1. Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan
   More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies, new research shows.

   The malware, known as the “DNSChanger Trojan,” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.

2. Satellite phones lift skirt, flash cipher secrets at boffins
   Security though obscurity fails yet again: Researchers at the Ruhr-University Bochum have managed to extract the secret encryption algorithmns used by satellite phones, and discovered that it’s a lot less secure than one might hope.
3. ‘We’re totally in LA pissing people off’
   Plus ‘The horror!’: Quotw This was the week when Facebook finally filed for its IPO.
4. Tiff over LightSquared reveals odd partnership
   LightSquared founder Philip Falcone’s response to ethics allegations by a U.S. senator sheds some light on a strange chapter in the carrier’s ongoing bid to build a controversial cellular data network.
5. Half of Fortune 500 firms infected with DNS Changer
   Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the “DNS Changer” malware that redirects users to fake websites and puts organizations at risk of data theft, a security company said today.
6. VeriSign admits multiple hacks in 2010, keeps details under wraps
   VeriSign, the company responsible for guiding most of the world’s Internet users to the correct websites and once the largest encryption certificate issuing authority, was successfully hacked several times in 2010.
7. Verisign admits 2010 hack attack, mum on what was nicked
   SEC filing shows BOFH cover-up: Verisign has admitted in an SEC filing that it suffered numerous data breaches in 2010, but that management wasnt informed by staff for nearly a year after they occurred.
8. Symantec: We’ve plugged up pcAnywhere holes
   Security giant tries to draw line under source code soap opera: Symantec has said its pcAnywhere remote control software is once again safe to use, following the release of its latest security patch.
9. Kelihos botnet BACK FROM THE DEAD
   Bloodied spam-spewing zombie staggers in: The spam-spewing Kelihos botnet has returned from the dead.
10. OFFICIAL: Smart meters won’t be compulsory
    No offence to refuse in Blighty: Vid So-called ‘smart meters’ will not be mandatory, the energy minister has confirmed. The pledge was made by Charles Hendry last Thursday, and confirmed to us by the Department of Energy and Climate Change today.
11. Concerned about online privacy? FBI says you might be a terrorist
12. Microsoft researchers say anonymized data isn’t so anonymous
13. Google finally scans malware-ridden Android Market
14. Google reveals it is already scanning Android apps for malware
15. Iran is an urgent nuclear threat: CSIS
16. VeriSign Management was ‘Out of the Loop’ About 2010 Data Breach
17. VeriSign Hacked: What We Don’t Know Might Hurt Us
18. Peter Foster: Two-faced book
19. Attacks could steal HTC Wi-Fi codes with malicious app
20. Online Market for Pre-Owned Digital Music Hangs in the Balance
21. Google using custom malware scanner for Android apps
22. Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet
23. Apple Fixes 52 Bugs in OS X Snow Leopard, Lion in Security Update
24. At long last, malware scanning comes to Google’s Android Market
25. EFF ready to sue if “innocent customers” can’t get Megaupload data back
26. Donald Trump endorses Mitt Romney
27. WikiLeaks Julian Assange extradition ruling over alleged sex crimes may jeopardize other cases: lawyer
28. VeriSign, maintainter of net’s DNS, warns it was repeatedly hacked
29. VeriSign 2010 Hack: DNS Data Theft A Possibility
30. VeriSign admits it was hacked in 2010 but managers not told
31. Contact details, crime tips by citizens, and other personal information acquired by hackers; additionally, 1,073 employees’ names, usernames, e-mail addresses, MD5 passwords, job titles or position, and phone numbers dumped on the Internet
32. Bogus Facebook accounts always female, new study finds
33. Security breaches impacting VeriSign emerge in filing
34. Employee skimmed and sold 50 customers’ credit card numbers
35. Names, dates of birth, sickness information and work contact numbers of employees were published on the internet.
36. Lost memory stick contained personal details of young children attending schools in the Dunbar area
37. Customers’ personal details and encrypted credit card numbers with expiration dates may have been accessed by hacker
38. Bogus Facebook accounts easy to spot, new study finds
39. Symantec Shouldn’t Backpedal on Android ‘Malware’
40. More than 50 customers’ credit card numbers exfiltrated by virus incurred fraudulent charges
41. County’s web portal for public hacked; 250 residents’ email addresses, user names and passwords accessed
42. Facebooks looming mobile conundrum
43. Yubico And CloudPassage Bring Easy, Secure Two-Factor Authentication To Cloud Servers
44. SocialShield Releases the Top Social Networking Terms Kids Don’t Want Their Parents To Know
45. VeriSign Hit by Hackers in 2010
46. Palin hacker appeal rejected
47. Supreme Court of Sweden Upholds Pirate Bay Prison Sentences
48. 1,219 patients notified that flash drive stolen from pathologist’s car
49. Detecting the DNS Changer malware
50. Malware redirects bank phone calls to attackers

1. Whos Behind the Worlds Largest Spam Botnet?
   A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. The latest casualties? Several individuals likely responsible for running Grum, currently the world’s most active spam botnet.
2. Demand for safety kitemark on software stepped up
   MPs want new standard plus web security schooling: The government and industry ought to do more to promote online safety, according to an influential panel of MPs.
3. Met’s email hack probe turns spotlight on The Times – MP
   Scotland Yard keeps mum: Scotland Yard officers investigating allegations of computer hacking by News International staff have declined to “give a running commentary” on their probe, batting away MP Tom Watson’s narration of the saga.
4. Facebook warns investors of potential SPAM DELUGE
   IPO filing: Spamvalanche could kill us: Facebook has been the first internet company to baldly state the risks it faces from hacking and spam to the markets since the SEC issued guidance on the issue.
5. New Trojan routes your bank’s calls to CROOKS
   That’s right, I really just ordered 10 plasma tellies…: Devious cybercrooks have developed a banking Trojan that is capable of redirecting calls your bank has made to verify suspicious transactions straight into the waiting handsets of professional criminal caller services.
6. Fairfax bunkers down after alleged hack
   Privacy Commissioner wakes up: Two Fairfax sites remain offline this morning after they were apparently compromised, with the possible loss of credit card information.
7. WikiLeaks’ Assange takes appeal to U.K. Supreme Court
   WikiLeaks founder Julian Assange launched his appeal in the U.K. Supreme Court on Wednesday in his last attempt in Britain to avoid extradition to Sweden to face sexual assault allegations.
8. Microsoft ad campaign savages Google over privacy
   ‘We are not like them, and hey, why not try IE?’: Microsoft is launching a three-day advertising campaign in the US, offering itself as the privacy-respecting alternative to Google.
9. Will the market like Facebook?
10. MPs call on government to step up malware protection
11. Google, Microsoft Spar Over Privacy Policy Claims
12. Bitdefender Internet Security 2012 review
13. Symantec recants Android malware claims
14. Security breaches driving authentication changes
15. Symantec backtracks from Google Android malware claims
16. Keep calm and log on, MPs argue
17. Charges shed light on alleged plot to smuggle Saadi Gaddafi to Mexico
18. Hacked neo-Nazi websites reveal Canadian connections
19. Facebook Discloses Hacking, Spam as Business Risks in IPO Documents
20. Wave Systems Launches Cloud-Based Encryption Management Platform
21. A timeline of Facebooks meteoric ascent
22. Trojan Targets Industry, Government with Fake Conference Invitations
23. Apple Store employee reportedly being spied on via iMessage bug
24. Facebook files for US$5-billion IPO
25. Backupify Announces Security Best Practices, Adds Multiple Layers Of Protection To Cloud Application Data Backup
26. Vulnerabilities Reported In Mac Encryption Products
27. CloudPassage Launches Network Security In The Cloud Inbox
28. Mexico files charges in alleged Saadi Gaddafi smuggling plot involving Canadian woman
29. WordPress attacks try to infect users with dangerous rootkit
30. RFID Credit Cards Are Easy Prey for Hackers, Demo Shows
31. Identity information on at least 187 students found in possession of another student who may have used data for tax refund fraud
32. 392 e-mail addresses and MD5 passwords dumped on Internet
33. 12,374 job applicants and fewer than 500 patients notified that their names, addresses, Social Security numbers and insurance info may have been accessed after virus was discovered on system
34. Meet our new Security Editor and help shape our coverage
35. Kelihos botnet, once crippled, now gaining strength
36. For ‘Malware as a Service’ merchants, business is booming
37. Counterclank Apps To Remain In Android Market
38. Copyright: To the Batmobile!
39. Employees’ 401k data on flash drive lost in the mail; decryption code was in the same mailing but remained in package
40. 160 e-mail addresses and clear-text passwords dumped on Internet
41. 12,456 digital game purchasers notified network intruder intercepted and acquired credit card numbers, expiration dates, security codes, postal and email addresses, and passwords to optional user accounts
42. 1,018 patients notified after laptop stolen from Neurology Dept.
43. Cyber Attacks Becoming Top Terror Threat, FBI Says
44. Internet complaints skyrocket in Canada
45. Ukraine government sites attacked after piracy crackdown
46. Mobile Data Security: 10 Tips to Avoid Prying Eyes at the U.S. Border
47. When will Facebook change its status from private to public?
48. Syria rebels hope Damascus battle will force international allies to act
49. Timeline: Julian Assange and WikiLeaks
50. Kelihos botnet cranks back up after Microsoft attack

1. Romanian cops cuff suspected serial hacker TinKode
   Alleged Royal Navy, Pentagon invader gets keelhauled: Romanian police have arrested a man suspected of breaking into the websites of NASA and the Pentagon in a series of high-profile hack attacks.
2. Expert to finger air steward commentards who ‘harassed’ pilot
   Probe into airline staff forum ‘will not breach privacy rights’: A trade union has been ordered to let an independent expert examine its computer database to try to identify anonymous users of a forum it operated who allegedly defamed and harassed an airline pilot.
3. Trojan smuggles out nicked blueprints as Windows Update data
   Malware backdoors government-targeted kit ‘using Adobe 0-days’: Security watchers have uncovered a new highly targeted email-borne attack that uses a supposed conference invitation as a lure – and disguises extracted data as Microsoft Update traffic.
4. Lawmakers question proposed change to video privacy law
   Let’s say you like to watch heady documentaries over Netflix’s streaming service and would like to share recommendations with your friends on Facebook. Netflix would like to offer that service, but the company says a 24-year-old U.S. law is in the way.
5. In letter to Congress, Google defends privacy changes
   In a letter sent to eight members of Congress, Google yesterday defended its move to consolidate its privacy policies and users’ personal information.
6. Cyberwar report: Israel, Finland best prepared for conflict
   Do GCHQ and the NSA have some catching up to do?: Analysis Israel, Finland and Sweden are more prepared than larger nations to fight a conflict in cyberspace, according to a McAfee-backed cyber-defence study.
7. Virus-slingers abuse WordPress vulns, dose punters with exploit
   Blogs also infected with information-harvesting Trojan: Malware-spreaders are hacking into vulnerable WordPress-powered sites in order to drive traffic towards pages loaded with exploits.
8. Nortel executive faced deluge of data, trial told
9. Romaninan hacker TinKode allegedly arrested
10. “Slain” Kelihos botnet still spams from beyond the grave
11. Trojan found breaking Yahoo CAPTCHA security in minutes
12. Megaupload’s hosting company teams up with EFF to identify legal files
13. Mexican man accused of beating Calgary tourist says he confessed under torture
14. Google to Censor Blogger Blogs on a Per Country Basis
15. Google won’t pull Android apps deemed malicious
16. Rising Cyber-War Threat Forcing Nations to Bolster Defenses: McAfee
17. Country With Most Online Fraud Attempts/How Much Fraud On Mobile Devices Revealed
18. New Survey: Two-Thirds Of Companies Interested In Switching Authentication Vendors
19. Stop SOPA, PIPA Madness: Ways to Sensibly Protect Copyrights
20. Fake Windows updater targets government contractors, stealing sensitive data
21. Obama plays down Iraq drone presence as he confirms Pakistan strikes
22. Megaupload Server Purge Delayed
23. Carder Forced Gang Members to Have Sex to Weed Out Undercover Feds
24. Hackers infect WordPress 3.2.1 blogs to distribute TDSS rootkit
25. Investors Warned of Email Accounts Being Hacked to Illegally Transfer Funds
26. Iran may or may not be building nuclear weapon, but theyre keeping their options open: U.S. intelligence chief
27. Google Tells Congress It is Changing Privacy Policies, Not Practices
28. “Mobile Device Privacy Act” would prevent secret smartphone monitoring
29. Webroot SecureAnywhere Essentials 2012 review
30. IBM Announces New Software to Manage And Secure The Influx Of Mobile Devices To The Workplace

