accidentally disclosed in response to a Freedom of Information request

1. Microsoft AV Flags Google.com as Blacole Malware
   Computers running Microsoft’s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft.

   Not long after Microsoft released software updates to fix at least 21 security holes in its Windows operating system and other software, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com.

   The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software.

2. Critical Fixes from Microsoft, Adobe
   If you use Microsoft Windows, it’s time again to get patched: Microsoft today issued nine updates to fix at least 21 security holes in its products. Separately, Adobe released a critical update that addresses nine vulnerabilities in its Shockwave Player software.

   Six of the patches earned Microsoft’s most dire “critical” rating, meaning that miscreants and malware can leverage the flaws to hijack vulnerable systems remotely without any help from the user. At least four of the vulnerabilities were publicly disclosed prior to the release of these patches.

3. Bonkers MS security update flags Google.com as malign
   Don’t be evil silly: A dodgy update to Microsoft’s anti-virus software on Tuesday meant users of the software were wrongly warned that Google’s homepage was infected with the infamous Blackhole Exploit Kit.
4. Whistleblower: Decade-long Nortel hack ‘traced to China’
   They had access to everything: Nortel was the victim of a years-long network security breach that allowed hackers to extract its trade secrets, according to a veteran of the bankrupt Canadian telco.
5. Microsoft code not the security sieve sysadmins should be worried about
   Study finds hackers aren’t hitting the apps your biz thinks they are: The gap between software patched by IT departments and the applications cyber-criminals actually target is leaving organisations at a greater risk of attack.
6. Child abuse files stolen from council worker in PUB – 100k fine
   Another council coughs 80k for HAND-DELIVERING kid’s info to neighbour: The UK’s data protection watchdog has fined two English council bodies a total of 180,000 after finding they had failed to keep “highly sensitive information” about children secure.
7. Scroogle: Dear Google, we’re not bots, we’re HUMAN
   With every Choc Factory privacy policy season, die die die!: A not-for-profit search engine that serves up a privacy-friendly version of Google has been out of action for much of today.
8. Teen hacker claims smut site hack: ‘I didnt do it for money’
   Hardcore group ‘fesses up to breach as youth uploads ‘members privates’: A teenage hacker claims to have broken into the Brazzers, the hardcore porn portal, before making off with hundreds of thousands of user login details.
9. Senate bill may require ‘critical’ networks to adopt cyber standards
10. Nortel executives knew of data breach, chose to do nothing
11. Security Systems Professionals in Demand: Report
12. Nortel management may have known of hacker breach
13. Online privacy erosion dismays critics
14. Practical Malware Analysis
15. Peter Foster: Shedding ugly green policy fat
16. Norman Data Defense Systems Announces New SCADA Security System To Protect Industrial Infrastructure
17. ID Experts Announces New Breach Product
18. Canadian telecom companies get cozy with Huawei
19. Internet Explorer patch heads Microsoft security update
20. Adobe Patches Critical Shockwave Player Bugs During February Update
21. Comment: Canadas embarrassing failure on lawful access legislation
22. AP Sues Aggregator Over Parasitic Business Model
23. Microsoft Says ‘Happy Valentine’s Day’ with Nine Security Bulletins
24. Hackers stole from Nortel for more than 10 years
25. Microsoft’s February Patch Tuesday Kills 21 Security Bugs
26. Twitter Enables HTTPS for All Users
27. Senate cybersecurity bill leaves Internet alone, exempts tech companies from oversight
28. Nortel Networks hackers had “access to everything” for years
29. Bits Blog: How Much Have Foreign Hackers Stolen?
30. Bits Blog: Hacking Group Attacks Weapons Maker
31. Stratfor subscribers targeted by malware-ridden emails
32. Cyber-Spies Intercepted Sensitive Files, Emails from Nortel: Report
33. Gap in patch priorities vs cybercriminal targets
34. Female Passengers Say They Were Targeted for TSA Body Scanners
35. Royal Philips Electronics reports Web security breach
36. Twitter turns on HTTPS by default to protect Wi-Fi users
37. KPN apologises for downing 2 million email accounts
38. Report of Nortel hacking shows vulnerability of companies: expert
39. Health Data Breaches Up 97% in 2011
40. Nortel hit by suspected Chinese cyberattacks for a decade
41. Making sense of social media madness
42. Liberal justice critic calls on Bahrain to drop charges against Canadian as fresh protests rock the tiny island nation
43. Israel braces for wave of terror after bomb blasts: national media
44. Nortel hit by suspected cyberattacks for a decade
45. Confidential Data At Risk Even With Policies In Place; Xerox And McAfee Team Up To Deliver A New Level Of Protection
46. Barracuda Networks Integrates Next Generation Firewall And Cloud Web Security
47. Mobile Internet devices will outnumber humans this year, Cisco predicts
48. Real-time web and data security from Websense
49. Software vendors fail to stem tide of security flaws, report shows
50. Nortel computers breached by hackers for over a decade: WSJ

1. Twitter finally grabs wheel, drives all twits into HTTPS
   Cafe Wi-Fi tweeting protected from sniffing hackers: Twitter has finally bedded down secure browsing on its site for all users after previously offering HTTPS as an optional feature.
2. Cryptome.org hacked to dish out malware
   Compromised whistle-blowing HQ begins site rebuild: Cybercrooks have planted malicious scripts on top of whistle-blowing nerve centre Cryptome.org.
3. Trustwave to escape ‘death penalty’ for SSL skeleton key
   Moz likely to spare certificate-confession biz same fate as DigiNotar: Analysis Trustwave’s admission that it issued a digital “skeleton key” that allowed an unnamed private biz to spy on SSL-encrypted connections within its corporate network has sparked a fiery debate about trust on the internet.
4. FIVE more councils say soz for exposing people’s privates
   ‘Disclosing details about someone’s social housing status can be upsetting’: The Information Commissioner’s Office has found that five local authorities have breached the Data Protection Act by failing to protect personal information about citizens.
5. Iranians get some services back
   Censors dead hand still felt on Facebook, Twitter: Iranians have a little more Internet access than a few days ago, but access is still highly restricted.
6. TicketWeb coughs to email database hack
   Punters get phishy mails sniffing for credit card info: Customers of UK ticketing agency TicketWeb, a subsidiary of TicketMaster, received phishing emails from the company over the weekend after its direct email marketing system was hacked.
7. Anonymous reverse ferrets on CIA.gov takedown
   ‘We blacked out website merely reported the outage’: Loosely connected hacking collective Anonymous claimed responsibility for making the CIA’s website inaccessible on Friday – but later said it was just reporting the event.
8. Startup sets up website malware detection service
9. Cyberwar Is the New Yellowcake, Fueling a Cybersecurity-Industrial Complex
10. Spear-phishing attackers target US holidays
11. Stratfor clients now targeted with malware
12. TicketWeb issues second warning following fake Adobe spam hack
13. StopTheHacker startup sets up website malware detection service
14. Cyber-Criminals Using Established Malicious Networks to Deliver Payloads
15. Saudi blogger Hamza Kashgari jailed, may face execution after tweets about Muhammad
16. Saudi blogger Hamza Kashgari jailed, faces execution after tweets about Muhammad
17. Google Wallet suspends prepaid payment cards to prevent “painfully easy” attack
18. Blackhole Exploit Kit Infects 2,900 Cryptome Visitors
19. Breaches galore as Cryptome hacked to infect visitors with malware
20. Privacy Tool Lets Users Quickly Rank Web Sites on Privacy Policies
21. Anonymous, Hacktivists Targeting CIA, Other Websites
22. Google faces suit over proposed privacy policy
23. Experian Data Breach Resolution Launches Innovative Mobile Application for First Responders
24. Hackers probably stole Steam transaction data, Valve says
25. Kaspersky Lab unveils virtualization security solution
26. Valve says Steam hackers may have grabbed credit card details
27. Trend Micro Extends Web Security Services To PlayStation Vita; Available Worldwide
28. HiSoftware Releases New SharePoint DLP Solution
29. NEC Adds CA Technologies Advanced Authentication To Provide A Robust Security Service From The Cloud
30. Entire Cryptome whistleblowing site hacked by Blackhole exploit kit
31. Iran locks off large portions of the Internet during increasingly heated international standoff
32. Evil Shadow Team hacks Microsoft India
33. Turning Mobile Devices Into University Dorm Keys

1. Microsoft India web store ‘hacked by Chinese group’
   Evil Shadow Team pounces, claims it uncovered passwords: Microsoft appears to have had its Indian web store broken into and user login credentials stolen by Chinese hackers.
2. Google locks Wallets no new customers for now
   Speed bump on the road to wireless payments: Google has suspended the provisioning of pre-paid cards into its electronic wallet, preventing the use of stolen cards but equally preventing new customers from signing up.
3. Microsoft to send users 4 critical patches on Valentine’s Day
   Sealed with an XSS: Microsoft plans to publish nine updates next Tuesday four of which are critical as part of a Valentine’s Day edition of its Patch Tuesday update cycle.
4. Penang fraud gang ‘ringleader’ snared by Taiwan police
   Gang man Huang banged up: The suspected ringleader of an internet and telephone fraud gang based in Penang, Malaysia, has been nabbed by police after being lured to Taiwan by his former gang-mates, it has emerged.
5. Airport bomb Twitter joker in second fine appeal bid
   Judges deliberating whether or not to quash conviction: Paul Chambers, the Twitter joker turned misdemeanour conviction martyr, returned to court on Wednesday to launch a second appeal against a conviction over a “threatening message” to blow Doncaster’s Robin Hood Airport “sky high”.
6. Six ways to prevent drive-by download malware attacks
7. TicketWeb security breached by fake Adobe scammers
8. Congress Left in Dark on DOJ Wiretaps
9. Media Decoder: A New Tool in Protecting Online Privacy
10. Disruptions: Anger for Path Social Network After Privacy Breach
11. Rupert Murdoch to meet with Sun staff after corruption arrests: sources
12. Google Wallet PIN System is Secure, Google Claims
13. DDoS Attack Tools, Service Help Target Organizations: Arbor Networks
14. Whitelisting Gives Employees Choice While IT Retains Security Control
15. 6 Ways to Defend Against Drive-by Downloads
16. Canada has a responsibility to do more to protect the Web: security researcher
17. Canada has a responsibility to do more to protect the openness of the Web: security researcher
18. Syrian regime using car bombs as diversion, rebels say
19. Hackers claim attack on CIA site
20. Anonymous: CIA website taken down
21. The Pirate Bays Peter Sunde: Its Evolution, Stupid
22. Android botnet may net millions yearly for its operators
23. ControlScan Launches ProTect Managed Security Services
24. Telus earnings miss expectations
25. Occupy DC Evicted From A Winter of Communal Discontent
26. Cyber-Security and Tax Breaks: Is it Worth the Cost?
27. Two men arrested in Hawkesbury food bank theft
28. This is the poem that got a Chinese activist seven years in jail
29. No third-party code on the Windows on ARM desktop means no plugins for Internet Explorer
30. Hacker Says He Compromised Intel, Gained Private Info
31. Google Wallet PIN on Android Devices Can Be Cracked
32. Harper to China: Well sell you our oil and gas, but our principles arent for sale
33. Iran reportedly blocking encrypted Internet traffic
34. Russian space engineer gets 13-year sentence for selling secrets to CIA
35. SNC-Lavalin executives tied to Gaddafi family lose jobs
36. 156 e-mail addresses and usernames, home addresses, home phone numbers and cellphone numbers of current and former police chiefs in West Virginia dumped on the Internet
37. Three logins/passwords as well as 540 e-mail addresses dumped on the Internet

1. Collaboration Fuels Rapdid Growth of Citadel Trojan
   Late last month I wrote about Citadel, an “open source” version of the ZeuS Trojan whose defining feature is a social networking component where users can report and fix programming bugs, suggest and vote on new features in upcoming versions, and generally guide development of the botnet malware. Since then, I’ve been given a peek inside that social networking space, and it suggests that Citadel’s collaborative approach is fueling rapid growth of this new malware strain.

   A customer who bought a license to the Citadel Trojan extended an invitation to drop in on that community of hackers. Those who have purchased the software can interact with the developers and other buyers via comments submitted to the Citadel Store, a front-end interface that is made available after users are validated through a two-step authentication process.

2. EU competition chief threatens patent war smackdown
   Tough-talking Almunia will take mobile giants to task: European anti-competition chief Joaquin Almunia has warned that the EU won’t stand for any messing about with technology standards-related patents.
3. Google Wallet falls open after casual hack
   Crack the PIN? No, just hit reset: Turns out it’s not necessary to decrypt the PIN, or even hack into Google’s Wallet, just ask the phone nicely and it will let anyone root though its innards.
4. Malware devs embrace open-source
   Blackhatters desperate for props from pals, says security firm: Cybercrooks have embraced the open-source model in the development of banking Trojans following the release of source code for the infamous ZeuS cybercrime toolkit last year.
5. Met thumbed through Oyster card data up to 22,000 times in 4 years
   Requests for info on passengers’ movements up 15%: The Metropolitan police has requested Oyster card data relating to citizens and other personal information from Transport for London (TfL) more than 22,000 times since 2008, according to figures published by the capital’s transport authority.
6. Business owner sentenced for E-Rate fraud
   The former owner of two Illinois technology companies was sentenced to 30 months in prison for participating in a conspiracy to defraud a U.S. Federal Communications Commission program to help schools and libraries in poor areas connect to the Internet, the U.S. Department of Justice said.
7. Website operator pleads guilty to terrorist threats
   The founder of several Muslim jihad websites has pleaded guilty to three charges related to making online threats, including threatening the writers of the television show “South Park,” the U.S. Department of Justice said.
8. Hackers target lonely hearts with Valentine’s spam and phishing scams
9. Google Paid Out Over 700K For Security Flaw Detections
10. Valentine’s Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
11. Microsoft to issue nine security updates in February Patch Tuesday
12. Free online privacy tool
13. Active mobile botnet enslaves thousands of Android devices
14. SNC-Lavalin executives tied to Gaddafi lose jobs
15. A Valentine’s Day present for SCADA companies: new exploit tools
16. ‘Do Not Track’ Tool Promises Page Loads Up to Four Times Faster
17. Microsoft’s February Patch Tuesday Fixes 21 Bugs
18. Carnegie Mellon’s Information Networking Institute Launches Online Information Assurance Program For Global Leaders
19. Trojan appears that leverages patched Microsoft Office flaw
20. Bill Opening Supreme Court to Cameras Heads to Senate Floor
21. Google expands security bug bounty program to Chrome OS
22. Texas Jury Strikes Down Patent Trolls Claim to Own the Interactive Web
23. Microsoft issues patch plans, includes Internet Explorer fix
24. eIQnetworks Reports Q3 Financials
25. Akamai Reports Fourth Quarter 2011 And Full-Year 2011 Financial Results
26. F5′s Certified Firewall Protects Against Large-Scale Cyber Attacks On Public-Facing Websites
27. New, Free Online Privacy Tool For Consumers Unveiled
28. Standards body to certify PCI end-user experts
29. Mozilla Asked to Revoke Trustwave CA for Allowing SSL Eavesdropping
30. Microsoft Ruining Valentine’s Day with Nine Security Bulletins
31. A Texas Jury Now Deliberating Who, if Anyone, Owns the Web
32. Hackers Ask ‘Will You Be My Valentine?’
33. Breaches aided by weak passwords, poor AV detection
34. Small DDoS Attacks Just as Damaging as Massive Ones: Radware
35. Dumpster containing full credit card numbers with signature, address, and phone numbers found outside a closed fitness center
36. Files containing patient information found on the ground outside a Charlestown office complex
37. Memory stick stolen from staff contained unencrypted sensitive information on 45 families
38. 23 userids, e-mail addresses, and plain-text passwords as well as 21 first and last names with employee ID numbers and hire dates dumped on the Internet
39. FBI document on Steve Jobs: apparently more than fit for office
40. Security Experts Ask House for Light a Regulatory Touch
41. Citadel banking malware is evolving and spreading rapidly, researchers warn
42. 307 customers’ first and last names, e-mail and postal addresses, phone numbers, dates of birth, and plain-text passwords
43. Sanctions already pushing Iran to the point where it is bartering for food
44. Android Botnet Exploits Gingerbread Root Access
45. Hacked e-mails reveal al-Assad spin
46. Hackers target iPhone manufacturer to protest harsh working conditions
47. Know your Internet bad guys
48. FBI File on Steve Jobs Notes Use of LSD, Dishonesty
49. EPIC Sues FTC Over Google Privacy Policy Flap
50. UK police open three new regional cybercrime hubs

1. Crimevertising: Selling Into the Malware Channel
   Anyone who’s run a Web site is probably familiar with the term “malvertising,” which occurs when crooks hide exploits and malware inside of legitimate-looking ads that are submitted to major online advertising networks. But there’s a relatively new form of malware-based advertising that’s gaining ground — I’m calling it “crimevertising” for lack of a better term — that involves running otherwise harmless ads for illicit services inside of commercial crimeware kits.

   At its most basic, crimevertising has been around for many years, in the form of banner ads on underground forums that hawk everything from hacking services to banking Trojans and crooked cashout services. More recently, malware authors have started offering the ability to place paid ads in the administrative panesl that customers use to control their botnets. Such placements allow miscreants an unprecedented opportunity to keep their brand name in front of the eyeballs of their target audience, and for hours on end.

2. UK cops set up new 30m bases to nail cybercrooks
   They’re proper champion e-bobbies: The UK is to establish three regional policing e-crime hubs as part of efforts to boost the capability of British police to tackle the growing problem of cybercrime.
3. Google Wallet PIN security cracked in seconds
   Luckily no one important is using it: A researcher at website categoriser zvelo has discovered Google Wallet’s PIN protection is open to a brute-force attack that takes seconds to complete. And Google is powerless to fix the problem, it seems.
4. Foxconn said to have been hacked by group critical of working conditions
   Hackers claimed to have stolen internal data from Apple supplier Foxconn, and leaked the information online, in response to media reports of poor working conditions at the electronics manufacturer’s factories in China.
5. Trustwave admits crafting SSL snooping certificate
   Allowing bosses to spy on staff was wrong, says security biz: Certificate Authority Trustwave has revoked a digital certificate that allowed one of its clients to issue valid certificates for any server, thereby allowing one of its customers to intercept their employees’ private email communication.
6. Hackers claim to have penetrated Foxconn backdoor
   We don’t care about iPhones or workers, only lulz: It had to happen eventually. Controversial hardware manufacturer Foxconn was reportedly hacked late on Wednesday and a heap of staff email log-ins and intranet credentials posted online which could allow third parties to lodge fraudulent orders.
7. Google to pay users to track their movements online
   Amid widespread concern about its new privacy policies, Google is now facing criticism over an offer to give users Amazon gift certificates if they open their Web movements to the company in a program called Screenwise.
8. EPIC sues FTC over Google privacy plan
   The Electronic Privacy Information Center has filed a lawsuit against the Federal Trade Commission to force the agency to take action against Google over planned changes in collecting personal data.
9. Path runs screaming from privacy snafu
   We meant to copy your address book but we didnt think youd mind: After sparking an outcry and arguably putting itself on the wrong side of privacy laws outside America ex-Facebooker and now CEO of Path, Dave Morin, has blogged an apology.
10. EU to strengthen its cybersecurity watchdog
    A push by European authorities to strengthen the European Union’s cyber security watchdog has been given a green light by parliamentarians.
11. Chrome to weed out dodgy website SSL certificates by itself
    Ditched online checks like ‘seat belt that snaps when you crash’: Google will drop online checks for revoked website encryption certificates in future versions of its Chrome browser after it decided that the process no longer offers any tangible benefits.
12. Mozilla explains user-tracking proposal for Firefox
    Telemetry has no UUID, Metrics Data Ping might: In a story published yesterday your humble Reg writer wrongly confused Mozilla’s Telemetry project with the open-source outfit’s so-called Metrics Data Ping proposal. Mozilla has been in touch to clear things up.
13. LinkedIn offers MORE SECURE hobnobbing option
    Social-network-for-suits finally gets some SSL love: LinkedIn is now gradually rolling out secure browsing for its social-networking-for-suits service.
14. The evolution of targeted attacks and exploit kits
15. Cybercriminals tailoring tactics for maximum appeal
16. G Data InternetSecurity 2012 review
17. Google ships Chrome 17, touts more malware alerts and page pre-loads
18. Chrome 17 released, will preload autocompleted URLs as you type
19. Critics slam SSL authority for minting certificate for impersonating sites
20. Que. to investigate possible security breach in Montreal police
21. Court Revives Challenge to No-Fly List
22. Tim Berners-Lee Takes the Stand to Keep the Web Free
23. New Privacy, Security, Anti-Tracking Software For Internet Explorer
24. MasterCard And Silver Tail Systems To Bring Online Fraud Solutions To U.S.
25. Hacktivist-led DDoS is now the most common type, study finds
26. Role-Based Encryption Provides Data Protection For Enterprises
27. Survey: Mobile Computing Is The “New Normal” For Federal Employees
28. Angry Apple customers plan global petition
29. New Data Shows Rapid Surge In Phishing Email
30. Splunk Launches Big Data Security Solution
31. M86 Security Releases New Biannual Labs Report
32. SIA Comments To FTC On Benefits Of Facial Recognition Technology
33. SailPoint AndSymantec Partner To Integrate the Leading Identity Governance And Data Loss Prevention Solutions
34. Beware Of Valentine’s Day Infections, Warns PandaLabs
35. EU to stengthen its cybersecurity watchdog
36. Antivirus software powerless to stop data breach attacks, study finds
37. Apple, Google tackle app stores
38. Patent Troll Claims Ownership of Interactive Web And Might Win
39. Adobe Flash Player Protected Mode Beta Released for Firefox
40. Regional cybercrime hubs launched

1. Forcing Flash to Play in the Sandbox
   Adobe has released a public beta version of its Flash Player software for Firefox that forces the program to run in a heightened security mode or “sandbox” designed to block attacks that target vulnerabilities in the software.

   Sandboxing is an established security mechanism that runs the targeted application in a confined environment that blocks specific actions by that app, such as installing or deleting files, or modifying system information. The same technology has been built into the latest versions of Adobe Reader X, and it has been enabled for some time in Google Chrome, which contains its own integrated version of Flash. But this is the first time sandboxing has been offered in a public version of Flash for Firefox.

2. Marlinspike asks browser vendors to back SSL-validator
   ‘Convergence’ open source dev needs vendors to balance the load: Analysis Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials.
3. Heathrow facial recognition tech stalled by borders fiasco
   Airport’s scanner rollout to miss Olympics target: Heathrow airport may now not get facial recognition technology at all five of its terminals in time for the Olympics as planned, according to the Financial Times.
4. Move over cybercrims, DDoS now protesters’ weapon of choice
   Attackers swap rifles for machine guns with laser sights: Ideological hacktivism has replaced cybercrime as the main motivatation behind DDoS attacks, according to a study by Arbor Networks.
5. Symantec expects Anonymous to publish more stolen source code
   Symantec today confirmed that the pcAnywhere source code published on the Web Monday by hackers who tried to extort $50,000 from the company was legitimate.
6. TRENDnet home security cam flaw exposes thousands
   Just when you thought you were alone in the bath: TRENDnet has acknowledged a flaw that meant that live feeds from its home security cameras were accessible online without needing a password.
7. USER-TRACKING Firefox sparks Mozilla civil war
   Devs spar over user ID numbers in phone-home Telemetry code: Mozilla coders are arguing among themselves about the open-source outfit’s Telemetry project, which was designed to monitor Firefox usage metrics. Several coders in the Mozilla camp have expressed concern about how some developers are proposing Telemetry should collect data from users of the browser.
8. Denial-of-service attacks are on the rise, anti-DDoS vendors report
   Both the number and volume of distributed denial-of-service attacks are increasing, according to new reports from DDoS mitigation companies Prolexic and Arbor Networks.
9. Fidelis Security Platform Combines SSL Inspector and XPS
10. Trigger-happy Obama fires marshmallow gun in White House
11. Anonymous exposes e-mails of Syrian presidential aides
12. 100 refurbished Xoom tablets contained previous owners’ personal data
13. Hackers hit Greek ministry website
14. Symantec code posted despite attempt to trap suspect
15. This bill is no SOPA
16. Federal Standards Body Focuses On Big Data, Cloud
17. Google Bouncer Won’t Block All Android Malware
18. MasterCard announces product future around EMV
19. Judge Refuses to Shut Down Online Market for Used MP3s
20. Flaw in Home Security Cameras Exposes Live Feeds to Hackers
21. Hackers Release Symantec Source Code After Failed $50K Extortion Attempt
22. DDoS attacks motivated by politics not criminality, Arbor Networks finds
23. Four ways to protect your intellectual property
24. Death toll from Europes cold snap hits 400 as explosive experts called in to break up Serbian ice
25. Most DDoS motivated by politics not criminality, Arbor Networks finds
26. Symantec pcAnywhere Code Leaked After $50,000 Payoff Deal Collapses
27. Update on the Kelihos botnet