1. Glavmed Sister Program GlavTorg to Close
   A prominent affiliate program that pays people to promote knockoff luxury goods closing down at the end of January. The program — GlavTorg.com — is run by the same individuals who ran the infamous Glavmed and SpamIt rogue pharmacy operations.
2. Warnings About Windows Exploit, pcAnywhere
   Security experts have spotted drive-by malware attacks exploiting a critical security hole in Windows that Microsoft recently addressed with a software patch. Separately, Symantec is warning users of its pcAnywhere remote administration tool to either update or remove the program, citing a recent data breach at the security firm that the company said could help attackers find holes in the aging software title.
3. Many pcAnywhere systems still sitting ducks
   Symantec warns that its product should not be connected directly to the Internet, yet an estimated 140,000 computers are configured to allow direct external access
4. Council fined 140k for leaking kids’ sensitive info
   First Scottish organisation fined by information commissioner: The Information Commissioner’s Office (ICO) has fined Midlothian council 140,000 for disclosing sensitive personal data about children and their carers to the wrong people on five separate occasions.
5. Lawmaker pushes consumer notification bill in wake of Carrier IQ concerns
   U.S. Rep. Edward Markey (D-Mass.) has proposed a bill that would require all phone companies to notify consumers of any user tracking and monitoring software in their cell phones.
6. Feds say Megaupload user content could be deleted this week
   Federal prosecutors say that two companies hosting Megaupload’s servers in the U.S. could begin deleting all user content on them as early as Thursday.
7. Google, Facebook, Microsoft in PHISH-FIGHTING smackdown
   DMARC Brothers back cross-industry standard: Google, Facebook and other internet heavyweights are collaborating together to back a standard designed to curtail phishing by improving the collaboration between legitimate senders and receivers of emails.
8. Sexy Girls Puzzle: Android Trojan or eager ad-slinger?
   Researchers split on Counterclank’s naughtiness: Security researchers are split on the seriousness of an Android “malware” campaign that some estimates suggest may have “infected millions” of smartphones via gaming apps from Google’s Android Market.
9. Accused Kelihos botmaster proclaims innocence
   Andrey Sabelnikov, the Russian programmer accused by Microsoft of creating and operating the Kelihos spam botnet said he’s innocent.
10. Researchers unearth more Chinese links to defense contractor attacks
    Symantec researchers have uncovered additional clues that point to Chinese hacker involvement in attacks against a large number of Western companies, including major U.S. defense contractors.
11. Norton Wants To Help You Remember Your Password
12. Cybersecurity report: All countries lag behind the bad guys
13. Cybersecurity Report Stresses Need for Cooperation
14. Accused Kelihos botmaster Andrey Sabelnikov claims innocence
15. The state of global cyber-readiness
16. UK prepared for cyberattack, but cybercriminals ‘faster and swifter’
17. Council fined for data breaches
18. The Web Application Hacker’s Handbook, 2nd Edition
19. Android.Counterclank an Aggressive Mobile Ad Network, Not Malware: Lookout
20. Google, Microsoft Team Up to Fight Phishing, Spoofed Emails With DMARC
21. Five Ways to Protect Your Email at Work
22. Baltimore-Based Security Provider Lookingglass Raises $5 Million In Funding
23. Megaupload founder Kim Dotcom gets a huge, inflatable tank
24. Accused Kelihos spam botmaster: It wasn’t me, Microsoft
25. New Mobile-Phone Privacy Law Proposed
26. Facebook sues Adscend Media for malware and spam
27. McAfee Updates Mobile Security With Remote Tracking, Data Wipes
28. Hackers put hijacked Web views up for sale for webfraud
29. RIMs dramatically different recycled marketing campaign
30. Obama campaign turns to Square for mobile fundraising
31. CIA Claims Publication of Bin Laden Death Photos Would Trigger Violence
32. Auto/Mate Launches Guard/Mate
33. As Anonymous protests, Internet drowns in inaccurate anti-ACTA arguments
34. Infoblox And CA Technologies Deliver Network Automation And Compliance Capabilities
35. Wave Launches Cloud-Based Encryption Service
36. FDA Accused of Spying on Whistleblowing Employees
37. Survey Of Security And Audit Pros, DBAs Reveals Responsibility Disconnect, Lack Of Management Commitment Impedes Database Security Efforts
38. MetaFlows Announces Software-Based IDPS, Enables IDPS Hardware For 1/10 The Price
39. Ex. Special Forces officers launch India-based threat detection company
40. Megaupload Data Subject to Deletion by Hosting Providers Feb. 2
41. Google, Microsoft, Facebook, Bank of America team to wipe out phishing
42. Android Counterclank: Malware, Or Smartphone Advertising?
43. McAfee and Security & Defence Agenda Release Global Cyber Defense Report
44. Costa Concordia wreck will not be moved until at least the end of the year or longer
45. Android Trojans downloaded by millions, still on Android Market
46. McAfee Announces Next Generation Of Mobile Security Software
47. Keeping on top of financial malware
48. Students used keyloggers on school computers, changed grades
49. Botnet suspect denies involvement
50. Pirate Party of Catalonia wants to sue FBI, in Spain, over Megaupload seizure

1. 4 Sun journos, 1 cop bailed in police bung probe
   Cuffed on suspicion of corruption after tip-off from News Corp: Police officers investigating allegations of illegal payments to cops as part of a larger probe of News International arrested four journalists on Saturday. All four were either current or former hacks at Rupert Murdoch’s tabloid The Sun. Police also arrested a Metropolitan police service officer at the weekend.
2. Microsoft’s Kelihos kingpin suspect: It wasn’t me
   Sabelnikov denies botnet herder allegation: The Russian man named by Microsoft as the mastermind behind the Kelihos botnet has stepped forward to plead his innocence.
3. Google spews out ‘privacy’ email to Sky punters too
   Not just Virgin Media customers fuming over web giant’s intrusion: Sky users have joined Virgin Media subscribers in receiving emails directly from Google about its new privacy policy.
4. Quantum Trojans undermine security theory
   Can dodgy vendors compromise uncrackable security?: A group of English and Canadian researchers has cast doubt on the nascent push to develop device-independent quantum cryptography standards, asserting that such schemes could be undermined by malicious vendors.
5. Students busted for hacking computers, changing grades
   ‘Very bright kids’ too bright for their own good: Three high school juniors have been arrested after they devised a sophisticated hacking scheme to up their grades and make money selling quiz answers to their classmates.
6. Adscend denies Facebook, AG allegations
   Adscend Media, the defendant in lawsuits filed this week by Facebook and the Washington attorney general, on Friday denied the allegations in the complaints and shifted blame to its affiliates.
7. Hawaii legislators bid aloha to controversial data retention bill
   Lawmakers in Hawaii quietly dropped a bill that would have required Internet service providers to collect the browsing histories of Internet users in the state and store the data for at least two years.
8. Google, Microsoft and Facebook battle phishing with new specification
9. Bogus “browser update” pages deliver malware
10. Symantec claims largest ever Android malware find
11. Lookout claims Symantec crying wolf over Android malware
12. City staff to review private messages
13. Twitter buys anti-malware firm
14. “Curious” nurse snooped in 108 patients’ files
15. A hacker aqcuired a “a small portion of payment firm’s European EFT business according to SEC filing
16. Laptops stolen in office burglary contained some clinical and demographic information as well as some Social Security numbers
17. Personal info on former and current customers exposed on the Internet in a spreadsheet that contained Social Security numbers
18. Over 400 clients’ records (but no financial info) on laptop stolen from office
19. Hawaiian University settles data breach lawsuit
20. 2,131 names, usernames, postal and e-mail addresses, phone numbers, and encrypted passwords dumped on the Internet
21. Pro-government hactivists deface Al Jazeera coverage of Syrian violence
22. Hitler painting fetches 32,000 euros in Slovak auction
23. Android Counterclank Malware Assails Android Market: Symantec
24. Boxes full of 2,000 personal medical records including names, addresses, phone numbers and social security numbers in a trash can
25. Student used an application on his cell phone to hack into the school’s computer network
26. EU 24-Hour Data Breach Notification Rule ‘Unworkable’: ATandT Executive
27. Sanctions against Iran may destabilize, topple regime by ratcheting up hassle factor: expert
28. Stealing the Titanic: Artifacts auction draws accusations of grave robbery
29. Security roundup: The triumph of hactivists, the sorrow of Symantec
30. Massive Android malware op may have infected 5 million users
31. Lookout Security rebuts rival’s Android malware claims
32. Google Privacy Policy Update Challenged by Lawmakers
33. Customers names, email addresses, billing and shipping addresses, telephone numbers, credit card information and/or a cryptographically scrambled passwords exposed
34. Man stole numerous customer accounts for more than a year
35. 650,000 names, email addresses, birth dates and nutritional data due to hacked database
36. 2,257 Social Security numbers of living veterans was mistakenly released to Ancestry.com as part of a response to a Freedom of Information Act request
37. Hacker able to view every member’s personal data, photos, pseudonyms and passwords
38. 7,000 full customer names, complete addresses, dates of birth, Social Security numbers, gender, Medicaid identification numbers, case management information and telephone numbers
39. Fraudulent purchases made with information from dozens of locals credit and debit cards
40. Data backup file held by vendor was accessed by an intruder included user names, email addresses and passwords
41. 391 current and former hospital employees names and Social Security numbers posted on website
42. 8,000 Social Security numbers and some credit card numbers of prospective students on a public server
43. SEC Goes After Online Trading Firms That Unwittingly Helped Latvian Hacker
44. Commerce or chaos
45. Anonymous targets Mexican websites
46. Twitter Censorship Move Sparks Backlash: Is it Justified?
47. FINRA advises brokers to bulk up security
48. Univ. of Hawaii settles with 98,000 over five breaches
49. The Lede Blog: Twitter’s New Policy on Blocking Posts Is Attacked, and Defended
50. White House Presses For New Cybersecurity Laws

1. Mr. Waledac: The Peter North of Spamming
   Microsoft on Monday named a Russian man as allegedly the guy responsible for running the Kelihos botnet, a spam engine that infected an estimated 40,000 PCs. But closely held data seized from the world’s largest spam affiliate program suggests that the driving force behind Kelihos is a different individual who is still coordinating spam campaigns for hire.

   Kelihos shares a great deal of code with the infamous Waledac botnet, a far more pervasive threat that infected hundreds of thousands of computers and pumped out tens of billions of junk emails promoting shady online pharmacies. Despite the broad base of shared code between the two malware families, Microsoft classifies them as fundamentally different threats. The company used clever legal techniques to seize control over and shutter both botnets, sucker punching Waledac in early 2010 and taking out Kelihos last fall.

   On Monday, Microsoft filed papers with a Virginia court stating that Kelihos was run by Andrey N. Sabelnikov, a St.

2. Lawmakers question Google on its new privacy practices
   Google’s decision this week to share user data across its online services has caught the attention of eight members of the U.S. House of Representatives, with the lawmakers asking whether the changes will compromise privacy.
3. Google says privacy change won’t affect government users
   Google today dismissed concerns by a former senior federal IT official that its controversial new privacy policy would create problems for customers of Google Apps for Government.
4. European Parliament says its website victim of DDOS attack
   The European Parliament’s website fell under a distributed denial-of-service attack on Thursday in what the organization classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement.
5. European Parliament says its website taken offline by attackers
   The European Parliament’s website fell under a distributed denial-of-service attack (DDOS) on Thursday in what the organization classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement.
6. Google emails Virgin Media subscribers … about privacy
   Infuriated customers want to know how the Goog got their addresses: Fuming Virgin Media customers have taken to the telco’s forum to complain that their email addresses have been used by Google, instead of being kept private.
7. Blackhole crimeware kit drives web threat spike
   Report: Conficker also still causing mayhem: Fake anti-virus scams are on the wane but drive-by-download threats have rocketed over the past year thanks to the hugely popular Blackhole crimeware kit, while Conficker remains prolific some three years after its release, according to Sophos.
8. EU regulators drop legal case after UK implements ePrivacy legislation
   European regulators have dropped a legal case against the United Kingdom over failure to implement ePrivacy laws saying that changes in UK legislation fixes the problems.
9. Pwn2Own 2012 touts bigger prizes, drops mobile hacks
   Make $60,000 with a few carefully injected bytes: Organisers of security conference CanSecWest have changed the rules for the next outing of its Pwn2Own computer hacking contest.
10. O2 3G stops giving punters’ mobile numbers to websites
    HTTP header blooper stamped out within hours after outcry: After a flurry of complaints, O2 engineers appear to have shut off the proxy server quirk that leaked to websites the phone numbers of punters browsing the net on 3G connections.
11. Costa Concordia company offers $14,400 in compensation to cruise ship passengers
12. 6 security companies to watch
13. Are You at Risk? What Cybercriminals Do With Your Personal Data
14. FTC Commissioner Talks Online Privacy, Puts Data Brokers on Notice
15. Protect sensitive data on Mac OS X, Windows and Linux
16. Perplexing malware served on social welfare site
17. Zscaler launches free link malware scanner Zulu
18. Rockets hit Pakistan academy near bin Laden home
19. End of the Big TV package era
20. Verdasys Offers Enterprise Data Leak Protection as Managed Service
21. Eight Reasons Anonymous Should Welcome Glenn Beck With Open Arms
22. Symantec: We Didnt Know in 2006 Source Code Was Stolen
23. Google privacy policy changes raise concerns
24. Drones: Barack Obamas weapon of choice against terrorism
25. We’re losing control of our digital privacy
26. European parliament website under cyber attack
27. UVic hard drives recovered with thieves’ note
28. Study: BlackHole appears, Conficker remains
29. Railroad Association Says Hack Memo Was Inaccurate
30. The Fast, Fabulous, Allegedly Fraudulent Life of Megauploads Kim Dotcom
31. EU 24-hour Data Breach Notification Rule Unworkable:` ATandT Executive
32. Symantec suspected Anonymous code breach back in 2006
33. Wikipedia and Orange partner to bring free access to developing world
34. Malicious MIDI files lead to rootkit malware
35. Web attacks peak at 38,000 an hour
36. Catbird Unveils vSecurity 5.0 for Virtualized and Cloud Computing
37. Google Centers Privacy Policies Around Google+

1. Symantec’s profits up in calm third quarter
   Growth in security and compliance keeps ship steady: CEO Enrique Salem stands crisp and smart on the poop deck of the good ship Symantec, looking back at a straight course and ahead to more growth. It’s a pretty unexciting third quarter story really.
2. Google stirs up privacy hornet’s nest
   Google has whipped up a privacy brouhaha with a blog post announcing that the company is rewriting its privacy policy, consolidating user information across its services.
3. Threatened by Anonymous, Symantec tells users to pull pcAnywhere’s plug
   Symantec this week told users of its pcAnywhere remote access software to disable or uninstall the software while it fixes an unknown number of bugs.
4. Accused Kelihos botmaster’s former employer ‘angered’ at revelation
   A security-related company that until late December employed the Russian developer who allegedly created the Kelihos botnet said today it was ‘extremely disappointed and angered’ at the revelation.
5. Final phase of Mass. data protection law kicks in March 1
   All companies storing personal data on Massachusetts residents have until March 1 to ensure that their contractors, suppliers, technology providers and other third parties comply with a new provision of the state’s data breach law.
6. IT pros say data breach assessment is more valuable than notification, study says
   IT professionals believe that assessing the potential harm caused by data breaches is more useful to mitigating the effects of such incidents than notifying affected individuals, according to a survey published on the day the European Union’s proposed a 24-hour deadline for data breach disclosures.
7. Why O2 shared your mobile number with the world
   And why they’ll probably do similar again: O2 has been sharing customers’ phone numbers with every website they visited, but O2 isn’t the only offender – it’s just the one that slipped up and got caught.
8. OpIreland hackers spank gov sites as ‘Irish SOPA’ nears
   Angry hacktivists land on Irish shores: Anonymous took out several key Irish government websites last night and promised more disruption to come in retaliation for new SOPA-like legislation which it claimed would make it easier for copyright-holders to block access to file sharing and other sites in the country.
9. pcAnywhere let anyone anywhere inject code into PCs
   Symantec plugs holes in desktop remote-control tool: Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws.
10. Is Google evil? Not really
11. User error is the biggest threat on the Internet
12. 2011 ‘eventful year for Mac malware’
13. Intego: 2011 offered bumper crop of Mac malware
14. Critics: EU’s proposed data protection rules could hinder Internet
15. Data breach harm assessment ‘more important than telling victims’
16. Malicious QR codes and the persistence of rootkits
17. Sophos Endpoint Anti-Virus 10 review
18. 1.8 million customers Social Security numbers, dates of birth and, in some cases, financial institution account numbers compromised
19. Symantec Warns pcAnywhere Users to Disable Tool Due to Source Code Theft
20. Europe proposes a “right to be forgotten”
21. Anonymous Goes After World Governments in Wake of Anti-SOPA Protests
22. Attackers Using DNS Poisoning to Hijack Website Domains, Divert Traffic
23. Secret Government Talks Create Treaty Stricter Than SOPA, PIPA
24. Symantec: Anonymous stole source code, users should disable pcAnywhere
25. EU Proposed New Data Privacy Laws to Impact U.S. Internet Giants
26. US has already flexed cyberwar muscle, says former NSA director
27. “Blackhole” toolkit dominates Web malware attacks, says Sophos
28. Google Privacy Policies Rile Users, Regulators With Zero Opt-Out
29. Harper to tout capitalism, Canadian oil at World Economic Forum
30. Symantec admits stolen source code impacts pcAnywhere
31. Symantec admits stolen source code impacts pcAnywhere users
32. Legality of Mobile Phone Tracking Still Unclear Despite Supreme Court GPS Decision
33. QNX: RIMs last hope?
34. Bail Denied for Megauploads Kim Dotcom
35. SCADA Systems in Railways Vulnerable to Attack
36. Are CIOs Championing Consumer Tech?
37. IT pros believe data breach harm assessment is more valuable than victim notification, study says
38. FireHost’s European-Based Secure Cloud Hosting Services Go Live
39. Sophos Reveals Assessment On Threat Landscape In Security Threat Report 2012
40. Dome9 Unveils Industry First Multi-Cloud Security Groups
41. Mobile Marketing Association Releases Final Privacy Policy Guidelines For Mobile Apps
42. 7 Tools To Tighten Healthcare Data Security
43. Microsoft Names Alleged Kelihos Botnet Operator
44. Anonymous Cons Web Users Into Joining DDoS Attacks With Camouflaged Links
45. DreamHost, T-Mobile Data Breaches Compromise User Passwords
46. Security Best Practices Reduce Downtime From Cyber-Attacks: Survey
47. Apple malware became more sophisticated in 2011
48. “Frankenmalware” active in the wild
49. Megauploads Kim Dotcom displays mischievous sense of humour
50. As Libya victory high ends, claims of violence and torture escalate