1. Conclusive PROOF of human activity causing glacier to VANISH
   Captain Prat blagger cuffed with hot ice slung in cooler: Even the Intergovernmental Panel on Climate Change has had to walk back on the idea that the world’s glaciers will all be gone within decades due to human-caused carbon powered global warming: but news has now emerged showing that in at least one case human action has absolutely indisputably led to the disappearance of large chunks of glacier.
2. Hackers spunk ‘pcAnywhere source’ after negotiation breakdown
   ‘Fed posing as Symantec worker’ offered $50k to activists: Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec’s pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and “a federal agent posing as a Symantec employee”.
3. 5 ways to secure your Facebook profile in a post-Timeline world
   The new Timeline layout introduces some changes that may mean you’re suddenly sharing more than you should. Here’s how to lock down Facebook without going overboard.
4. Avast! Mobile Security
   Prepare to repel boarders: Android App of the Week The security or lack thereof of the Android platform – real or imagined – is a common topic of conversation at the moment so it seems like a good time to take a look for a comprehensive security app. My preferred choice is Avast!.
5. Anonymous claims to have released source code of Symantec’s pcAnywhere
   Hacker group Anonymous claimed late Monday that the source code of Symantec’s pcAnywhere had been uploaded on The Pirate Bay site.
6. Adobe adds Flash sandboxing to Firefox
   Hackers bypass it in 3, 2: Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Googles Chrome browser.
7. Anonymous releases law firm’s emails about Haditha killings
   Hacked lawyers who defended Marine over Iraqi deaths: Anonymous has leaked a trove of emails relating to the deaths of 24 Iraqi civilians at Haditha after hacking into a law firm’s systems.
8. Kelihos botnet still dead, say Microsoft, Kaspersky
   Contrary to reports, the Kelihos botnet has not crawled out of the grave, Microsoft said last week. But the company acknowledged that a new botnet is being assembled using a variant of the original malware.
9. Avast false alarm hits Steam’s weekend gamers
   ‘I am sworn to carry your burdens’: Freebie anti-virus scanner Avast falsely identified an executable associated with the popular Steam gaming platform as a Trojan on Sunday.
10. 4 keys for IP protection
    Do you think data breaches are up or down in 2011 compared to 2007 or 2008? The official answer may surprise you. According to DatalossDB and the 2011 Data Breach Investigations Report [PDF link] by Verizon, the number of records compromised per year has been decreasing since its 2008 peak. But these reports are missing something very important. It all comes down to what is reported. Last year I met with more than 450 CIOs and CSOs, and almost all of them said that incidents are way up. New breaches are constantly making headlines, so why is there a discrepancy between our perception and what these reports are finding?
11. Avira Internet Security Suite 2012 review
12. Convincing tax-themed spam leads to malware
13. Anonymous takes down DHS website in hacking spree
14. Data breach? Blame your third party’s remote access systems
15. Google, Microsoft Survival Conflict With Internet Data Privacy
16. Kelihos botnet dead but malware evolved, say Microsoft and Kaspersky
17. DreamHost websites abused by spammers following security breach
18. US hospital hit by data-stealing malware
19. Google to strip Chrome of SSL revocation checking
20. Israeli Ad Jokes About Attacks Against Irans Nuclear Facilities
21. Trendnet flaw hits home net cams
22. Deadline looms to remove click-fraud malware
23. Employee or Employer: Who Owns the Twitter Followers?
24. Employee accessed the records of twelve injured workers without a justifiable work purpose over a three-year period.
25. Law firm that defended Marine still smarting from Anonymous attack
26. Radical cleric, alleged bin Laden aide Abu Qatada to be released on bail in U.K.
27. Torrent Search Engine BTJunkie Voluntarily Shuts Down
28. Cyber-Legislation Bill Approved by House, Senate Prepares its Own
29. 17 names, usernames, and plain-text passwords dumped on the Internet
30. 1,670 patients had data on stolen computer
31. Unauthorized access or disclosure of 771 patients’ records
32. Unauthorized access/disclosure of 11,081 patients’ information
33. Stolen laptop contained names, Social Security Numbers and pre-employment work-fitness test results of 870 patients
34. Approximately 2,000 patients’ names, phone numbers, dates of birth, diagnoses and MCPN internal account numbers accessed by hacker after employee responds to phishing attempt
35. 1,500 podiatry patients’ personal and medical details on stolen laptop
36. Laptop stolen during office burglary contained names, dates of birth, medical record numbers, insurance and Medicaid numbers, billing codes and authorization status for 2,070 patients
37. Patient information left/lost on a train
38. Defendant Ordered to Decrypt Laptop May Have Forgotten Password
39. Hungarian Citizen Sentenced In Maryland to 30 Months in Prison for Hacking into Marriott Computers To Extort Employment From The Company
40. Report: Smaller DDoS Attacks Can Be Deadlier
41. Malware automates storing of data haul on file-hosting site SendSpace
42. Hundreds of DreamHost websites abused by spammers
43. The cost of bolstering U.S. infrastructure cyber-protection
44. Ranking countries cyberattack preparedness
45. Bill would allow DHS to impose cybersecurity standards
46. New Android Malware Has Costly Twist
47. Trojan rounds up and steals Word and Excel docs
48. Syrian forces hammer Homs, kill dozens more after UN peace plans blocked
49. Interpol Preps Gobal Cybercrime Center
50. Malware hijacks file host SendSpace to steal information

1. BTJunkie closes shooting gallery
   ‘My life is officially ruined’: Popular torrent search engine BTJunkie nothing to do with BT is voluntarily closing, according to a notice posted on the site, without offering a reason. The site has indexed other torrent trackers since 2005, and was the fifth most popular Torrent site.
2. Job-seeking Marriott hacker gets 30 months’ porridge
   Nabbed and jailed after Secret Service sting: A job-seeking Hungarian hacker who tried to land work with Marriott by hacking into the hotel chain’s network before “offering” to sort out the resulting mess has been found guilty of hacking and attempted extortion and jailed for 30 months.
3. MPs rattle telcos to help kill extremist material online
   ISPs once again asked to police interwebs: Internet service providers must do better at removing violent material from websites, a group of MPs thundered today.
4. Hackers may be able to ‘outwit’ online banking security devices
   Investigators probe malware threat to 2-factor authentication: Hackers may already able to use malware to outwit the latest generation of online banking security devices, security watchers warn.
5. Hungarian hacker gets 30 months for extortion plot on Marriott
   A Hungarian hacker who attempted to extort money from Marriott International Inc. by stealing confidential data from its computers and threatening to expose it was sentenced to 30 months in prison.
6. Microsoft wraps up ads aimed at Google with IE9 pitch
   Microsoft on Friday wrapped up a three-day campaign against rival Google by claiming its newest browser, Internet Explorer 9, is superior in stopping users from being tracked by online advertisers.
7. Anonymous grabs email from firm that defended Marine in Haditha case
   In what’s turning out to be quite a busy Friday for the hacking collective, Anonymous today said it has broken into the website of a law firm that represented a U.S. Marine accused of killing civilians in Haditha, Iraq.
8. Contact details, crime tips by citizens, and other personal information acquired by hackers; additionally, 1,073 employees’ names, usernames, e-mail addresses, hashed passwords, job titles or position, and phone numbers dumped on the Internet
9. 4,933 e-mail addresses and hashed passwords dumped on the Internet
10. BMO breached their privacy, customers say
11. Google Chrome most secure browser, says German government
12. Smaller DDoS attacks can be deadlier than big ones
13. Critical infrastructure operators must double cybersecurity spending: report
14. Hungarian hotel hacker sentenced to 30 months in prison
15. Facebook hackers use fake attack on Iran to spread malware
16. Google Android Market finally checked for malware by Bouncer scanner
17. Viral Facebook spam campaign delivers malware
18. DND being ripped off by contractors, union alleges
19. FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections Remain
20. State of SCADA Security Worry Researchers
21. ‘Anonymous’ hackers’ antiracist campaign goes too far: Critics
22. Motorola Xoom Tablets Sold With User Data on Woot
23. Lost memory stick contained personal details of 1,075 young children attending schools in the Dunbar area
24. Group linked to Anonymous claims cyber attack against Swedish government
25. Syrias bloodiest day as forces kill more than 200 in Homs, UN to push Bashar al-Assad to step down
26. Google Bouncer Gives Android Market Some Security Muscle
27. As brands tap into power of social media, Facebook reaps the rewards
28. Researchers Need to Focus on Defenses, Not Bug Hunting: Adobe
29. VeriSign Breach Not A Surprise, Attackers Target Everyone
30. Facebook malware scam takes hold
31. Google Privacy Policy Changes Concern Congress, Europe
32. Kelihos botnet remains very much dead after all
33. U.S. soldier sent to trial in WikiLeaks case
34. Facebook Scammers Create Fake Profiles to Spam Users, Clickjacking
35. Anonymous raids law firm over its defense of Marine
36. Bradley Manning to Face All Charges in Court-Martial
37. FBI call gives clues into Anonymous, LulzSec probes
38. Anonymous publishes confidential FBI phone call about hacking
39. Rogers vows to cease Internet throttling
40. Oklahoma Lawmaker Proposes Tax on Violent Video Games
41. DLP Technologies Not Sufficient for Enterprise Without User Buy-In
42. Google’s New ‘Bouncer’ Targets Android Market Malware
43. 2,061 usernames, encrypted passwords (some plain-text) and e-mail addresses dumped on Internet
44. 4,933 e-mail addresses and MD5 passwords dumped on the Internet
45. Mailing error exposed 2,038 taxpayers’ Social Security numbers to other taxpayers
46. 608 clients’ files with account application information missing from storage
47. With the enemy at the gates, Bashar al-Assad was dining out: Analysis
48. Google reveals Android malware ‘Bouncer,’ scans all apps
49. FAQ about the VeriSign data breaches
50. Anonymous releases recording between FBI, UK law enforcement

1. Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan
   More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies, new research shows.

   The malware, known as the “DNSChanger Trojan,” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.

2. Satellite phones lift skirt, flash cipher secrets at boffins
   Security though obscurity fails yet again: Researchers at the Ruhr-University Bochum have managed to extract the secret encryption algorithmns used by satellite phones, and discovered that it’s a lot less secure than one might hope.
3. ‘We’re totally in LA pissing people off’
   Plus ‘The horror!’: Quotw This was the week when Facebook finally filed for its IPO.
4. Tiff over LightSquared reveals odd partnership
   LightSquared founder Philip Falcone’s response to ethics allegations by a U.S. senator sheds some light on a strange chapter in the carrier’s ongoing bid to build a controversial cellular data network.
5. Half of Fortune 500 firms infected with DNS Changer
   Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the “DNS Changer” malware that redirects users to fake websites and puts organizations at risk of data theft, a security company said today.
6. VeriSign admits multiple hacks in 2010, keeps details under wraps
   VeriSign, the company responsible for guiding most of the world’s Internet users to the correct websites and once the largest encryption certificate issuing authority, was successfully hacked several times in 2010.
7. Verisign admits 2010 hack attack, mum on what was nicked
   SEC filing shows BOFH cover-up: Verisign has admitted in an SEC filing that it suffered numerous data breaches in 2010, but that management wasnt informed by staff for nearly a year after they occurred.
8. Symantec: We’ve plugged up pcAnywhere holes
   Security giant tries to draw line under source code soap opera: Symantec has said its pcAnywhere remote control software is once again safe to use, following the release of its latest security patch.
9. Kelihos botnet BACK FROM THE DEAD
   Bloodied spam-spewing zombie staggers in: The spam-spewing Kelihos botnet has returned from the dead.
10. OFFICIAL: Smart meters won’t be compulsory
    No offence to refuse in Blighty: Vid So-called ‘smart meters’ will not be mandatory, the energy minister has confirmed. The pledge was made by Charles Hendry last Thursday, and confirmed to us by the Department of Energy and Climate Change today.
11. Concerned about online privacy? FBI says you might be a terrorist
12. Microsoft researchers say anonymized data isn’t so anonymous
13. Google finally scans malware-ridden Android Market
14. Google reveals it is already scanning Android apps for malware
15. Iran is an urgent nuclear threat: CSIS
16. VeriSign Management was ‘Out of the Loop’ About 2010 Data Breach
17. VeriSign Hacked: What We Don’t Know Might Hurt Us
18. Peter Foster: Two-faced book
19. Attacks could steal HTC Wi-Fi codes with malicious app
20. Online Market for Pre-Owned Digital Music Hangs in the Balance
21. Google using custom malware scanner for Android apps
22. Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet
23. Apple Fixes 52 Bugs in OS X Snow Leopard, Lion in Security Update
24. At long last, malware scanning comes to Google’s Android Market
25. EFF ready to sue if “innocent customers” can’t get Megaupload data back
26. Donald Trump endorses Mitt Romney
27. WikiLeaks Julian Assange extradition ruling over alleged sex crimes may jeopardize other cases: lawyer
28. VeriSign, maintainter of net’s DNS, warns it was repeatedly hacked
29. VeriSign 2010 Hack: DNS Data Theft A Possibility
30. VeriSign admits it was hacked in 2010 but managers not told
31. Contact details, crime tips by citizens, and other personal information acquired by hackers; additionally, 1,073 employees’ names, usernames, e-mail addresses, MD5 passwords, job titles or position, and phone numbers dumped on the Internet
32. Bogus Facebook accounts always female, new study finds
33. Security breaches impacting VeriSign emerge in filing
34. Employee skimmed and sold 50 customers’ credit card numbers
35. Names, dates of birth, sickness information and work contact numbers of employees were published on the internet.
36. Lost memory stick contained personal details of young children attending schools in the Dunbar area
37. Customers’ personal details and encrypted credit card numbers with expiration dates may have been accessed by hacker
38. Bogus Facebook accounts easy to spot, new study finds
39. Symantec Shouldn’t Backpedal on Android ‘Malware’
40. More than 50 customers’ credit card numbers exfiltrated by virus incurred fraudulent charges
41. County’s web portal for public hacked; 250 residents’ email addresses, user names and passwords accessed
42. Facebooks looming mobile conundrum
43. Yubico And CloudPassage Bring Easy, Secure Two-Factor Authentication To Cloud Servers
44. SocialShield Releases the Top Social Networking Terms Kids Don’t Want Their Parents To Know
45. VeriSign Hit by Hackers in 2010
46. Palin hacker appeal rejected
47. Supreme Court of Sweden Upholds Pirate Bay Prison Sentences
48. 1,219 patients notified that flash drive stolen from pathologist’s car
49. Detecting the DNS Changer malware
50. Malware redirects bank phone calls to attackers