1. Thank you Chris Dodd
   The web is buzzing with contempt over a statement by Motion Picture Association of America (MPAA) Chairman and CEO Chris Dodd to Fox last Thursday: “Those who count on quote ‘Hollywood’ for support need to understand that this industry is watching very carefully who’s going to stand up for them when their job is at [...]
2. Proposed EU data protection rules include right to be forgotten
   New proposals for Europe’s data-protection law would see companies facing fines of up to 2% of their global turnover if they breach the rules.
3. Reding’s ‘right to be forgotten’ bill polarises Euro biz world
   Rewriting data protection law in internet age: EU Justice Commissioner Viviane Reding will imminently table a draft bill that will if passed in Parliament require internet firms to be upfront about the user data they hold.
4. Super-powered ‘frankenmalware’ strains detected in the wild
   Virus-worm crossbreeds will trash systems faster than ever before: Viruses are accidentally infecting worms on victims computers, creating super-powered strains of hybrid software nasties.
5. Judges probe minister’s role in McKinnon extradition saga
   Pentagon hacker’s medical files ignored: The long-running case of Gary McKinnon returns to court on Friday.
6. Google to combine users’ data across its services
   Google will be able to combine data from several Google services when a Google Accounts user is signed in, as part of a rewritten set of privacy policies that the company announced on Tuesday.
7. Nokia busted for dodgy SMS to customers
   Spam Act breach draws $AU55k wrist-slap: Nokia has fallen foul of the Australian Communications and Media Authority, incurring a $AU55,000 fine following consumer complaints over its SMS marketing practices.
8. US govt security advice site trashed by hackers
   Hacktivist campaign against SOPA, PIPA and ACTA continues: Anonymous and LulzSec members have hacked US government security web site OnGuard Online and defaced it, forcing it offline, in retaliation for the recent MegaUpload takedown and the controversial Anti-Counterfeiting Trade Agreement (ACTA), the groups have announced.
9. Accused Kelihos botnet maker worked for two security firms
   A Russian man who was accused Monday by Microsoft of creating the Kelihos botnet worked for a pair of security-related firms from 2005 to 2011, according to evidence on the Web.
10. Microsoft names alleged Kelihos botnet creator
    Microsoft has named a Russian man as the alleged creator of Kelihos, a spammy botnet that abused the company’s Hotmail service until the botnet was shutdown last September.
11. 9 Ways To Minimize Data Breach Fallout
12. Searching for Google Chrome can lead to malicious content
13. Hackers attack U.S. railways
14. Carberp Trojan targets French broadband subscribers
15. “We’re just like YouTube,” Megaupload lawyer tells Ars
16. Torontos Audiobooks.com launches all-you-can-hear cloud streaming
17. EU Poised to Propose 24-Hour Breach Notification, Data Privacy Rules
18. Twitter Acquires Dasient for Anti-Malvertising Security Technology
19. Twitter acquires web malware fighter Dasient
20. Appeals court clears way for look at divorce application of Russell Williams wife
21. Posting personal information online could backfire, privacy commissioner warns young Canadians
22. Fluke Rolls Out New Threat Signatures Released To Protect Against Wireless Attacks
23. Posting personal information online could backfire: privacy commissioner
24. Microsoft names Russian man in Kelihos botnet suit
25. Security Best Practices Reduce Downtime from Cyber-Attacks: Survey
26. Microsoft Names Developer, Operator of Kelihos Botnet
27. Ontario court clears way for look at divorce application of sex-killer Williamss wife
28. Hacker allegedly leaks 100K Facebook account credentials of Arab users
29. Hackers Breached Railyway Network, Disrupted Service
30. Google+ Supports Most Nicknames, Only Some Pseudonyms
31. Kelihos botnet creator worked for antivirus company, Microsoft says
32. Mitt Romney releases tax numbers: US$6.2M owed on US$42.5M earned in 2010, 2011

“Those who count on quote ‘Hollywood’ for support need to understand that this industry is watching very carefully who’s going to stand up for them when their job is at stake. Don’t ask me to write a check for you when you think your job is at risk and then don’t pay any attention to me when my job is at stake.”

As pointed out on the MPAA web site, Dodd is also a former US Senator from Connecticut. Surely he understood the implications of publicly confirming what we have always expected — that Hollywood spends a lot of money on politicans and expects a return on their investments. Rather than condemn him, perhaps we should be thanking him for putting this out in the open.

The movie industry, like many others, is facing a harsh new reality — one that, for the most part, they appear to be in denial about. Pushing for draconian, ill-informed legislation such as the Stop Online Piracy Act (SOPA) and the Protect IP Act isn’t the solution. Perhaps it’s time that Hollywood stop trying to purchase politicians and apply some creativity to their business model instead.

1. Microsoft: Worm Operator Worked at Antivirus Firm
   In a surprise filing made late Monday, Microsoft said a former technical expert at a Russian antivirus firm was the lead person responsible for operating the Kelihos botnet, a global spam machine that Microsoft dismantled in a coordinated takedown last year.
2. Supreme Court GPS ruling called a win for privacy
   Calling it a victory for privacy rights, civil rights advocates hailed a U.S. Supreme Court ruling that requires law enforcement officials to obtain a search warrant before they can attach a GPS tracking device to a vehicle.
3. Councils tout 1.2bn for IT whizkid to grab their backend
   Outsourced IT includes crim record checks and payroll: A one-billion-pound contract is up for grabs as three London councils hunt for IT hotshots to streamline their back-office systems – handling everything from criminal record checks and financial accounts to the payroll and psychometric testing.
4. US Senator’s Twitter account back after hack
   Anti-SOPA activists play ‘occupy @ChuckGrassley’: The office of US Senator Chuck Grassley has confirmed that his Twitter account was taken over and used to launch anti-SOPA messages on Monday, US time.
5. Google ups ante for Chrome hack at revamped Pwn2Own
   The sponsor of the annual Pwn2Own hacking contest has dramatically revamped the challenge and will be awarding a first prize of $60,000 this year, four times 2011′s top reward.
6. Researcher traces ‘Gameover’ malware to maker of Zeus
   The ‘Gameover’ malware that the FBI warned about earlier this month is a preview of the next version of the even-more-notorious Zeus money-stealing Trojan, a security researcher said today.
7. Supreme Court: GPS tracking needs court warrant
   U.S. law enforcement agents need court-approved warrants to track a suspect’s whereabouts using a GPS device, the U.S. Supreme Court said Monday, in deciding a burning issue where privacy intersects with modern technology.
8. Sourcefire jumps into anti-malware market
   Cyber-outbreak defence tech to shore up big biz: Sourcefire, the security biz behind the commercial versions of the open-source Snort intrusion-detection software, is bowling itself at enterprises and touting tech designed to quickly detect and block malware outbreaks.
9. DreamHost resets passwords after database breach
   Los Angeles-based Web hosting firm DreamHost reset the FTP and shell access passwords for all of its customers on Friday after detecting unauthorized activity within one of its databases.
10. Android hackers mull rooted mobe app marketplace
    As if things weren’t complicated enough: Android hackers are discussing the creation of a specialist app store, listing software for rooted handsets and other things that even Google won’t allow.
11. Microsoft names botnet ‘suspect’
12. Microsoft accuses Russian of masterminding Kelihos botnet
13. Sourcefire debuts anti-malware software FireAMP for enterprise
14. Twitter acquires antimalware company Dasient
15. Kelihos malware author, botnet herder named by Microsoft
16. Unique Web malware hosts increase
17. 10K Reasons to Worry About Critical Infrastructure
18. ‘Gameover’ malware is next-gen Zeus trojan
19. Sourcefire shows cloud-based malware tracker FireAMP
20. Europe Weighs a Tough Law on Online Privacy and User Data
21. Judge Orders Defendant to Decrypt Laptop
22. Ex-CIA officer charged over classified leaks
23. Dreamhost, T-Mobile Data Breaches Compromise User Passwords
24. Ex-CIA officer charged with leaking classified information to journalists
25. Yubico Reports 2011 Record Growth, Outlook For 2012
26. BB&T Payment Solutions Offers Free Data Security Webinar For Small Business Owners
27. WatchDox Introduces Secure Annotation, Collaboration For iPad, iPhone
28. Packet Plus Introduces Interactive Networking Stack Debugger
29. More Megaupload fallout: FileServe shutters file-sharing service
30. How exactly did Megaupload work before it got shut down?
31. Arab Facebook logins posted by Israeli hacker
32. I Spy Your Companys Boardroom
33. Former CIA official charged with intelligence leaks
34. Polar Mobile closes $6M funding round
35. Former CIA agent charged with leaking classified secrets to reporters
36. Researchers demonstrate tragic state of SCADA security
37. DreamHost resets customer FTP passwords following database breach
38. Do you need a cyberumbrella?
39. Anonymous Cons Web Users Into Joining DDoS Attacks with Camouflaged Links
40. DSKHuffington Post launches new website in France
41. Sourcefire Rolls Out FireAMP For Blocking Advanced Malware Utilizing Big Data Analytics
42. Costa Concordia captain passes drug test as more bodies found in wreckage
43. Advanced malware protection with Sourcefire FireAMP
44. Warrants Needed for GPS Monitoring, Supreme Court Rules
45. Consta Concordia captain passes drug test as more bodies found in wreckage
46. FireAMP Fights Malware with Big Data Analytics

1. Citadel Trojan Touts Trouble-Ticket System
   Underground hacker forums are full of complaints from users angry that a developer of some popular banking Trojan or bot program has stopped supporting his product, stranding buyers with buggy botnets. Now, the proprietors of a new ZeuS Trojan variant are marketing their malware as the first offering that lets customers file bug reports, suggest and vote on new features in upcoming versions, and track trouble tickets that can be worked on by the developers and fellow users alike.
2. SharePoint gods peek into colleagues’ info poll
   Security is for other people: SharePoint admins are abusing their privileged status to sneak a peak at classified documents according to a poll that shows consistent abuse of security in Microsoft’s business collaboration server.
3. ITV wrist-slapped for showing video game as IRA attack
   Fined for Youtube rip and bungled riot coverage: ITV has escaped a fine for using video game footage to illustrate IRA activities, and portraying the wrong riot, but will tighten up procedures to stop it happening again.
4. DreamHost nightmare attack sparks passwords reset
   Hackers inappropriately touched customer database: US-based hosting firm DreamHost is advising customers to change their passwords following a database breach.
5. ‘Hannibal’ leaks ’100,000 Facebook logins’
   Then demands Middle East cyber-war truce: The tit for tat between pro-Palestinian and pro-Israel hackers escalated at the weekend after a hacker called Hannibal claimed to have leaked the Facebook login details of “100,000 Arabs”.
6. Europe exposes its stiff data protection law this week
   Time for Facebook, Google et al to lobby hard: Stringent proposals for the revision of Europe’s outdated 1995 data protection law are to be revealed by officials this coming Wednesday.
7. Romanian who hacked NASA spared cooler stint
   If you can’t do the time, well, do the crime anyway: A Romanian hacker who admitted breaking into NASA’s network has avoided jail, receiving a three-year suspended prison sentence instead.
8. Anonymous dupes users into joining Metaupload attack
   The Anonymous hacking group recruited unwitting accomplices in Thursday’s attacks against U.S. government sites, a security researcher said today.
9. Researchers expose flaws in popular industrial control systems
   Researchers showcased unpatched security flaws in software used to control critical industrial systems by oil, gas, water and electrical distribution plants at the 2012 SCADA Security Scientific Symposium (S4) on Thursday.
10. Tax-themed spam delivers malware
11. EU to enforce 24-hour data breach disclosure
12. Tool used in Anonymous Megaupload campaign
13. GAO: critical infrastructure operators need more coherent regulations
14. SCADA industrial control systems exposed by security researchers
15. Thorsten Heins to take over as RIM CEO as Mike Lazaridis, Jim Balsillie step down
16. Unauthorized access to a database server exposes unencrypted customer passwords including FTP/shell and email accounts
17. Email addresses, system login information and other unknown data stolen from virus-infected computer after employee involved in H-II Transfer Vehicle project opens malicious e-mail attachment
18. Data breach resolution: the first 24 hours
19. Megauploads high-profile defense lawyer Robert Bennett withdraws from piracy case
20. Internet policing and copyright protection must be in balance: EU
21. Kim Dotcom, Megaupload founder, claims he is smarter than Bill Gates
22. 124,410 names, dates of birth, e-mail addresses, phone numbers, and MD5 passwords dumped on Internet
23. Costa Concordia captain denies delaying alarm, allegedly admits he messed up
24. Megauploads Kim Dotcom barricaded himself in mansion: police
25. Anonymous dupes users into joining Megaupload attack
26. Security roundup: Anonymous attacks DOJ, RIAA sites; Israeli-Palestinian cyberconflict escalates
27. Alleged spy Jeffrey Delisle fed misinformation to fool Russians: source
28. FBI Megupload Shutdown Cuts Off Uses From Personal Files, Business Data
29. FP Letters to the Editor: Stupid over SOPA
30. Version 8.3 Of Astaro Security Gateway Brings UTM To The Cloud
31. Avira Partners With Secure.me To Offer Facebook Protection
32. NQ Mobile Launches Mobile Security V6.0 For Android
33. Suits And Spooks Anti-Conference Aims to Redefine Security
34. Meet Kim Dotcom, king of Megauploads media empire
35. Qualys Launches New Freemium Web Security Service For SMBs
36. Trend Micro Marks 2011 “The Year Of Data Breaches”
37. SharePoint Users Develop Insecure Habits
38. Prolexic Enhances Portal to Provide Customers With More Insight Into DDoS Threats And Mitigation
39. Anons Tricked Bystanders into Joining Attack on DoJ
40. Mystery woman Domnica Cemortan says shes ready to testify in defence of Costa Concordia captain
41. Stephen Colberts Hermain Cain antics rankle South Carolina Democrats
42. Anonymous shutters government, music industry sites
43. Alcatel-Lucent and Arbor Networks Team Up In The Fight Against ‘Denial-Of-Service’ Attacks
44. McAfee closes spam-spewing hole in its anti-malware service
45. Programmer steals US government software source code
46. Megaupload shuttered, founders arrested, Anonymous retaliates with DDoS attacks
47. Has Anonymous Crossed the Line with MegaUpload.com Retaliation?
48. PIPA postponed: Harry Reid delays senate vote on anti-piracy bill
49. Costa Concordia captain cried like a baby after the crash; rescue operations suspended amid choppy seas
50. Reid Calls Off Protect IP Act Vote

1. Mozilla pushes browser-based alternative to passwords
   Give us your keys to look after, we’re lovely: Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.
2. Federal Reserve contractor charged with source code theft
   A U.S. Federal Reserve contractor has been charged with copying the source code of software that keeps track of large exchanges of money between U.S. government agencies.
3. Feds charge 7 in ‘massive’ case against Megaupload online piracy ring
   A day after thousands of websites went on strike protesting controversial anti-piracy legislation in the U.S., federal authorities today announced they have busted a pirate ring that allegedly hauled in $175 million.
4. Feds cuff coder accused of US bank source code swipe
   Alleged thief ‘nicked $9.5m software to train his students’: A computer programmer has been charged with stealing source code worth $9.5m from the Federal Reserve Bank of New York, according to the FBI and prosecutors.
5. Spam-squirting hole found in McAfee antivirus kit
   Ironic server-side flaw exploited, patch promised: McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.
6. U.S. drone strikes kill senior al-Qaeda official Aslam Awan in Abbottabad
7. Fed websites back online after Anonymous attack
8. Hackers retaliate over Megaupload
9. Anonymous retaliates for Megaupload shutdown, attacks DOJ, others
10. 2012 business worries
11. Fed sites online after Anonymous attack
12. Phone-hacking settlements by Rupert Murdochs News Corp. top $1-million
13. Hackers attack FBI, Justice Department websites after file sharing service shutdown
14. U.S. shutters Megaupload, hackers retaliate
15. U.S. Justice Department site taken down by hackers over Megaupload shutdown
16. Advertising: The Push for Online Privacy – Advertising
17. SOPA Getting a Face-Lift: How Evil Will It Be?
18. Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software
19. Microsoft takes aim at rootkits, misses
20. NSA Releases SE Android With Better Sandboxing, Access Control Policies
21. SITA First To Achieve PCI Security Compliance For Passenger Processing
22. Metasploit Exploit Module Released For PLC SCADA Devices
23. More source code stolen, says Symantec
24. Feds Shutter Indicts, Shutters Megaupload
25. McAfee due to patch spam relay problem in cloud product
26. IE URI encoding behavior facilitates XSS attacks, researchers say
27. HBGary And HP Enterprise Security Partner To Deliver Advanced Threat Intelligence On The ArcSight Platform To Combat Targeted Attacks
28. Koobface botnet goes down, suspects scurry to erase tracks
29. Barclays: 97 percent of data breaches still due to SQL injection
30. More source code stolen, Symantec
31. Iraq okays death penalty for 2009 Baghdad bombings convicts
32. Facebook Users Hit By Money-Grubbing Malware

1. Japanese cops cuff six smut-scam ransomware suspects
   Victims forced to pay stiff charges: Japanese police have arrested six suspected cyber-crooks over a one-click billing fraud scam that allegedly targeted sweaty smut surfers.
2. Facebook, experts spar over Ramnit worm contagion
   Security boss says stalking site is free of bank account-raiding malware: Facebook has downplayed the significance of Ramnit, a recently discovered worm that attempts to steal login credentials for the social networking site.
3. Careless care charity loses unencrypted patient data stick
   Whoops, won’t happen again: A care provider with offices in the Isle of Man and Northern Ireland has committed to improving its data protection standards after losing a memory stick containing unencrypted patient data.
4. Alcatel-Lucent, Arbor Networks partner on DDOS mitigation
   Alcatel-Lucent is now offering a router with technology from Arbor Networks that defends against distributed denial-of-service attacks, the two companies said on Wednesday.
5. Secunia sets six-month deadline for vulnerability disclosures
   Vulnerability research firm Secunia announced that, effective from the beginning of the year, software vendors will have a six-month deadline to fix vulnerabilities reported through its Vulnerability Coordination Reward Programme.
6. Alleged Muscovite cybercrime daddy hauled in to face US court
   Feds allege pre et fils duo scooped $100ks using malware: A suspected Russian cyber-crook has arrived in the US to face charges of security fraud, computer hacking and ID theft following his deportation from Switzerland.
7. Lock your online doors
8. Senate to Consider Cybersecurity Overhaul
9. RSA, unapologetic, looks to move beyond The Breach
10. Anti-malware code’s spambot flaw
11. Twitter users targets of social spear phishing
12. McAfee bug could turn PCs into spam servers
13. Facebook, Security Investigators Unmask Five Men Behind Koobface Crime Ring
14. William Watson: A teachers lesson
15. Internet SOPA/PIPA Revolt: Dont Declare Victory Yet
16. Zappos, Amazon hit by lawsuit after a hacker attack on the online shoe retailer
17. LOLing Our Way to Internet Freedom
18. SOPA, PIPA Still Threaten Internet Operations Even Without DNS Filtering
19. Symantec Confirms Source Code Stolen in 2006 Breach It Didn’t Know About
20. SOPA, Internet Regulation, and the Economics of Piracy
21. Senators change sides on SOPA/PIPA issue
22. USB Drive Security: 10 Tips for Guarding Enterprise Data
23. Costa Concordia captain claims he tripped and fell from sinking ship into lifeboat
24. Supreme Court Says Congress May Re-Copyright Public Domain Works
25. New Facebook attack targets e-cash users
26. SOPA Web Protests Sure to Inspire Malware Distribution Scams
27. Google, Wikipedia Lead Protests of SOPA, PIPA Across Web
28. How to Kill SOPA, PIPA While Building Consensus for Sensible Legislation
29. Symantec admits its networks were hacked and source code stolen
30. Symantec Confirms Hackers Breached Network in 2006
31. Yangs exit from Yahoo may remove barrier to Asia asset sale
32. Wikipedia, Google, Others Protest SOPA, PIPA
33. Google blacks out its home page in support of Wikipedia SOPA protest
34. DoD ID cards under attack
35. How Facebook Took Down Koobface Malware
36. Questioning of incoming data crucial for security awareness

1. MegaSearch Aims to Index Fraud Site Wares
   A new service in the cyber underground aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools.

   A glut of stolen card data has spawned dozens of stores that sell the information. The trouble is that each store requires users to create accounts and sign in before they can search for cards.

   Enter MegaSearch.cc, which aims to let fraudsters discover which fraud shops hold the cards they’re looking for, without having to first create accounts at each shop. This underground search engine aggregates data about compromised payment cards, and points searchers to various fraud shops selling them.

2. NYT names five Koobface botnet suspects
   Trojan coins millions for its masters, say researchers: Five suspected masterminds behind the infamous Koobface botnet have been unmasked in a move abetted by Facebook to put the heat on cyber-crimelords.
3. New stealthy botnet Trojan holds Facebook users hostage
   Victims must pay $25 to get back into stalkerbase: A new strain of cybercrime Trojan is targeting Facebook users by taking over their machines and shaking them down for cash.
4. Symantec backtracks, admits own network hacked
   Symantec today backed away from earlier statements regarding the theft of source code of some of its flagship security products, now admitting that its own network was compromised.
5. Facebook may let you share what you do off-site
   Speculation is swirling that Facebook is getting ready to announce a way to combine information on what users do on, and off, the social network.
6. Police charge man with fraud over phoney computer orders
7. Why Weve Censored Wired.com
8. Clamor for cloud apps increases corporate data breach risk
9. Zappos data breach response a good idea or just panic mode?
10. Stuxnet and Duqu part of assembly line: researchers
11. Oracle Accused of Downplaying Database Flaws, Severity
12. Google ‘Good to Know’ Campaign Touts Web Privacy, Security
13. Smartphones, Tablets, Android Are Why Malware Is Going Mobile in 2012
14. Oracle Patches 78 Bugs in January’s Critical Patch Update
15. Coastguard begged Costa Concordia captain Francesco Schettino to return to ship after crash, recording shows
16. Russia faces violent revolution if it doesnt embrace democracy, billionaire Putin challenger declares
17. Why is Wikipedia staging a blackout and what is SOPA?
18. Vivian Krause: Oil sands money trail
19. A SOPA/PIPA Blackout Explainer
20. Google’s ‘Good to Know’ Is a Great Online Privacy Resource for Business
21. Israeli and Palestinian hackers trade DDoS attacks in rising cyber-gang war
22. Bits Blog: Even Big Companies Cannot Protect Their Data
23. Zappos Breach Illustrate the Need for Stronger Password Rules
24. New Sykipot Variant Targets Defense Sector Smart Card Credentials
25. GFI Software Enhances Dynamic Malware Analysis
26. Canadians ignoring brands on social networks
27. Hacktivists expose personal info of T-Mobile staff
28. Cambridge company Launches Ultra-Secure 3rd Generation Networked SCADA System
29. Supreme Court Rejects Student Social-Media Cases
30. Email, Personal Information on PlayBook Left Vulnerable to Hackers
31. Threat incidents and security wins in 2011
32. Facebook ‘Koobface’ Malware Gang Unmasked — Sophos Releases Exclusive Research
33. Brazen Brazilian hackers opening cybercrime schools
34. Wikipedia Planning SOPA, PIPA Protest Shutdown
35. 10 Security Trends To Watch In 2012
36. Collection of information key to thwarting APT attacks
37. Symantec Announces Intelligent Information Governance To Mitigate Risks And Free Information
38. U.S. online piracy bill headed for major makeover
39. Facebook to name and shame Russian Koobface gang
40. Collection of information key to thwarting APT attacks, report

1. Phishing Your Employees 101
   A new open source toolkit makes it ridiculously easy to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one can be abused by miscreants to launch real-life attacks.

   The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a login page — with a single click, and ships with an easy-to-use phishing lure creator. An education package is bundled with the toolkit that allows administrators to record various metrics about how recipients respond, such as whether a link was clicked, the date and time the link was followed, and the user’s Internet address, browser and operating system. Lists of targets to receive the phishing lure can be loaded into the toolkit via a spreadsheet file.