1. Whos Behind the Worlds Largest Spam Botnet?
   A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. The latest casualties? Several individuals likely responsible for running Grum, currently the world’s most active spam botnet.
2. Demand for safety kitemark on software stepped up
   MPs want new standard plus web security schooling: The government and industry ought to do more to promote online safety, according to an influential panel of MPs.
3. Met’s email hack probe turns spotlight on The Times – MP
   Scotland Yard keeps mum: Scotland Yard officers investigating allegations of computer hacking by News International staff have declined to “give a running commentary” on their probe, batting away MP Tom Watson’s narration of the saga.
4. Facebook warns investors of potential SPAM DELUGE
   IPO filing: Spamvalanche could kill us: Facebook has been the first internet company to baldly state the risks it faces from hacking and spam to the markets since the SEC issued guidance on the issue.
5. New Trojan routes your bank’s calls to CROOKS
   That’s right, I really just ordered 10 plasma tellies…: Devious cybercrooks have developed a banking Trojan that is capable of redirecting calls your bank has made to verify suspicious transactions straight into the waiting handsets of professional criminal caller services.
6. Fairfax bunkers down after alleged hack
   Privacy Commissioner wakes up: Two Fairfax sites remain offline this morning after they were apparently compromised, with the possible loss of credit card information.
7. WikiLeaks’ Assange takes appeal to U.K. Supreme Court
   WikiLeaks founder Julian Assange launched his appeal in the U.K. Supreme Court on Wednesday in his last attempt in Britain to avoid extradition to Sweden to face sexual assault allegations.
8. Microsoft ad campaign savages Google over privacy
   ‘We are not like them, and hey, why not try IE?’: Microsoft is launching a three-day advertising campaign in the US, offering itself as the privacy-respecting alternative to Google.
9. Will the market like Facebook?
10. MPs call on government to step up malware protection
11. Google, Microsoft Spar Over Privacy Policy Claims
12. Bitdefender Internet Security 2012 review
13. Symantec recants Android malware claims
14. Security breaches driving authentication changes
15. Symantec backtracks from Google Android malware claims
16. Keep calm and log on, MPs argue
17. Charges shed light on alleged plot to smuggle Saadi Gaddafi to Mexico
18. Hacked neo-Nazi websites reveal Canadian connections
19. Facebook Discloses Hacking, Spam as Business Risks in IPO Documents
20. Wave Systems Launches Cloud-Based Encryption Management Platform
21. A timeline of Facebooks meteoric ascent
22. Trojan Targets Industry, Government with Fake Conference Invitations
23. Apple Store employee reportedly being spied on via iMessage bug
24. Facebook files for US$5-billion IPO
25. Backupify Announces Security Best Practices, Adds Multiple Layers Of Protection To Cloud Application Data Backup
26. Vulnerabilities Reported In Mac Encryption Products
27. CloudPassage Launches Network Security In The Cloud Inbox
28. Mexico files charges in alleged Saadi Gaddafi smuggling plot involving Canadian woman
29. WordPress attacks try to infect users with dangerous rootkit
30. RFID Credit Cards Are Easy Prey for Hackers, Demo Shows
31. Identity information on at least 187 students found in possession of another student who may have used data for tax refund fraud
32. 392 e-mail addresses and MD5 passwords dumped on Internet
33. 12,374 job applicants and fewer than 500 patients notified that their names, addresses, Social Security numbers and insurance info may have been accessed after virus was discovered on system
34. Meet our new Security Editor and help shape our coverage
35. Kelihos botnet, once crippled, now gaining strength
36. For ‘Malware as a Service’ merchants, business is booming
37. Counterclank Apps To Remain In Android Market
38. Copyright: To the Batmobile!
39. Employees’ 401k data on flash drive lost in the mail; decryption code was in the same mailing but remained in package
40. 160 e-mail addresses and clear-text passwords dumped on Internet
41. 12,456 digital game purchasers notified network intruder intercepted and acquired credit card numbers, expiration dates, security codes, postal and email addresses, and passwords to optional user accounts
42. 1,018 patients notified after laptop stolen from Neurology Dept.
43. Cyber Attacks Becoming Top Terror Threat, FBI Says
44. Internet complaints skyrocket in Canada
45. Ukraine government sites attacked after piracy crackdown
46. Mobile Data Security: 10 Tips to Avoid Prying Eyes at the U.S. Border
47. When will Facebook change its status from private to public?
48. Syria rebels hope Damascus battle will force international allies to act
49. Timeline: Julian Assange and WikiLeaks
50. Kelihos botnet cranks back up after Microsoft attack

1. Romanian cops cuff suspected serial hacker TinKode
   Alleged Royal Navy, Pentagon invader gets keelhauled: Romanian police have arrested a man suspected of breaking into the websites of NASA and the Pentagon in a series of high-profile hack attacks.
2. Expert to finger air steward commentards who ‘harassed’ pilot
   Probe into airline staff forum ‘will not breach privacy rights’: A trade union has been ordered to let an independent expert examine its computer database to try to identify anonymous users of a forum it operated who allegedly defamed and harassed an airline pilot.
3. Trojan smuggles out nicked blueprints as Windows Update data
   Malware backdoors government-targeted kit ‘using Adobe 0-days’: Security watchers have uncovered a new highly targeted email-borne attack that uses a supposed conference invitation as a lure – and disguises extracted data as Microsoft Update traffic.
4. Lawmakers question proposed change to video privacy law
   Let’s say you like to watch heady documentaries over Netflix’s streaming service and would like to share recommendations with your friends on Facebook. Netflix would like to offer that service, but the company says a 24-year-old U.S. law is in the way.
5. In letter to Congress, Google defends privacy changes
   In a letter sent to eight members of Congress, Google yesterday defended its move to consolidate its privacy policies and users’ personal information.
6. Cyberwar report: Israel, Finland best prepared for conflict
   Do GCHQ and the NSA have some catching up to do?: Analysis Israel, Finland and Sweden are more prepared than larger nations to fight a conflict in cyberspace, according to a McAfee-backed cyber-defence study.
7. Virus-slingers abuse WordPress vulns, dose punters with exploit
   Blogs also infected with information-harvesting Trojan: Malware-spreaders are hacking into vulnerable WordPress-powered sites in order to drive traffic towards pages loaded with exploits.
8. Nortel executive faced deluge of data, trial told
9. Romaninan hacker TinKode allegedly arrested
10. “Slain” Kelihos botnet still spams from beyond the grave
11. Trojan found breaking Yahoo CAPTCHA security in minutes
12. Megaupload’s hosting company teams up with EFF to identify legal files
13. Mexican man accused of beating Calgary tourist says he confessed under torture
14. Google to Censor Blogger Blogs on a Per Country Basis
15. Google won’t pull Android apps deemed malicious
16. Rising Cyber-War Threat Forcing Nations to Bolster Defenses: McAfee
17. Country With Most Online Fraud Attempts/How Much Fraud On Mobile Devices Revealed
18. New Survey: Two-Thirds Of Companies Interested In Switching Authentication Vendors
19. Stop SOPA, PIPA Madness: Ways to Sensibly Protect Copyrights
20. Fake Windows updater targets government contractors, stealing sensitive data
21. Obama plays down Iraq drone presence as he confirms Pakistan strikes
22. Megaupload Server Purge Delayed
23. Carder Forced Gang Members to Have Sex to Weed Out Undercover Feds
24. Hackers infect WordPress 3.2.1 blogs to distribute TDSS rootkit
25. Investors Warned of Email Accounts Being Hacked to Illegally Transfer Funds
26. Iran may or may not be building nuclear weapon, but theyre keeping their options open: U.S. intelligence chief
27. Google Tells Congress It is Changing Privacy Policies, Not Practices
28. “Mobile Device Privacy Act” would prevent secret smartphone monitoring
29. Webroot SecureAnywhere Essentials 2012 review
30. IBM Announces New Software to Manage And Secure The Influx Of Mobile Devices To The Workplace

1. Glavmed Sister Program GlavTorg to Close
   A prominent affiliate program that pays people to promote knockoff luxury goods closing down at the end of January. The program — GlavTorg.com — is run by the same individuals who ran the infamous Glavmed and SpamIt rogue pharmacy operations.
2. Warnings About Windows Exploit, pcAnywhere
   Security experts have spotted drive-by malware attacks exploiting a critical security hole in Windows that Microsoft recently addressed with a software patch. Separately, Symantec is warning users of its pcAnywhere remote administration tool to either update or remove the program, citing a recent data breach at the security firm that the company said could help attackers find holes in the aging software title.
3. Many pcAnywhere systems still sitting ducks
   Symantec warns that its product should not be connected directly to the Internet, yet an estimated 140,000 computers are configured to allow direct external access
4. Council fined 140k for leaking kids’ sensitive info
   First Scottish organisation fined by information commissioner: The Information Commissioner’s Office (ICO) has fined Midlothian council 140,000 for disclosing sensitive personal data about children and their carers to the wrong people on five separate occasions.
5. Lawmaker pushes consumer notification bill in wake of Carrier IQ concerns
   U.S. Rep. Edward Markey (D-Mass.) has proposed a bill that would require all phone companies to notify consumers of any user tracking and monitoring software in their cell phones.
6. Feds say Megaupload user content could be deleted this week
   Federal prosecutors say that two companies hosting Megaupload’s servers in the U.S. could begin deleting all user content on them as early as Thursday.
7. Google, Facebook, Microsoft in PHISH-FIGHTING smackdown
   DMARC Brothers back cross-industry standard: Google, Facebook and other internet heavyweights are collaborating together to back a standard designed to curtail phishing by improving the collaboration between legitimate senders and receivers of emails.
8. Sexy Girls Puzzle: Android Trojan or eager ad-slinger?
   Researchers split on Counterclank’s naughtiness: Security researchers are split on the seriousness of an Android “malware” campaign that some estimates suggest may have “infected millions” of smartphones via gaming apps from Google’s Android Market.
9. Accused Kelihos botmaster proclaims innocence
   Andrey Sabelnikov, the Russian programmer accused by Microsoft of creating and operating the Kelihos spam botnet said he’s innocent.
10. Researchers unearth more Chinese links to defense contractor attacks
    Symantec researchers have uncovered additional clues that point to Chinese hacker involvement in attacks against a large number of Western companies, including major U.S. defense contractors.
11. Norton Wants To Help You Remember Your Password
12. Cybersecurity report: All countries lag behind the bad guys
13. Cybersecurity Report Stresses Need for Cooperation
14. Accused Kelihos botmaster Andrey Sabelnikov claims innocence
15. The state of global cyber-readiness
16. UK prepared for cyberattack, but cybercriminals ‘faster and swifter’
17. Council fined for data breaches
18. The Web Application Hacker’s Handbook, 2nd Edition
19. Android.Counterclank an Aggressive Mobile Ad Network, Not Malware: Lookout
20. Google, Microsoft Team Up to Fight Phishing, Spoofed Emails With DMARC
21. Five Ways to Protect Your Email at Work
22. Baltimore-Based Security Provider Lookingglass Raises $5 Million In Funding
23. Megaupload founder Kim Dotcom gets a huge, inflatable tank
24. Accused Kelihos spam botmaster: It wasn’t me, Microsoft
25. New Mobile-Phone Privacy Law Proposed
26. Facebook sues Adscend Media for malware and spam
27. McAfee Updates Mobile Security With Remote Tracking, Data Wipes
28. Hackers put hijacked Web views up for sale for webfraud
29. RIMs dramatically different recycled marketing campaign
30. Obama campaign turns to Square for mobile fundraising
31. CIA Claims Publication of Bin Laden Death Photos Would Trigger Violence
32. Auto/Mate Launches Guard/Mate
33. As Anonymous protests, Internet drowns in inaccurate anti-ACTA arguments
34. Infoblox And CA Technologies Deliver Network Automation And Compliance Capabilities
35. Wave Launches Cloud-Based Encryption Service
36. FDA Accused of Spying on Whistleblowing Employees
37. Survey Of Security And Audit Pros, DBAs Reveals Responsibility Disconnect, Lack Of Management Commitment Impedes Database Security Efforts
38. MetaFlows Announces Software-Based IDPS, Enables IDPS Hardware For 1/10 The Price
39. Ex. Special Forces officers launch India-based threat detection company
40. Megaupload Data Subject to Deletion by Hosting Providers Feb. 2
41. Google, Microsoft, Facebook, Bank of America team to wipe out phishing
42. Android Counterclank: Malware, Or Smartphone Advertising?
43. McAfee and Security & Defence Agenda Release Global Cyber Defense Report
44. Costa Concordia wreck will not be moved until at least the end of the year or longer
45. Android Trojans downloaded by millions, still on Android Market
46. McAfee Announces Next Generation Of Mobile Security Software
47. Keeping on top of financial malware
48. Students used keyloggers on school computers, changed grades
49. Botnet suspect denies involvement
50. Pirate Party of Catalonia wants to sue FBI, in Spain, over Megaupload seizure