2. NSA constructs hardened Android, unleashes it on world
   Vicious apps squashed by super-spook mobile OS: The US Defense Department’s The National Security Agency (NSA) has released a security-hardened version of Google’s mobile OS, Android.
3. Japanese boffins fear virus nicked spacecraft blueprints
   Tokyo, we have a problem: Japanese space engineers have admitted one of their computers has been infected by a Trojan that may have leaked sensitive data, including system login information, to hackers.
4. GAME: Our website wasn’t hacked!
   Leaked account login details are bogus, says chain: Video games purveyor GAME says it has not been hacked after reports yesterday claimed that the retail biz had suffered a security breach.
5. Taxman two months late on cyber-crimefighters deadline
   HMRC still wants our dosh on time though: HMRC has missed a key deadline to create teams of cyber crime investigators and launch initiatives to counter the increased threat of web attacks on the authority’s systems and customers.
6. Security challenges for the finance sector
7. Survey: Security deployments, training reduce cyberattack wipeouts, downtime
8. Chinese hackers target DoD, DHS smart cards
9. Cyber attacks cost firms nearly US$500K per year, study finds
10. Call center employee pleads guilty to stealing and misusing customers’ credit card numbers
11. 44 employees’ names, e-mail addresses, phone numbers, and clear-text passwords dumped on the Internet
12. 5,294 e-mail addresses, MD5 passwords, and usernames dumped on the Internet
13. Visa advises on more secure credit card transactions
14. Zappos Hacked: What You Need to Know
15. Hackers breach T-Mobile Web server, leak staff data
16. Zappos breach affects 24M, opens door for more attacks
17. Online retailer Zappos warns customers after major hacker attack
18. Non-US customers kept in dark as Zappos cleans up after data breach
19. White House Opposes DNS Blocking in SOPA
20. College and students ravaged by malware for over a decade
21. College and students ravaged by viruses for over a decade
22. 24 million email addresses, billing and shipping addresses, phone numbers, the last four digits from credit cards, passwords and more illegally accessed
23. Zappos gets hacked, resets customers’ passwords
24. Shopping site Zappos hit by hacker
25. Hackers target children’s sites
26. MP quits over Hitler joke video
27. Russia vows to expose those responsible for Phobos-Grunt Mars probes inglorious end over the Pacific
28. Pakistan PM Gilani found in contempt of court for suspected corruption cover-up
29. Hackers strike Amazon-owned site
30. NASA and ISS data stolen from Japanese space agency

1. DHS media monitoring could chill public dissent, EPIC warns
   The U.S. Department of Homeland Security is engaging in media monitoring activity that achieves no public safety goals and will likely have a chilling effect on legitimate criticism of the agency, a leading privacy advocacy group warned.
2. Zappos coughs to HUGE data breach
   Up to 24 million users zappwn3d: Online online shoe and apparel outlet Zappos.com has apologised over a massive data breach that exposed the personal details of millions.
3. Facebook chat phishing attack impersonates Facebook security team
   A new phishing attack that’s spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network’s security team.
4. US military access cards cracked by Chinese hackers
   Access to buildings and intranets harvested by super-spy Trojan: A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers.
5. Sykipot Trojan hijacks DoD smart cards
   A variant of the Sykipot Trojan Horse hijacks U.S. Department of Defense (DoD) smart cards in order to access restricted resources.
6. Kenyan startup claims Google ‘scalped’ its data after staging a STING
   Google smacks back: Mocality’s data was ‘publicly available’: Google has been accused of “fraudulently” accessing a rival Kenya-based business listings database and then attempting to sell the internet giant’s competing GKBO product to that customerbase.
7. New attacks on Israeli websites
8. White House blasts Internet piracy bills
9. Israels stock exchange, airline attacked by website hackers
10. Hackers attack Israels stock exchange, national air carrier
11. Q&A: RSA’s Art Coviello reflects on last year’s big data breach
12. RSA chief: Last year’s breach has silver lining
13. Zappos hacked, info of 24+ million customers may be compromised
14. Zappos Latest Company Hit by Data Breach
15. San Francisco City College systems infected for over a decade
16. RSA security breach has improved security measures
17. Facebook Security impersonated by hackers in chat phishing attack
18. Small medical practices greatly at risk for data breaches
19. White House Blasts Internet Blacklisting Bills
20. Microsoft’s Trustworthy Computing, Security Still Priority 10 Years Later
21. Chinese ‘attack US DoD Smart Cards’ with Sykipot Malware
22. Obama administration joins the ranks of SOPA skeptics
23. Nortel trial to open old wounds
24. Where Nortel went wrong
25. Were senior executives scapegoats for Nortels demise?
26. Confessions of a Mossad spy
27. Customers’ account administration e-mail, account names, dates of birth, contact numbers, postal addresses, passwords, and credit card details may have been accessed by hacker
28. Rep. Smith Waters Down SOPA, DNS-Redirects Out
29. Podiatrist used names and identity information of approximately 200 nursing home patients as part of Medicare fraud scheme
30. Office of the Privacy Commissioner retrieved hundreds of medical records that were scattered amongst debris in an abandoned rural property belonging to a doctor who had been disciplined
31. Banking information and other data from perhaps tens of thousands of students, faculty and administrators were exfiltrated overseas by numerous viruses that were on systems for over a decade
32. Symantec accused of selling “scareware”
33. Nevada State Bar Investigating Copyright-Troll Righthaven
34. 342,000 records of subscriber/customers, including 315K e-mail addresses and phone numbers, 85K dates of birth, and 27K MD5 passwords dumped on web
35. Microsoft to scale up its threat intelligence sharing
36. Syria tank attack on border town leaves at least 15 dead, add to civil-war fears
37. Oracle Plans 78 bug Fixes in January’s Giant Critical Patch Update
38. Facebook chat-based phishing attack impersonates Facebook Security
39. U.S. still using RQ-170 Sentinel drones despite capture by Iran
40. Expired Digital Certificates: A Management Challenge
41. Sykipot Malware Steals Pentagon Smart-Card Credentials
42. TSA Air Marshal Arrested for Stealing Boston Occupiers iPhone on the Eve of Eviction
43. Complaints about online traffic slowdowns increasing: CRTC
44. Arab League braces for civil war as protests erupt across Syria

1. Namesco spits out phishy warning after credit card info leak
   ‘Please do not treat this as SPAM’: Namesco customers are angry over the domain name and hosting firm’s handling of a security breach that exposed the credit card details of some of the domain name and hosting firm’s users.
2. EPIC asks FTC to probe Google’s search biz tweak
   It’s a sticky social situation: The Electronic Privacy Information Center (EPIC), as expected, has now written to the US Federal Trade Commission requesting that the watchdog investigates Google’s search business.
3. Cyber insurance offers IT peace of mind — or maybe not
   Cyber insurance can help mitigate damages after a breach, but it’s no substitute for top-notch security, IT pros say.
4. NHS fined 375k after stolen patient data flogged on eBay
   Hospital bosses appeal against ICO’s stiffest punishment yet: The Information Commissioner is proposing to issue its heaviest ever fine for a breach of UK data protection laws. It proposes fining a health body after patient records were stolen from a hospital and sold on eBay.
5. Aussie fraud buster seized by global rival
   Founder joins as global CTO: Cybercrime buster ThreatMetrix has added Australian malware protector TrustDefender to its global fold.
6. Lawmakers seek hearing on Carrier IQ privacy issues
   Three House members today called for a Congressional hearing on the implications raised by the use of the Carrier IQ’s software by wireless carriers.
7. Stratfor slaps website back online after Anon mega-hack
   CEO: Hacktivists can’t silence us – and soz about the credit cards: Stratfor has restored its website to normal operation on Wednesday, more than two weeks after a hack attack by Anonymous that made the global intelligence analyst firm a byword for information insecurity.
8. Walden University offers M.S. in Emergency Management
9. Chinese ‘attack US DoD smart cards’ with Sykipot malware
10. Microsoft to share valuable real-time threat data feed with security community
11. Chinese using malware to attack US DoD smart card security
12. Identity intelligence and the complexity of security
13. Syria regime liquidating journalists, opposition council says
14. Leahy Offers to Remove Net-Altering DNS Redirects in Anti-Piracy Bill
15. Stratfor returns as Anonymous readies 5M stolen emails
16. Statfor returns as Anonymous readies 5M stolen emails
17. Microsoft Planning Real-Time Feed of Valuable Threat Data
18. 2,651 e-mail addresses and MD5 passwords acquired and dumped by hacker
19. 4,504 usernames, MD5 passwords, and e-mail addresses acquired and dumped by hacker
20. Manning Should Be Court-Martialed, Court Official Recommends
21. Air Force Drone Controllers Embrace Linux, But Why?
22. Prolexic Revenues Increase 45 Percent In 2011
23. SentryBay And NetSTAR Sign Strategic Technology Partnership
24. Bradley Manning Attorney Wants to Depose Rejected Witnesses
25. Microsoft Testing Real-Time Botnet Threat Intelligence Data Feed
26. DNSSEC Adoption Needs to Grow to Secure Core Internet, Protocols
27. Spam–Key Trends In 2011 And Predictions For 2012
28. BSA Details Cybersecurity Priorities In Letter To Senate
29. F5 Keeps Android Users Connected And Productive With New Secure Access Solutions
30. New Associate of (ISC) Programs For CSSLP And CAP Help Aspiring Professionals Prepare For Careers In Cyber Security
31. IBM Security Software Manages Employee Data Access Privileges
32. Hack Attacks Now Leading Cause Of Data Breaches
33. Wyden, Issa, CEA prepare for critical battles against SOPA and PIPA
34. Cybersecurity help exists, if you know where to look
35. Microsoft building real-time security threat feed for governments, partners

1. Flying the Fraudster Skies
   Given the heightened security surrounding air travel these days, it may be hard to believe that fraudsters would try to board a plane using stolen tickets. But incredibly, there are a number of criminal travel agencies doing business in the underground, and judging from the positive feedback left by patrons, business appears to be booming.

   The tickets often are purchased at the last minute and placed under the criminal buyer’s real name. The reservations are made using either stolen credit cards or hijacked accounts belonging to independent contractors in the travel industry. Customers are charged a fraction of the cost of the tickets and/or reservations, typically between 25 and 35 percent of the actual cost.

2. Scammers punt bogus pink Facebook makeover
   Lame lure promises to banish ‘boring blue’: The latest survey scam doing the rounds on Facebook works by falsely offering to change the profile of prospective marks from blue to red, black or shocking pink.
3. WEF report: Cyber-attack risk to global stability is real
   Cybercrime, wealth divide ranked among top 5 perils the world faces: Cyber-attacks against governments and businesses are among the top five risks in the world in terms of likelihood, according to the startlingly obvious World Economic Forum’s (WEF) Global Risks for 2012 report.
4. Stratfor relaunches site; CEO accuses attackers of censorship
   Strafor Global Intelligence CEO George Friedman on Wednesday blasted those responsible for a December attack on the global intelligence firm’s website and decried what he called ‘censorship’ by the attackers.
5. Mozilla deploys Firefox safety net for corporate mindreaders
   Security fixes applied to as-yet-undisclosed older builds: Mozilla has pledged to update old versions of Firefox with security fixes, granting enterprises extra time to test and deploy major upgrades of the browser safe in the knowledge that vulnerabilities in existing installations will be patched.
6. Spammers hit mobes with QR code junkmail jump pads
   Ultimate URL obfuscator: Security researchers have spotted spam emails that point at URLs featuring embedded Quick Response codes (QR codes).
7. Carrier IQ detection tool converted to premium SMS Trojan
   Android malware writers are taking advantage of the controversy surrounding Carrier IQ’s smartphone tracking software in order to distribute a premium SMS Trojan, security researchers from Symantec warn.
8. MPAA attacks Ars for “challenging efforts to curb content theft”
9. Rootkit masquerading as Pro Evolution Soccer 2012 keygen
10. Hackers use Carrier IQ controversy to push Trojan
11. Sandia addresses complex DNS vulnerabilities
12. Gender gap hinders cybersecurity hiring boom
13. Can you trust data-recovery service providers?
14. Israeli hacker’s retaliatory leak
15. Saudi credit card numbers posted by Israeli hacker
16. New Sandia DNSSEC Visualization Tool Simplifies DNS Security for IT Managers
17. Stratfor Relaunches Site as CEO Apologizes for Data Breach
18. 21 subscribers’ e-mail addresses as well as 10 agents’ e-mail addresses, clear-text passwords, contact details, some bank account information acquired and dumped by hacker
19. 3 people accessed personal tax data inadvertently displayed from Property Transfer Tax Returns on a vendor portion of the state’s web site, including Social Security numbers of 1,332 individuals and the federal ID numbers of 245 businesses
20. 5,450 e-mail addresses and clear-text passwords acquired and dumped by hacker
21. Personal records of 2,700 members of the Healthy Indiana Plan, Care Select and Hoosier Healthwise health programs, including Medicaid numbers, exposed on the Internet after an upgrade
22. 60 customers’ online bank statements viewed by other customers after bank reinstated online statements following a fix for a previously detected vulnerability
23. China in Canada, part 2: Four misconceptions on China
24. IBM Attacks The Complexity Of Security With Identity Intelligence
25. Rare Legal Fight Takes On Credit Card Company Security Standards and Fines
26. ThreatMetrix Buys TrustDefender to Add Device Integrity Tools to Products
27. Internet addiction becomes more than a buzzword
28. Spam with QR code targets mobile users
29. Universal Blasts Megaupload in Video Takedown Flap
30. Entrust Uses Near-Field Communication, Bluetooth to Bring Enterprise Credentials, Management To Popular Mobile Devices
31. U.S. Coast Guard Purchases Unisys Stealth Solution For Secure Virtual Terminal
32. Free PCI Compliance Task List Provides Structure To Help Maintain PCI Security Standards
33. Will 2012 be the year of the…..
34. Columbia Sportswear Leverages Tokenization And Encryption To Reduce PCI Scope
35. ThreatMetrix Acquires TrustDefender
36. Cybersecurity help exists, focusing it is the trick
37. Data Recovery Services Pose Data Breach Risk Without Security Guarantees
38. Thales And Infoblox Help Protect Internet Integrity
39. Stratfor Relaunches Web Site in Wake of Attack
40. Blame the Internet: London’s burglars won’t even steal CDs, DVDs
41. Israel not shedding a tear over mystery death of Iranian nuclear scientist
42. Review: Preventing Good People From Doing Bad Things
43. The anatomy of the Gameover Zeus variant

1. Adobe, Microsoft Issue Critical Security Fixes
   Adobe and Microsoft today each issued software fixes to tackle dangerous security flaws in their products. If you use Acrobat, Adobe Reader or Windows, it’s time to patch.

   Microsoft released seven security bulletins addressing at least eight vulnerabilities in Windows. The lone “critical” Microsoft patch addresses a pair of bugs in Windows Media Player. Microsoft warns that attackers could exploit these flaws to break into Windows systems without any help from users; the vulnerability could be triggered just by browsing to a site that hosts specially crafted video content.

2. Adobe plugs 6 critical holes in Reader
   Adobe on Tuesday patched six vulnerabilities in the newest version of its popular Reader PDF viewer, making good on a late-2011 promise when it shipped an emergency update for an older edition.
3. Attack code published for serious ASP.NET DoS vulnerability
   Exploit code for a recently patched denial-of-service (DoS) vulnerability that affects Microsoft’s ASP.NET Web development platform has been published online, therefore increasing the risk of potential attacks.
4. Pro-Israel hackers threaten tit for tat after card leak
   Saudi e-stores and Israeli diplomat’s site nobbled in cyber-spat: Pro-Israel hackers have reportedly breached Saudi shopping sites in retaliation for the publication of Israeli credit-card details by a pro-Palestinian “Saudi” hacker last weekend.
5. Sprint tucks Google Wallet into new pay-by-tap phones
   Two 4G LTE phones, one wallet, no legacy networking: Sprint’s two newly announced 4G handsets both support Google Wallet, bringing an important boost to Google’s aspirations, but they also hammer the death nail into WiMAX in the USA.
6. Easy ways to protect your privacy and data
7. Media Player, security bypass are focus of Microsoft’s first Patch Tuesday of 2012
8. Google admits profiting from ads for illegal sites
9. 2012 World Economic Forum Risks Are Released
10. Microsoft ASP.Net flaw targeted by hacker exploit code
11. Microsoft issue Patch Tuesday fix for Media Player and security bypass
12. 2011: The Year Anonymous Took On Cops, Dictators and Existential Dread
13. The credit card that may stop, or at least hinder, on- and offline fraud
14. 109 usernames, encrypted passwords and decrypted passwords acquired and dumped by hacker
15. 160 names, e-mail addresses, clear-text passwords, addresses, phone number, and title acquired and dumped by hacker
16. 36 usernames, clear-text passwords, and e-mail addresses acquired and dumped by hacker
17. 3,410 customers’ company names, address, username, clear-text password, phone number, and e-mail address acquired and dumped by hacker
18. 125 e-mail addresses, clear-text passwords, and country of origin acquired and dumped by hacker
19. 173 users’ names, dates of birth, e-mail addresses, phone numbers, MD5 passwords and some bank account information acquired and dumped by hacker
20. Peter Foster: The banker, the deal, his wife and their cover
21. Adobe patches Reader bugs, releases new JavaScript feature
22. Adobe Fixes Bugs, Adds JavaScript Whitelisting to Reader, Acrobat
23. Military gear missing from Afghan mission shipments
24. Microsoft issues seven security patches, BEAST fix included
25. CES 2012: RIMs PlayBook software overhaul brings hope
26. Microsoft Fixed Eight Bugs in Seven Patches in January’s Patch Tuesday
27. Microsoft Slays the BEAST, and Six Other Patch Tuesday Updates
28. Guardian Analytics Releases Anomaly Detection Toolkit Inbox
29. 2012 Ponemon Report On Trends In Security Of Data Recovery
30. Employment agency’s files, including Social Security numbers, names, contact info, and medical records, disposed of by cleaning crew of landlord
31. Boxes filled with student information, including applications for free and reduced price meals with financial information, thrown out by cleaning crew
32. 232 hard drives containing patient information that were being decommissioned were stolen from a locked store at the hospital; some wound up for sale on eBay
33. 36 names, e-mail addresses, and SHA1 passwords acquired and dumped by hacker
34. 160 names, phone numbers, e-mail addresses, clear-text passwords, birthdates, ID numbers, and usernames acquired and dumped by hacker
35. 594 names, postal addresses, SHA1 passwords, and e-mail addresses acquired and dumped by hacker along with database of e-mails.
36. 5,208 customers’ e-mail addresses and clear-text passwords acquired and dumped by hacker
37. Polish prosecutor who shot himself at press conference had $800,000 bounty on his head
38. Feds Seek Stronger Security For Power Grid
39. Avira Teams with secure.me for Facebook Security
40. (ISC) Announces Newly Elected 2012 Board Of Directors
41. Do you know your cyberthreat terms?
42. Force firms to disclose data breaches, report urges
43. Mass SQL Injection Attacks Uses Automated Tools, Search to Infect New Sites
44. Polish prosecutor says he shot himself in the head at a press conference to expose government corruption
45. Anonymous hackers hit websites after Pirate Bay block
46. Arab League members injured in rebel assault as Assad mocks monitors efforts

1. German cops hacked in revenge for spying dad
   Payback after officer used cyber-bug to snoop on daughter: An infiltration of a German federal security system last year has been traced back to a botched attempt by an unnamed security official to use a Trojan to monitor his daughter’s internet usage, Der Spiegel reports.
2. Oracle’s latest Java moves frustrate users and vendors
   The company is under fire for modularization, licensing, and security issues
3. Apple, RIM deny claims of data backdoor for Indian government
   Symantec hackers claim intelligence memo shows secret deal: Updated Apple and RIM have denied providing the Indian government with backdoor access to customers’ data, after the release of a memo that appears to suggest that they and Nokia did a deal in exchange for access to the Indian smartphone market.
4. Apple patent stashes passwords in chargers
   Forgot your login? Your power adapter will spill the beans: Apple has filed a patent on a power adapter that helps users to get back forgotten passwords.
5. HP sneaks out printer firebomb firmware security fix
   Says no one has blown up any LaserJets: HP has quietly patched a serious security vulnerability that had left its LaserJet printers open to attack by net villains.
6. Smart meter SSL screw-up exposes punters’ TV habits
   Also showed researchers WHETHER OR NOT THEY WERE HOME: White-hat hackers have exposed the privacy shortcomings of smart meter technology.
7. Recycled cybercrime tactics adapted to conceal fraud
8. Delaware student takes top prize at annual cyber competition
9. Al Qaeda wants to be your friend and follower
10. Do you know your cyberthreats?
11. 337 customers’ usernames, clear-text passwords, account level, login count, createdate and id acquired and dumped by hacker
12. 201 usernames and hashed passwords acquired and dumped by hacker
13. 121 names, usernames, clear-text passwords, landline and mobile phone numbers, and e-mail addresses acquired and dumped by hacker
14. 37 names, e-mail addresses, telephone numbers and MD5 with corresponding clear-text passwords
15. Names of employees, social insurance number, employee number, bank account information for employee direct deposits, and latest payroll information were in burgled safe and electronic devices
16. Terence Corcoran: A war on green radicals
17. Mystery Buyer Wins Auction for Copyright Trolls Domain
18. Ottawa public health unit has reached 90 per cent of Farazli clinic patients
19. Israel Likens Credit Card Breach to Terrorist Act
20. Judge Denies Request to Block Twitter From Handing Over Account Data
21. Geeks to Testify (Finally!) About SOPA Blacklisting Implications
22. UnboundID Debuts Industry’s First Identity Management Products Based On SCIM Specification
23. Energy Department to analyze power grid cyber threats
24. FTC settles with rewards company over security infractions
25. CES 2012: Apples mystery TV is the years hottest phantom gadget
26. Oracle Beefs Up Database Firewall With SQL Injection Defenses, MySQL
27. Prolexic Mitigates Weekend DDoS Attack For Foundation Source
28. Top German cop uses spyware on daughter, gets hacked in retaliation
29. Israel steps up rhetoric against credit-card hackers
30. Government contractors now required to have cybersecurity plans
31. ETrade cyberattack shuts down trading
32. Japan develops anti-hacker weapon
33. Secret Service charges Romanian man with ATM fraud
34. Cyber attack on Israeli sites considered terrorist operation, says Israeli official
35. Police arrest ATM skimmer after $1.5 million stolen
36. Secret Services charges Romanian man with ATM fraud
37. Stratfor apparently targeted again by hackers