1. 4 Sun journos, 1 cop bailed in police bung probe
   Cuffed on suspicion of corruption after tip-off from News Corp: Police officers investigating allegations of illegal payments to cops as part of a larger probe of News International arrested four journalists on Saturday. All four were either current or former hacks at Rupert Murdoch’s tabloid The Sun. Police also arrested a Metropolitan police service officer at the weekend.
2. Microsoft’s Kelihos kingpin suspect: It wasn’t me
   Sabelnikov denies botnet herder allegation: The Russian man named by Microsoft as the mastermind behind the Kelihos botnet has stepped forward to plead his innocence.
3. Google spews out ‘privacy’ email to Sky punters too
   Not just Virgin Media customers fuming over web giant’s intrusion: Sky users have joined Virgin Media subscribers in receiving emails directly from Google about its new privacy policy.
4. Quantum Trojans undermine security theory
   Can dodgy vendors compromise uncrackable security?: A group of English and Canadian researchers has cast doubt on the nascent push to develop device-independent quantum cryptography standards, asserting that such schemes could be undermined by malicious vendors.
5. Students busted for hacking computers, changing grades
   ‘Very bright kids’ too bright for their own good: Three high school juniors have been arrested after they devised a sophisticated hacking scheme to up their grades and make money selling quiz answers to their classmates.
6. Adscend denies Facebook, AG allegations
   Adscend Media, the defendant in lawsuits filed this week by Facebook and the Washington attorney general, on Friday denied the allegations in the complaints and shifted blame to its affiliates.
7. Hawaii legislators bid aloha to controversial data retention bill
   Lawmakers in Hawaii quietly dropped a bill that would have required Internet service providers to collect the browsing histories of Internet users in the state and store the data for at least two years.
8. Google, Microsoft and Facebook battle phishing with new specification
9. Bogus “browser update” pages deliver malware
10. Symantec claims largest ever Android malware find
11. Lookout claims Symantec crying wolf over Android malware
12. City staff to review private messages
13. Twitter buys anti-malware firm
14. “Curious” nurse snooped in 108 patients’ files
15. A hacker aqcuired a “a small portion of payment firm’s European EFT business according to SEC filing
16. Laptops stolen in office burglary contained some clinical and demographic information as well as some Social Security numbers
17. Personal info on former and current customers exposed on the Internet in a spreadsheet that contained Social Security numbers
18. Over 400 clients’ records (but no financial info) on laptop stolen from office
19. Hawaiian University settles data breach lawsuit
20. 2,131 names, usernames, postal and e-mail addresses, phone numbers, and encrypted passwords dumped on the Internet
21. Pro-government hactivists deface Al Jazeera coverage of Syrian violence
22. Hitler painting fetches 32,000 euros in Slovak auction
23. Android Counterclank Malware Assails Android Market: Symantec
24. Boxes full of 2,000 personal medical records including names, addresses, phone numbers and social security numbers in a trash can
25. Student used an application on his cell phone to hack into the school’s computer network
26. EU 24-Hour Data Breach Notification Rule ‘Unworkable’: ATandT Executive
27. Sanctions against Iran may destabilize, topple regime by ratcheting up hassle factor: expert
28. Stealing the Titanic: Artifacts auction draws accusations of grave robbery
29. Security roundup: The triumph of hactivists, the sorrow of Symantec
30. Massive Android malware op may have infected 5 million users
31. Lookout Security rebuts rival’s Android malware claims
32. Google Privacy Policy Update Challenged by Lawmakers
33. Customers names, email addresses, billing and shipping addresses, telephone numbers, credit card information and/or a cryptographically scrambled passwords exposed
34. Man stole numerous customer accounts for more than a year
35. 650,000 names, email addresses, birth dates and nutritional data due to hacked database
36. 2,257 Social Security numbers of living veterans was mistakenly released to Ancestry.com as part of a response to a Freedom of Information Act request
37. Hacker able to view every member’s personal data, photos, pseudonyms and passwords
38. 7,000 full customer names, complete addresses, dates of birth, Social Security numbers, gender, Medicaid identification numbers, case management information and telephone numbers
39. Fraudulent purchases made with information from dozens of locals credit and debit cards
40. Data backup file held by vendor was accessed by an intruder included user names, email addresses and passwords
41. 391 current and former hospital employees names and Social Security numbers posted on website
42. 8,000 Social Security numbers and some credit card numbers of prospective students on a public server
43. SEC Goes After Online Trading Firms That Unwittingly Helped Latvian Hacker
44. Commerce or chaos
45. Anonymous targets Mexican websites
46. Twitter Censorship Move Sparks Backlash: Is it Justified?
47. FINRA advises brokers to bulk up security
48. Univ. of Hawaii settles with 98,000 over five breaches
49. The Lede Blog: Twitter’s New Policy on Blocking Posts Is Attacked, and Defended
50. White House Presses For New Cybersecurity Laws

1. Mr. Waledac: The Peter North of Spamming
   Microsoft on Monday named a Russian man as allegedly the guy responsible for running the Kelihos botnet, a spam engine that infected an estimated 40,000 PCs. But closely held data seized from the world’s largest spam affiliate program suggests that the driving force behind Kelihos is a different individual who is still coordinating spam campaigns for hire.

   Kelihos shares a great deal of code with the infamous Waledac botnet, a far more pervasive threat that infected hundreds of thousands of computers and pumped out tens of billions of junk emails promoting shady online pharmacies. Despite the broad base of shared code between the two malware families, Microsoft classifies them as fundamentally different threats. The company used clever legal techniques to seize control over and shutter both botnets, sucker punching Waledac in early 2010 and taking out Kelihos last fall.

   On Monday, Microsoft filed papers with a Virginia court stating that Kelihos was run by Andrey N. Sabelnikov, a St.

2. Lawmakers question Google on its new privacy practices
   Google’s decision this week to share user data across its online services has caught the attention of eight members of the U.S. House of Representatives, with the lawmakers asking whether the changes will compromise privacy.
3. Google says privacy change won’t affect government users
   Google today dismissed concerns by a former senior federal IT official that its controversial new privacy policy would create problems for customers of Google Apps for Government.
4. European Parliament says its website victim of DDOS attack
   The European Parliament’s website fell under a distributed denial-of-service attack on Thursday in what the organization classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement.
5. European Parliament says its website taken offline by attackers
   The European Parliament’s website fell under a distributed denial-of-service attack (DDOS) on Thursday in what the organization classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement.
6. Google emails Virgin Media subscribers … about privacy
   Infuriated customers want to know how the Goog got their addresses: Fuming Virgin Media customers have taken to the telco’s forum to complain that their email addresses have been used by Google, instead of being kept private.
7. Blackhole crimeware kit drives web threat spike
   Report: Conficker also still causing mayhem: Fake anti-virus scams are on the wane but drive-by-download threats have rocketed over the past year thanks to the hugely popular Blackhole crimeware kit, while Conficker remains prolific some three years after its release, according to Sophos.
8. EU regulators drop legal case after UK implements ePrivacy legislation
   European regulators have dropped a legal case against the United Kingdom over failure to implement ePrivacy laws saying that changes in UK legislation fixes the problems.
9. Pwn2Own 2012 touts bigger prizes, drops mobile hacks
   Make $60,000 with a few carefully injected bytes: Organisers of security conference CanSecWest have changed the rules for the next outing of its Pwn2Own computer hacking contest.
10. O2 3G stops giving punters’ mobile numbers to websites
    HTTP header blooper stamped out within hours after outcry: After a flurry of complaints, O2 engineers appear to have shut off the proxy server quirk that leaked to websites the phone numbers of punters browsing the net on 3G connections.
11. Costa Concordia company offers $14,400 in compensation to cruise ship passengers
12. 6 security companies to watch
13. Are You at Risk? What Cybercriminals Do With Your Personal Data
14. FTC Commissioner Talks Online Privacy, Puts Data Brokers on Notice
15. Protect sensitive data on Mac OS X, Windows and Linux
16. Perplexing malware served on social welfare site
17. Zscaler launches free link malware scanner Zulu
18. Rockets hit Pakistan academy near bin Laden home
19. End of the Big TV package era
20. Verdasys Offers Enterprise Data Leak Protection as Managed Service
21. Eight Reasons Anonymous Should Welcome Glenn Beck With Open Arms
22. Symantec: We Didnt Know in 2006 Source Code Was Stolen
23. Google privacy policy changes raise concerns
24. Drones: Barack Obamas weapon of choice against terrorism
25. We’re losing control of our digital privacy
26. European parliament website under cyber attack
27. UVic hard drives recovered with thieves’ note
28. Study: BlackHole appears, Conficker remains
29. Railroad Association Says Hack Memo Was Inaccurate
30. The Fast, Fabulous, Allegedly Fraudulent Life of Megauploads Kim Dotcom
31. EU 24-hour Data Breach Notification Rule Unworkable:` ATandT Executive
32. Symantec suspected Anonymous code breach back in 2006
33. Wikipedia and Orange partner to bring free access to developing world
34. Malicious MIDI files lead to rootkit malware
35. Web attacks peak at 38,000 an hour
36. Catbird Unveils vSecurity 5.0 for Virtualized and Cloud Computing
37. Google Centers Privacy Policies Around Google+

1. Symantec’s profits up in calm third quarter
   Growth in security and compliance keeps ship steady: CEO Enrique Salem stands crisp and smart on the poop deck of the good ship Symantec, looking back at a straight course and ahead to more growth. It’s a pretty unexciting third quarter story really.
2. Google stirs up privacy hornet’s nest
   Google has whipped up a privacy brouhaha with a blog post announcing that the company is rewriting its privacy policy, consolidating user information across its services.
3. Threatened by Anonymous, Symantec tells users to pull pcAnywhere’s plug
   Symantec this week told users of its pcAnywhere remote access software to disable or uninstall the software while it fixes an unknown number of bugs.
4. Accused Kelihos botmaster’s former employer ‘angered’ at revelation
   A security-related company that until late December employed the Russian developer who allegedly created the Kelihos botnet said today it was ‘extremely disappointed and angered’ at the revelation.
5. Final phase of Mass. data protection law kicks in March 1
   All companies storing personal data on Massachusetts residents have until March 1 to ensure that their contractors, suppliers, technology providers and other third parties comply with a new provision of the state’s data breach law.
6. IT pros say data breach assessment is more valuable than notification, study says
   IT professionals believe that assessing the potential harm caused by data breaches is more useful to mitigating the effects of such incidents than notifying affected individuals, according to a survey published on the day the European Union’s proposed a 24-hour deadline for data breach disclosures.
7. Why O2 shared your mobile number with the world
   And why they’ll probably do similar again: O2 has been sharing customers’ phone numbers with every website they visited, but O2 isn’t the only offender – it’s just the one that slipped up and got caught.
8. OpIreland hackers spank gov sites as ‘Irish SOPA’ nears
   Angry hacktivists land on Irish shores: Anonymous took out several key Irish government websites last night and promised more disruption to come in retaliation for new SOPA-like legislation which it claimed would make it easier for copyright-holders to block access to file sharing and other sites in the country.
9. pcAnywhere let anyone anywhere inject code into PCs
   Symantec plugs holes in desktop remote-control tool: Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws.
10. Is Google evil? Not really
11. User error is the biggest threat on the Internet
12. 2011 ‘eventful year for Mac malware’
13. Intego: 2011 offered bumper crop of Mac malware
14. Critics: EU’s proposed data protection rules could hinder Internet
15. Data breach harm assessment ‘more important than telling victims’
16. Malicious QR codes and the persistence of rootkits
17. Sophos Endpoint Anti-Virus 10 review
18. 1.8 million customers Social Security numbers, dates of birth and, in some cases, financial institution account numbers compromised
19. Symantec Warns pcAnywhere Users to Disable Tool Due to Source Code Theft
20. Europe proposes a “right to be forgotten”
21. Anonymous Goes After World Governments in Wake of Anti-SOPA Protests
22. Attackers Using DNS Poisoning to Hijack Website Domains, Divert Traffic
23. Secret Government Talks Create Treaty Stricter Than SOPA, PIPA
24. Symantec: Anonymous stole source code, users should disable pcAnywhere
25. EU Proposed New Data Privacy Laws to Impact U.S. Internet Giants
26. US has already flexed cyberwar muscle, says former NSA director
27. “Blackhole” toolkit dominates Web malware attacks, says Sophos
28. Google Privacy Policies Rile Users, Regulators With Zero Opt-Out
29. Harper to tout capitalism, Canadian oil at World Economic Forum
30. Symantec admits stolen source code impacts pcAnywhere
31. Symantec admits stolen source code impacts pcAnywhere users
32. Legality of Mobile Phone Tracking Still Unclear Despite Supreme Court GPS Decision
33. QNX: RIMs last hope?
34. Bail Denied for Megauploads Kim Dotcom
35. SCADA Systems in Railways Vulnerable to Attack
36. Are CIOs Championing Consumer Tech?
37. IT pros believe data breach harm assessment is more valuable than victim notification, study says
38. FireHost’s European-Based Secure Cloud Hosting Services Go Live
39. Sophos Reveals Assessment On Threat Landscape In Security Threat Report 2012
40. Dome9 Unveils Industry First Multi-Cloud Security Groups
41. Mobile Marketing Association Releases Final Privacy Policy Guidelines For Mobile Apps
42. 7 Tools To Tighten Healthcare Data Security
43. Microsoft Names Alleged Kelihos Botnet Operator
44. Anonymous Cons Web Users Into Joining DDoS Attacks With Camouflaged Links
45. DreamHost, T-Mobile Data Breaches Compromise User Passwords
46. Security Best Practices Reduce Downtime From Cyber-Attacks: Survey
47. Apple malware became more sophisticated in 2011
48. “Frankenmalware” active in the wild
49. Megauploads Kim Dotcom displays mischievous sense of humour
50. As Libya victory high ends, claims of violence and torture escalate

1. Thank you Chris Dodd
   The web is buzzing with contempt over a statement by Motion Picture Association of America (MPAA) Chairman and CEO Chris Dodd to Fox last Thursday: “Those who count on quote ‘Hollywood’ for support need to understand that this industry is watching very carefully who’s going to stand up for them when their job is at [...]
2. Proposed EU data protection rules include right to be forgotten
   New proposals for Europe’s data-protection law would see companies facing fines of up to 2% of their global turnover if they breach the rules.
3. Reding’s ‘right to be forgotten’ bill polarises Euro biz world
   Rewriting data protection law in internet age: EU Justice Commissioner Viviane Reding will imminently table a draft bill that will if passed in Parliament require internet firms to be upfront about the user data they hold.
4. Super-powered ‘frankenmalware’ strains detected in the wild
   Virus-worm crossbreeds will trash systems faster than ever before: Viruses are accidentally infecting worms on victims computers, creating super-powered strains of hybrid software nasties.
5. Judges probe minister’s role in McKinnon extradition saga
   Pentagon hacker’s medical files ignored: The long-running case of Gary McKinnon returns to court on Friday.
6. Google to combine users’ data across its services
   Google will be able to combine data from several Google services when a Google Accounts user is signed in, as part of a rewritten set of privacy policies that the company announced on Tuesday.
7. Nokia busted for dodgy SMS to customers
   Spam Act breach draws $AU55k wrist-slap: Nokia has fallen foul of the Australian Communications and Media Authority, incurring a $AU55,000 fine following consumer complaints over its SMS marketing practices.
8. US govt security advice site trashed by hackers
   Hacktivist campaign against SOPA, PIPA and ACTA continues: Anonymous and LulzSec members have hacked US government security web site OnGuard Online and defaced it, forcing it offline, in retaliation for the recent MegaUpload takedown and the controversial Anti-Counterfeiting Trade Agreement (ACTA), the groups have announced.
9. Accused Kelihos botnet maker worked for two security firms
   A Russian man who was accused Monday by Microsoft of creating the Kelihos botnet worked for a pair of security-related firms from 2005 to 2011, according to evidence on the Web.
10. Microsoft names alleged Kelihos botnet creator
    Microsoft has named a Russian man as the alleged creator of Kelihos, a spammy botnet that abused the company’s Hotmail service until the botnet was shutdown last September.
11. 9 Ways To Minimize Data Breach Fallout
12. Searching for Google Chrome can lead to malicious content
13. Hackers attack U.S. railways
14. Carberp Trojan targets French broadband subscribers
15. “We’re just like YouTube,” Megaupload lawyer tells Ars
16. Torontos Audiobooks.com launches all-you-can-hear cloud streaming
17. EU Poised to Propose 24-Hour Breach Notification, Data Privacy Rules
18. Twitter Acquires Dasient for Anti-Malvertising Security Technology
19. Twitter acquires web malware fighter Dasient
20. Appeals court clears way for look at divorce application of Russell Williams wife
21. Posting personal information online could backfire, privacy commissioner warns young Canadians
22. Fluke Rolls Out New Threat Signatures Released To Protect Against Wireless Attacks
23. Posting personal information online could backfire: privacy commissioner
24. Microsoft names Russian man in Kelihos botnet suit
25. Security Best Practices Reduce Downtime from Cyber-Attacks: Survey
26. Microsoft Names Developer, Operator of Kelihos Botnet
27. Ontario court clears way for look at divorce application of sex-killer Williamss wife
28. Hacker allegedly leaks 100K Facebook account credentials of Arab users
29. Hackers Breached Railyway Network, Disrupted Service
30. Google+ Supports Most Nicknames, Only Some Pseudonyms
31. Kelihos botnet creator worked for antivirus company, Microsoft says
32. Mitt Romney releases tax numbers: US$6.2M owed on US$42.5M earned in 2010, 2011

“Those who count on quote ‘Hollywood’ for support need to understand that this industry is watching very carefully who’s going to stand up for them when their job is at stake. Don’t ask me to write a check for you when you think your job is at risk and then don’t pay any attention to me when my job is at stake.”

As pointed out on the MPAA web site, Dodd is also a former US Senator from Connecticut. Surely he understood the implications of publicly confirming what we have always expected — that Hollywood spends a lot of money on politicans and expects a return on their investments. Rather than condemn him, perhaps we should be thanking him for putting this out in the open.

The movie industry, like many others, is facing a harsh new reality — one that, for the most part, they appear to be in denial about. Pushing for draconian, ill-informed legislation such as the Stop Online Piracy Act (SOPA) and the Protect IP Act isn’t the solution. Perhaps it’s time that Hollywood stop trying to purchase politicians and apply some creativity to their business model instead.

1. Microsoft: Worm Operator Worked at Antivirus Firm
   In a surprise filing made late Monday, Microsoft said a former technical expert at a Russian antivirus firm was the lead person responsible for operating the Kelihos botnet, a global spam machine that Microsoft dismantled in a coordinated takedown last year.
2. Supreme Court GPS ruling called a win for privacy
   Calling it a victory for privacy rights, civil rights advocates hailed a U.S. Supreme Court ruling that requires law enforcement officials to obtain a search warrant before they can attach a GPS tracking device to a vehicle.
3. Councils tout 1.2bn for IT whizkid to grab their backend
   Outsourced IT includes crim record checks and payroll: A one-billion-pound contract is up for grabs as three London councils hunt for IT hotshots to streamline their back-office systems – handling everything from criminal record checks and financial accounts to the payroll and psychometric testing.
4. US Senator’s Twitter account back after hack
   Anti-SOPA activists play ‘occupy @ChuckGrassley’: The office of US Senator Chuck Grassley has confirmed that his Twitter account was taken over and used to launch anti-SOPA messages on Monday, US time.
5. Google ups ante for Chrome hack at revamped Pwn2Own
   The sponsor of the annual Pwn2Own hacking contest has dramatically revamped the challenge and will be awarding a first prize of $60,000 this year, four times 2011′s top reward.
6. Researcher traces ‘Gameover’ malware to maker of Zeus
   The ‘Gameover’ malware that the FBI warned about earlier this month is a preview of the next version of the even-more-notorious Zeus money-stealing Trojan, a security researcher said today.
7. Supreme Court: GPS tracking needs court warrant
   U.S. law enforcement agents need court-approved warrants to track a suspect’s whereabouts using a GPS device, the U.S. Supreme Court said Monday, in deciding a burning issue where privacy intersects with modern technology.
8. Sourcefire jumps into anti-malware market
   Cyber-outbreak defence tech to shore up big biz: Sourcefire, the security biz behind the commercial versions of the open-source Snort intrusion-detection software, is bowling itself at enterprises and touting tech designed to quickly detect and block malware outbreaks.
9. DreamHost resets passwords after database breach
   Los Angeles-based Web hosting firm DreamHost reset the FTP and shell access passwords for all of its customers on Friday after detecting unauthorized activity within one of its databases.
10. Android hackers mull rooted mobe app marketplace
    As if things weren’t complicated enough: Android hackers are discussing the creation of a specialist app store, listing software for rooted handsets and other things that even Google won’t allow.
11. Microsoft names botnet ‘suspect’
12. Microsoft accuses Russian of masterminding Kelihos botnet
13. Sourcefire debuts anti-malware software FireAMP for enterprise
14. Twitter acquires antimalware company Dasient
15. Kelihos malware author, botnet herder named by Microsoft
16. Unique Web malware hosts increase
17. 10K Reasons to Worry About Critical Infrastructure
18. ‘Gameover’ malware is next-gen Zeus trojan
19. Sourcefire shows cloud-based malware tracker FireAMP
20. Europe Weighs a Tough Law on Online Privacy and User Data
21. Judge Orders Defendant to Decrypt Laptop
22. Ex-CIA officer charged over classified leaks
23. Dreamhost, T-Mobile Data Breaches Compromise User Passwords
24. Ex-CIA officer charged with leaking classified information to journalists
25. Yubico Reports 2011 Record Growth, Outlook For 2012
26. BB&T Payment Solutions Offers Free Data Security Webinar For Small Business Owners
27. WatchDox Introduces Secure Annotation, Collaboration For iPad, iPhone
28. Packet Plus Introduces Interactive Networking Stack Debugger
29. More Megaupload fallout: FileServe shutters file-sharing service
30. How exactly did Megaupload work before it got shut down?
31. Arab Facebook logins posted by Israeli hacker
32. I Spy Your Companys Boardroom
33. Former CIA official charged with intelligence leaks
34. Polar Mobile closes $6M funding round
35. Former CIA agent charged with leaking classified secrets to reporters
36. Researchers demonstrate tragic state of SCADA security
37. DreamHost resets customer FTP passwords following database breach
38. Do you need a cyberumbrella?
39. Anonymous Cons Web Users Into Joining DDoS Attacks with Camouflaged Links
40. DSKHuffington Post launches new website in France
41. Sourcefire Rolls Out FireAMP For Blocking Advanced Malware Utilizing Big Data Analytics
42. Costa Concordia captain passes drug test as more bodies found in wreckage
43. Advanced malware protection with Sourcefire FireAMP
44. Warrants Needed for GPS Monitoring, Supreme Court Rules
45. Consta Concordia captain passes drug test as more bodies found in wreckage
46. FireAMP Fights Malware with Big Data Analytics

1. Citadel Trojan Touts Trouble-Ticket System
   Underground hacker forums are full of complaints from users angry that a developer of some popular banking Trojan or bot program has stopped supporting his product, stranding buyers with buggy botnets. Now, the proprietors of a new ZeuS Trojan variant are marketing their malware as the first offering that lets customers file bug reports, suggest and vote on new features in upcoming versions, and track trouble tickets that can be worked on by the developers and fellow users alike.
2. SharePoint gods peek into colleagues’ info poll
   Security is for other people: SharePoint admins are abusing their privileged status to sneak a peak at classified documents according to a poll that shows consistent abuse of security in Microsoft’s business collaboration server.
3. ITV wrist-slapped for showing video game as IRA attack
   Fined for Youtube rip and bungled riot coverage: ITV has escaped a fine for using video game footage to illustrate IRA activities, and portraying the wrong riot, but will tighten up procedures to stop it happening again.
4. DreamHost nightmare attack sparks passwords reset
   Hackers inappropriately touched customer database: US-based hosting firm DreamHost is advising customers to change their passwords following a database breach.
5. ‘Hannibal’ leaks ’100,000 Facebook logins’
   Then demands Middle East cyber-war truce: The tit for tat between pro-Palestinian and pro-Israel hackers escalated at the weekend after a hacker called Hannibal claimed to have leaked the Facebook login details of “100,000 Arabs”.
6. Europe exposes its stiff data protection law this week
   Time for Facebook, Google et al to lobby hard: Stringent proposals for the revision of Europe’s outdated 1995 data protection law are to be revealed by officials this coming Wednesday.
7. Romanian who hacked NASA spared cooler stint
   If you can’t do the time, well, do the crime anyway: A Romanian hacker who admitted breaking into NASA’s network has avoided jail, receiving a three-year suspended prison sentence instead.
8. Anonymous dupes users into joining Metaupload attack
   The Anonymous hacking group recruited unwitting accomplices in Thursday’s attacks against U.S. government sites, a security researcher said today.
9. Researchers expose flaws in popular industrial control systems
   Researchers showcased unpatched security flaws in software used to control critical industrial systems by oil, gas, water and electrical distribution plants at the 2012 SCADA Security Scientific Symposium (S4) on Thursday.
10. Tax-themed spam delivers malware
11. EU to enforce 24-hour data breach disclosure
12. Tool used in Anonymous Megaupload campaign
13. GAO: critical infrastructure operators need more coherent regulations
14. SCADA industrial control systems exposed by security researchers
15. Thorsten Heins to take over as RIM CEO as Mike Lazaridis, Jim Balsillie step down
16. Unauthorized access to a database server exposes unencrypted customer passwords including FTP/shell and email accounts
17. Email addresses, system login information and other unknown data stolen from virus-infected computer after employee involved in H-II Transfer Vehicle project opens malicious e-mail attachment
18. Data breach resolution: the first 24 hours
19. Megauploads high-profile defense lawyer Robert Bennett withdraws from piracy case
20. Internet policing and copyright protection must be in balance: EU
21. Kim Dotcom, Megaupload founder, claims he is smarter than Bill Gates
22. 124,410 names, dates of birth, e-mail addresses, phone numbers, and MD5 passwords dumped on Internet
23. Costa Concordia captain denies delaying alarm, allegedly admits he messed up
24. Megauploads Kim Dotcom barricaded himself in mansion: police
25. Anonymous dupes users into joining Megaupload attack
26. Security roundup: Anonymous attacks DOJ, RIAA sites; Israeli-Palestinian cyberconflict escalates
27. Alleged spy Jeffrey Delisle fed misinformation to fool Russians: source
28. FBI Megupload Shutdown Cuts Off Uses From Personal Files, Business Data
29. FP Letters to the Editor: Stupid over SOPA
30. Version 8.3 Of Astaro Security Gateway Brings UTM To The Cloud
31. Avira Partners With Secure.me To Offer Facebook Protection
32. NQ Mobile Launches Mobile Security V6.0 For Android
33. Suits And Spooks Anti-Conference Aims to Redefine Security
34. Meet Kim Dotcom, king of Megauploads media empire
35. Qualys Launches New Freemium Web Security Service For SMBs
36. Trend Micro Marks 2011 “The Year Of Data Breaches”
37. SharePoint Users Develop Insecure Habits
38. Prolexic Enhances Portal to Provide Customers With More Insight Into DDoS Threats And Mitigation
39. Anons Tricked Bystanders into Joining Attack on DoJ
40. Mystery woman Domnica Cemortan says shes ready to testify in defence of Costa Concordia captain
41. Stephen Colberts Hermain Cain antics rankle South Carolina Democrats
42. Anonymous shutters government, music industry sites
43. Alcatel-Lucent and Arbor Networks Team Up In The Fight Against ‘Denial-Of-Service’ Attacks
44. McAfee closes spam-spewing hole in its anti-malware service
45. Programmer steals US government software source code
46. Megaupload shuttered, founders arrested, Anonymous retaliates with DDoS attacks
47. Has Anonymous Crossed the Line with MegaUpload.com Retaliation?
48. PIPA postponed: Harry Reid delays senate vote on anti-piracy bill
49. Costa Concordia captain cried like a baby after the crash; rescue operations suspended amid choppy seas
50. Reid Calls Off Protect IP Act Vote

1. Mozilla pushes browser-based alternative to passwords
   Give us your keys to look after, we’re lovely: Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.
2. Federal Reserve contractor charged with source code theft
   A U.S. Federal Reserve contractor has been charged with copying the source code of software that keeps track of large exchanges of money between U.S. government agencies.
3. Feds charge 7 in ‘massive’ case against Megaupload online piracy ring
   A day after thousands of websites went on strike protesting controversial anti-piracy legislation in the U.S., federal authorities today announced they have busted a pirate ring that allegedly hauled in $175 million.
4. Feds cuff coder accused of US bank source code swipe
   Alleged thief ‘nicked $9.5m software to train his students’: A computer programmer has been charged with stealing source code worth $9.5m from the Federal Reserve Bank of New York, according to the FBI and prosecutors.
5. Spam-squirting hole found in McAfee antivirus kit
   Ironic server-side flaw exploited, patch promised: McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.
6. U.S. drone strikes kill senior al-Qaeda official Aslam Awan in Abbottabad
7. Fed websites back online after Anonymous attack
8. Hackers retaliate over Megaupload
9. Anonymous retaliates for Megaupload shutdown, attacks DOJ, others
10. 2012 business worries
11. Fed sites online after Anonymous attack
12. Phone-hacking settlements by Rupert Murdochs News Corp. top $1-million
13. Hackers attack FBI, Justice Department websites after file sharing service shutdown
14. U.S. shutters Megaupload, hackers retaliate
15. U.S. Justice Department site taken down by hackers over Megaupload shutdown
16. Advertising: The Push for Online Privacy – Advertising
17. SOPA Getting a Face-Lift: How Evil Will It Be?
18. Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software
19. Microsoft takes aim at rootkits, misses
20. NSA Releases SE Android With Better Sandboxing, Access Control Policies
21. SITA First To Achieve PCI Security Compliance For Passenger Processing
22. Metasploit Exploit Module Released For PLC SCADA Devices
23. More source code stolen, says Symantec
24. Feds Shutter Indicts, Shutters Megaupload
25. McAfee due to patch spam relay problem in cloud product
26. IE URI encoding behavior facilitates XSS attacks, researchers say
27. HBGary And HP Enterprise Security Partner To Deliver Advanced Threat Intelligence On The ArcSight Platform To Combat Targeted Attacks
28. Koobface botnet goes down, suspects scurry to erase tracks
29. Barclays: 97 percent of data breaches still due to SQL injection
30. More source code stolen, Symantec
31. Iraq okays death penalty for 2009 Baghdad bombings convicts
32. Facebook Users Hit By Money-Grubbing Malware

1. Japanese cops cuff six smut-scam ransomware suspects
   Victims forced to pay stiff charges: Japanese police have arrested six suspected cyber-crooks over a one-click billing fraud scam that allegedly targeted sweaty smut surfers.
2. Facebook, experts spar over Ramnit worm contagion
   Security boss says stalking site is free of bank account-raiding malware: Facebook has downplayed the significance of Ramnit, a recently discovered worm that attempts to steal login credentials for the social networking site.
3. Careless care charity loses unencrypted patient data stick
   Whoops, won’t happen again: A care provider with offices in the Isle of Man and Northern Ireland has committed to improving its data protection standards after losing a memory stick containing unencrypted patient data.
4. Alcatel-Lucent, Arbor Networks partner on DDOS mitigation
   Alcatel-Lucent is now offering a router with technology from Arbor Networks that defends against distributed denial-of-service attacks, the two companies said on Wednesday.
5. Secunia sets six-month deadline for vulnerability disclosures
   Vulnerability research firm Secunia announced that, effective from the beginning of the year, software vendors will have a six-month deadline to fix vulnerabilities reported through its Vulnerability Coordination Reward Programme.
6. Alleged Muscovite cybercrime daddy hauled in to face US court
   Feds allege pre et fils duo scooped $100ks using malware: A suspected Russian cyber-crook has arrived in the US to face charges of security fraud, computer hacking and ID theft following his deportation from Switzerland.
7. Lock your online doors
8. Senate to Consider Cybersecurity Overhaul
9. RSA, unapologetic, looks to move beyond The Breach
10. Anti-malware code’s spambot flaw
11. Twitter users targets of social spear phishing
12. McAfee bug could turn PCs into spam servers
13. Facebook, Security Investigators Unmask Five Men Behind Koobface Crime Ring
14. William Watson: A teachers lesson
15. Internet SOPA/PIPA Revolt: Dont Declare Victory Yet
16. Zappos, Amazon hit by lawsuit after a hacker attack on the online shoe retailer
17. LOLing Our Way to Internet Freedom
18. SOPA, PIPA Still Threaten Internet Operations Even Without DNS Filtering
19. Symantec Confirms Source Code Stolen in 2006 Breach It Didn’t Know About
20. SOPA, Internet Regulation, and the Economics of Piracy
21. Senators change sides on SOPA/PIPA issue
22. USB Drive Security: 10 Tips for Guarding Enterprise Data
23. Costa Concordia captain claims he tripped and fell from sinking ship into lifeboat
24. Supreme Court Says Congress May Re-Copyright Public Domain Works
25. New Facebook attack targets e-cash users
26. SOPA Web Protests Sure to Inspire Malware Distribution Scams
27. Google, Wikipedia Lead Protests of SOPA, PIPA Across Web
28. How to Kill SOPA, PIPA While Building Consensus for Sensible Legislation
29. Symantec admits its networks were hacked and source code stolen
30. Symantec Confirms Hackers Breached Network in 2006
31. Yangs exit from Yahoo may remove barrier to Asia asset sale
32. Wikipedia, Google, Others Protest SOPA, PIPA
33. Google blacks out its home page in support of Wikipedia SOPA protest
34. DoD ID cards under attack
35. How Facebook Took Down Koobface Malware
36. Questioning of incoming data crucial for security awareness

1. MegaSearch Aims to Index Fraud Site Wares
   A new service in the cyber underground aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools.

   A glut of stolen card data has spawned dozens of stores that sell the information. The trouble is that each store requires users to create accounts and sign in before they can search for cards.

   Enter MegaSearch.cc, which aims to let fraudsters discover which fraud shops hold the cards they’re looking for, without having to first create accounts at each shop. This underground search engine aggregates data about compromised payment cards, and points searchers to various fraud shops selling them.

2. NYT names five Koobface botnet suspects
   Trojan coins millions for its masters, say researchers: Five suspected masterminds behind the infamous Koobface botnet have been unmasked in a move abetted by Facebook to put the heat on cyber-crimelords.
3. New stealthy botnet Trojan holds Facebook users hostage
   Victims must pay $25 to get back into stalkerbase: A new strain of cybercrime Trojan is targeting Facebook users by taking over their machines and shaking them down for cash.
4. Symantec backtracks, admits own network hacked
   Symantec today backed away from earlier statements regarding the theft of source code of some of its flagship security products, now admitting that its own network was compromised.
5. Facebook may let you share what you do off-site
   Speculation is swirling that Facebook is getting ready to announce a way to combine information on what users do on, and off, the social network.
6. Police charge man with fraud over phoney computer orders
7. Why Weve Censored Wired.com
8. Clamor for cloud apps increases corporate data breach risk
9. Zappos data breach response a good idea or just panic mode?
10. Stuxnet and Duqu part of assembly line: researchers
11. Oracle Accused of Downplaying Database Flaws, Severity
12. Google ‘Good to Know’ Campaign Touts Web Privacy, Security
13. Smartphones, Tablets, Android Are Why Malware Is Going Mobile in 2012
14. Oracle Patches 78 Bugs in January’s Critical Patch Update
15. Coastguard begged Costa Concordia captain Francesco Schettino to return to ship after crash, recording shows
16. Russia faces violent revolution if it doesnt embrace democracy, billionaire Putin challenger declares
17. Why is Wikipedia staging a blackout and what is SOPA?
18. Vivian Krause: Oil sands money trail
19. A SOPA/PIPA Blackout Explainer
20. Google’s ‘Good to Know’ Is a Great Online Privacy Resource for Business
21. Israeli and Palestinian hackers trade DDoS attacks in rising cyber-gang war
22. Bits Blog: Even Big Companies Cannot Protect Their Data
23. Zappos Breach Illustrate the Need for Stronger Password Rules
24. New Sykipot Variant Targets Defense Sector Smart Card Credentials
25. GFI Software Enhances Dynamic Malware Analysis
26. Canadians ignoring brands on social networks
27. Hacktivists expose personal info of T-Mobile staff
28. Cambridge company Launches Ultra-Secure 3rd Generation Networked SCADA System
29. Supreme Court Rejects Student Social-Media Cases
30. Email, Personal Information on PlayBook Left Vulnerable to Hackers
31. Threat incidents and security wins in 2011
32. Facebook ‘Koobface’ Malware Gang Unmasked — Sophos Releases Exclusive Research
33. Brazen Brazilian hackers opening cybercrime schools
34. Wikipedia Planning SOPA, PIPA Protest Shutdown
35. 10 Security Trends To Watch In 2012
36. Collection of information key to thwarting APT attacks
37. Symantec Announces Intelligent Information Governance To Mitigate Risks And Free Information
38. U.S. online piracy bill headed for major makeover
39. Facebook to name and shame Russian Koobface gang
40. Collection of information key to thwarting APT attacks, report

1. Phishing Your Employees 101
   A new open source toolkit makes it ridiculously easy to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one can be abused by miscreants to launch real-life attacks.

   The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a login page — with a single click, and ships with an easy-to-use phishing lure creator. An education package is bundled with the toolkit that allows administrators to record various metrics about how recipients respond, such as whether a link was clicked, the date and time the link was followed, and the user’s Internet address, browser and operating system. Lists of targets to receive the phishing lure can be loaded into the toolkit via a spreadsheet file.

2. NSA constructs hardened Android, unleashes it on world
   Vicious apps squashed by super-spook mobile OS: The US Defense Department’s The National Security Agency (NSA) has released a security-hardened version of Google’s mobile OS, Android.
3. Japanese boffins fear virus nicked spacecraft blueprints
   Tokyo, we have a problem: Japanese space engineers have admitted one of their computers has been infected by a Trojan that may have leaked sensitive data, including system login information, to hackers.
4. GAME: Our website wasn’t hacked!
   Leaked account login details are bogus, says chain: Video games purveyor GAME says it has not been hacked after reports yesterday claimed that the retail biz had suffered a security breach.
5. Taxman two months late on cyber-crimefighters deadline
   HMRC still wants our dosh on time though: HMRC has missed a key deadline to create teams of cyber crime investigators and launch initiatives to counter the increased threat of web attacks on the authority’s systems and customers.
6. Security challenges for the finance sector
7. Survey: Security deployments, training reduce cyberattack wipeouts, downtime
8. Chinese hackers target DoD, DHS smart cards
9. Cyber attacks cost firms nearly US$500K per year, study finds
10. Call center employee pleads guilty to stealing and misusing customers’ credit card numbers
11. 44 employees’ names, e-mail addresses, phone numbers, and clear-text passwords dumped on the Internet
12. 5,294 e-mail addresses, MD5 passwords, and usernames dumped on the Internet
13. Visa advises on more secure credit card transactions
14. Zappos Hacked: What You Need to Know
15. Hackers breach T-Mobile Web server, leak staff data
16. Zappos breach affects 24M, opens door for more attacks
17. Online retailer Zappos warns customers after major hacker attack
18. Non-US customers kept in dark as Zappos cleans up after data breach
19. White House Opposes DNS Blocking in SOPA
20. College and students ravaged by malware for over a decade
21. College and students ravaged by viruses for over a decade
22. 24 million email addresses, billing and shipping addresses, phone numbers, the last four digits from credit cards, passwords and more illegally accessed
23. Zappos gets hacked, resets customers’ passwords
24. Shopping site Zappos hit by hacker
25. Hackers target children’s sites
26. MP quits over Hitler joke video
27. Russia vows to expose those responsible for Phobos-Grunt Mars probes inglorious end over the Pacific
28. Pakistan PM Gilani found in contempt of court for suspected corruption cover-up
29. Hackers strike Amazon-owned site
30. NASA and ISS data stolen from Japanese space agency

1. DHS media monitoring could chill public dissent, EPIC warns
   The U.S. Department of Homeland Security is engaging in media monitoring activity that achieves no public safety goals and will likely have a chilling effect on legitimate criticism of the agency, a leading privacy advocacy group warned.
2. Zappos coughs to HUGE data breach
   Up to 24 million users zappwn3d: Online online shoe and apparel outlet Zappos.com has apologised over a massive data breach that exposed the personal details of millions.
3. Facebook chat phishing attack impersonates Facebook security team
   A new phishing attack that’s spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network’s security team.
4. US military access cards cracked by Chinese hackers
   Access to buildings and intranets harvested by super-spy Trojan: A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers.
5. Sykipot Trojan hijacks DoD smart cards
   A variant of the Sykipot Trojan Horse hijacks U.S. Department of Defense (DoD) smart cards in order to access restricted resources.
6. Kenyan startup claims Google ‘scalped’ its data after staging a STING
   Google smacks back: Mocality’s data was ‘publicly available’: Google has been accused of “fraudulently” accessing a rival Kenya-based business listings database and then attempting to sell the internet giant’s competing GKBO product to that customerbase.
7. New attacks on Israeli websites
8. White House blasts Internet piracy bills
9. Israels stock exchange, airline attacked by website hackers
10. Hackers attack Israels stock exchange, national air carrier
11. Q&A: RSA’s Art Coviello reflects on last year’s big data breach
12. RSA chief: Last year’s breach has silver lining
13. Zappos hacked, info of 24+ million customers may be compromised
14. Zappos Latest Company Hit by Data Breach
15. San Francisco City College systems infected for over a decade
16. RSA security breach has improved security measures
17. Facebook Security impersonated by hackers in chat phishing attack
18. Small medical practices greatly at risk for data breaches
19. White House Blasts Internet Blacklisting Bills
20. Microsoft’s Trustworthy Computing, Security Still Priority 10 Years Later
21. Chinese ‘attack US DoD Smart Cards’ with Sykipot Malware
22. Obama administration joins the ranks of SOPA skeptics
23. Nortel trial to open old wounds
24. Where Nortel went wrong
25. Were senior executives scapegoats for Nortels demise?
26. Confessions of a Mossad spy
27. Customers’ account administration e-mail, account names, dates of birth, contact numbers, postal addresses, passwords, and credit card details may have been accessed by hacker
28. Rep. Smith Waters Down SOPA, DNS-Redirects Out
29. Podiatrist used names and identity information of approximately 200 nursing home patients as part of Medicare fraud scheme
30. Office of the Privacy Commissioner retrieved hundreds of medical records that were scattered amongst debris in an abandoned rural property belonging to a doctor who had been disciplined
31. Banking information and other data from perhaps tens of thousands of students, faculty and administrators were exfiltrated overseas by numerous viruses that were on systems for over a decade
32. Symantec accused of selling “scareware”
33. Nevada State Bar Investigating Copyright-Troll Righthaven
34. 342,000 records of subscriber/customers, including 315K e-mail addresses and phone numbers, 85K dates of birth, and 27K MD5 passwords dumped on web
35. Microsoft to scale up its threat intelligence sharing
36. Syria tank attack on border town leaves at least 15 dead, add to civil-war fears
37. Oracle Plans 78 bug Fixes in January’s Giant Critical Patch Update
38. Facebook chat-based phishing attack impersonates Facebook Security
39. U.S. still using RQ-170 Sentinel drones despite capture by Iran
40. Expired Digital Certificates: A Management Challenge
41. Sykipot Malware Steals Pentagon Smart-Card Credentials
42. TSA Air Marshal Arrested for Stealing Boston Occupiers iPhone on the Eve of Eviction
43. Complaints about online traffic slowdowns increasing: CRTC
44. Arab League braces for civil war as protests erupt across Syria

1. Namesco spits out phishy warning after credit card info leak
   ‘Please do not treat this as SPAM’: Namesco customers are angry over the domain name and hosting firm’s handling of a security breach that exposed the credit card details of some of the domain name and hosting firm’s users.
2. EPIC asks FTC to probe Google’s search biz tweak
   It’s a sticky social situation: The Electronic Privacy Information Center (EPIC), as expected, has now written to the US Federal Trade Commission requesting that the watchdog investigates Google’s search business.
3. Cyber insurance offers IT peace of mind — or maybe not
   Cyber insurance can help mitigate damages after a breach, but it’s no substitute for top-notch security, IT pros say.
4. NHS fined 375k after stolen patient data flogged on eBay
   Hospital bosses appeal against ICO’s stiffest punishment yet: The Information Commissioner is proposing to issue its heaviest ever fine for a breach of UK data protection laws. It proposes fining a health body after patient records were stolen from a hospital and sold on eBay.
5. Aussie fraud buster seized by global rival
   Founder joins as global CTO: Cybercrime buster ThreatMetrix has added Australian malware protector TrustDefender to its global fold.
6. Lawmakers seek hearing on Carrier IQ privacy issues
   Three House members today called for a Congressional hearing on the implications raised by the use of the Carrier IQ’s software by wireless carriers.
7. Stratfor slaps website back online after Anon mega-hack
   CEO: Hacktivists can’t silence us – and soz about the credit cards: Stratfor has restored its website to normal operation on Wednesday, more than two weeks after a hack attack by Anonymous that made the global intelligence analyst firm a byword for information insecurity.
8. Walden University offers M.S. in Emergency Management
9. Chinese ‘attack US DoD smart cards’ with Sykipot malware
10. Microsoft to share valuable real-time threat data feed with security community
11. Chinese using malware to attack US DoD smart card security
12. Identity intelligence and the complexity of security
13. Syria regime liquidating journalists, opposition council says
14. Leahy Offers to Remove Net-Altering DNS Redirects in Anti-Piracy Bill
15. Stratfor returns as Anonymous readies 5M stolen emails
16. Statfor returns as Anonymous readies 5M stolen emails
17. Microsoft Planning Real-Time Feed of Valuable Threat Data
18. 2,651 e-mail addresses and MD5 passwords acquired and dumped by hacker
19. 4,504 usernames, MD5 passwords, and e-mail addresses acquired and dumped by hacker
20. Manning Should Be Court-Martialed, Court Official Recommends
21. Air Force Drone Controllers Embrace Linux, But Why?
22. Prolexic Revenues Increase 45 Percent In 2011
23. SentryBay And NetSTAR Sign Strategic Technology Partnership
24. Bradley Manning Attorney Wants to Depose Rejected Witnesses
25. Microsoft Testing Real-Time Botnet Threat Intelligence Data Feed
26. DNSSEC Adoption Needs to Grow to Secure Core Internet, Protocols
27. Spam–Key Trends In 2011 And Predictions For 2012
28. BSA Details Cybersecurity Priorities In Letter To Senate
29. F5 Keeps Android Users Connected And Productive With New Secure Access Solutions
30. New Associate of (ISC) Programs For CSSLP And CAP Help Aspiring Professionals Prepare For Careers In Cyber Security
31. IBM Security Software Manages Employee Data Access Privileges
32. Hack Attacks Now Leading Cause Of Data Breaches
33. Wyden, Issa, CEA prepare for critical battles against SOPA and PIPA
34. Cybersecurity help exists, if you know where to look
35. Microsoft building real-time security threat feed for governments, partners