1. Virtual Sweatshops Defeat Bot-or-Not Tests
   Jobs in the hi-tech sector can be hard to find, but employers in one corner of the industry are creating hundreds of full-time positions, offering workers on-the-job training and the freedom to work from home. The catch? Employees will likely work for cybercrooks and may make barely enough money in a week to purchase a Happy Meal at McDonald’s.
2. Symantec downplays source-code trophy theft
   Indian hackers posted 5-year-old Norton code: Symantec has confirmed earlier versions of its anti-virus source code have leaked, following a security breach of what the company said was the network of a “third party entity” rather than their own.
3. BEAST SSL fix in supersized Patch Tuesday
   Microsoft’s 2012 kick-off features 7 security bulletins: Microsoft plans to start 2012 with a surprisingly large Patch Tuesday that covers seven security bulletins which collectively address eight separate vulnerabilities. Previous January releases have normally featured only one or two bulletins.
4. Sony website defacer pwned by second hacker
   It’s a dog-eat-dog world: A defacer affiliated with Anonymous vandalised Sony’s online front door this week over the corporate behemoth’s support of SOPA, a hated anti-piracy law proposed in the US.
5. Mafia hit suspect cuffed after BlackBerry chatter intercept
   Cops keep schtum on sniffing RIM data: Canadian police have apparently used BlackBerry communications to arrest murder suspect Raynald Desjardins in a move seen as an unprecedented use of intercepted data.
6. Part virus, part botnet, spreading fast: Ramnit moves past Facebook passwords
7. UMD, Lunarline partner on cybersecurity
8. Signcryption technology tightens cybersecurity
9. DotA 2 and Diablo III beta testing crack files carry malware
10. Kaspersky Mobile Security Lite available for free
11. RIMs quest to woo developers back to BlackBerry
12. DND censors Taliban photos over privacy, national security
13. 30 patients and 150 students that a hacker might have accessed their names, medical information and/or Social Security numbers
14. Employee stole over 130 customers’ credit card numbers
15. Nine laptops stolen in a burglary contained personal information
16. Israeli credit cards hit by cyber attack
17. Israeli Credit Card Numbers Exposed in Cyberattack
18. Bank customers’ details, e-mails, and gold purchase transactions reportedly viewable by reporters working for bank-owned newspapers due to failure to turn off file-sharing on shared server
19. Israel vows to treat hackers like ‘terrorists’
20. Security roundup: DOD revving up cyber-defense for 2012; Microsoft to have big January Patch Tuesday
21. FBI warns of new Zeus-based malware in phishing scam
22. Usernames, domain information and hashed passwords hacked via database SQL injection
23. Battle rages on over online privacy bill
24. Symantec: Hackers did steal code, but it’s old
25. Adobe Plans Fixes for Critical 3D Bugs in Reader, Acrobat X
26. New slow-motion DoS attack: just a few PCs, little fear of detection
27. Supreme Court to Decide Dog-Sniffing Privacy Case
28. Symantec Confirms Hackers Stole Outdated Code, Downplays Impact
29. Stratfor subscribers receive phony emails
30. OpenSSL Fixes Six Flaws in the Secure Sockets Layer Protocol Tool
31. Romanian Man Charged in $1.5 Million ATM Skimming Scam
32. ‘Saudi’ hacker targets Israel with Trojan horse virus
33. Hackers Get Symantec Anti-Virus Source Code
34. Email accounts of police chiefs as well as files with personal information of members acquired and dumped by hackers (see Curator’s note)
35. Personal data of 4.44 million users including names, passport numbers, telephone numbers and dates of birth could have been seen by anyone visiting the exit and entry administration website
36. Bank allegedly revealed dozens of state employees’ names and Social Security numbers to each other when they mailed them copies of subpoenas they had received for their records from the state
37. Dozens of sensitive files tossed in garbage outside the 40th Precinct
38. Employees who had opted to get 2009 or 2010 W-2 forms electronically had their W-2 data exposed online and indexed by Google
39. Patients’ records from defunct businesses found near a dumpster, unshredded
40. iPhone 4S users are big data hogs compared to iPhone 4 users
41. Anonymous hacks Sony website and Facebook account
42. 1,678 employee/admin usernames, clear-text passwords, and IDs acquired and dumped by hacker
43. Israel may be under cyber attack
44. Google Chrome finally gets malware download protection
45. Facebook Worm Siphons 45,000 Accounts

Apparently the folks at Regretsy don’t like what I have to say:  They deleted my account and removed my comment.

The mob at Regretsy are very quick to jump on what they perceive to be heavy-handed behaviour by PayPal, but it appears that they don’t apply the same standards to themselves. And in failing to do so, they call the credibility of the original post and the balance of comments into question. It leaves me wondering if I should Regretsy using them as a source.

Regretsy did not respond to my email inquiry.

1. PayPal dispute ends in destruction of violin
   CNET ran an interesting article yesterday on how a PayPal dispute ended in the destruction of a violin. In summary, the allegation is that the purchaser disputed the authenticity of his $2,500 puchase, PayPal agreed, and they instructed the purchaser to destroy the violin it in order to obtain a refund. People are asking a [...]
2. Pharma Wars: Mr. Srizbi vs. Mr. Cutwail
   The last post in this series introduced the world to “Google,” an alias chosen by the hacker in charge of Cutwail — currently the world’s largest spam botnet. Google rented his crime machine to members of SpamIt, an organization that paid spammers to promote rogue Internet pharmacy sites. This made Google a top dog, but also a primary target of other botmasters selling software to SpamIt, particularly the hacker known as “SPM,” the guy behind the infamous Srizbi botnet.
3. New AOL IM considered harmful by privacy warriors
   EFF baulks at centralised chat logging by default: Privacy advocates have raised concerns about beta versions of AOL’s latest IM client, urging privacy-sensitive surfers to stay on older versions of the software.
4. Symantec confirms source code leak in two enterprise security products
   Symantec late Thursday confirmed that source code used in two of its older enterprise security products was publicly exposed by hackers this week.
5. ICO to ‘focus’ on health sector when enforcing info rights
   A breach too far?: The Information Commissioner’s Office (ICO) is to give “particular regulatory attention” to health organisations as it focuses on areas most likely to result in damage to people’s information rights, the watchdog has said.
6. GCHQ wants to enlarge ‘experienced’ specialists’ packages
   Spooks offer ‘retention payments’ to keep online security experts: GCHQ is offering its expert tech employees bonuses to prevent more staff from leaving for high-tech companies such as Google and Microsoft.
7. Hacker group threatens to release Symantec AV source code
   Symantec is investigating an Indian hacking group’s claims that it accessed source code used in the company’s flagship Norton Antivirus program.
8. Microsoft plans big January Patch Tuesday
   Microsoft today said it would deliver seven security updates next week — tying the record for January — to patch eight vulnerabilities in Windows and its developer tools.
9. Etrade suffers DDOS festive treat
   Gremlins shut down trading: ANZ Bank-owned online broker ETrade, has been the target of a sustained malicious offshore generated cyber attack.
10. Privacy 2012: I know what you did at 3:30 a.m.
    For a peek into what experts expect this year and beyond when it comes to privacy, we turn to the Rebecca Herold (aka the Privacy Professor) for answers.
11. Dammit Ramnit! Worm slurps 45,000 Facebook passwords
    Bank-raid malware is latest nasty to infect social networks: A bank account-raiding worm has started spreading on Facebook, stealing login credentials as it creeps across the site, security researchers have revealed.
12. Siri doubles iPhone data usage
13. Deadly suicide bombing kills 25 in Damascus: Syrian state TV
14. Wireless passwords vulnerable to hackers, US-CERT warns
15. Invisible DoS attack devised by white hat hacker
16. Livestreaming Journalists Want to Occupy the Skies With Cheap Drones
17. Ramnit / ZeuS Hybrid Compromises 45,000 Facebook Accounts: What You Should Know
18. FP Letters to the Editor: We need CEOs taxes
19. Romney tax plan would balloon US deficit: report
20. WikiLeaks Supporters Lose Court Bid to Protect Twitter Records
21. Hackers say they have Symantec’s Norton AV source code
22. New Ramnit variant steals Facebook logins
23. Facebook Worm Ramnit Steals Login Credentials, Tests Against Other Services
24. Smart Grid Operators Need to Integrate Processes for Security, Compliance
25. Microsoft Plans 7 Fixes for January Patch Tuesday
26. Top 11 Trends For 2012 In Healthcare Data, According To Industry Experts
27. Feds Want Judge to Force Suspect to Give Up Laptop Password
28. Chat Logs Reveal Origins of Cutwail Botnet, Botmaster Identity
29. Ramnit malware targets Facebook, steals 45,000 passwords
30. Microsoft preps seven security patches
31. Ottawa prepares to launch anti-spam centre
32. SQL Injection Hack Infects 1 Million Web Pages
33. Worm ‘steals Facebook passwords’
34. Worm steals 45,000 Facebook login credentials, infects victims’ friends
35. Gingrich, Obama find common ground in attacking Romney
36. Rick Santorums rivals set to attack after surprising Iowa surge
37. ICANN pushes ahead with January 12 launch for new top-level domains
38. The antivirus industry and the grayware problem

People are asking a lot of questions about this one, and while I haven’t heard directly from the seller, her letter is posted on Regretse. (The buyer’s identity has not been disclosed.)  The dispute appears to focus on the violin label. I’m certainly not qualified to discuss violin labels and associated traditions, but these folks are and have something interesting to say.

I was a bit surprised to hear that PayPal had the instrument destroyed rather than returned to the vendor, but I found this in PayPal’s user agreement:

If a buyer files a Significantly Not as Described (SNAD) Claim for an item they purchased from you, you will generally be required to accept the item back and refund the buyer the full purchase price plus original shipping costs. You will not receive a refund on your PayPal fees. Further, if you lose a SNAD Claim because we, in our sole discretion, reasonably believe the item you sold is counterfeit, you will be required to provide a full refund to the buyer and you will not receive the item back (it will be destroyed). PayPal Seller protection will not cover your liability.

Merchants take heed — “in our sold discretion” gives PayPal at lot of power.

In response to my query, a PayPal spokesperson replied via email,

“While we cannot talk about this particular case due to PayPal’s privacy policy, we carefully review each case, and in general we may ask a buyer to destroy counterfeit goods if they supply signed evidence from a knowledgeable third party that the goods are indeed counterfeit.  The reason why we reserve the option to ask the buyer to destroy the goods is that in many countries, including the US,  it is a criminal offense to mail counterfeit goods back to a seller.”

A lot of small businesses rely upon PayPal, and this type of incident causes concern among merchants.  For example, one commenter on Regretsy pointed out,

This scheme of PayPal’s makes a great way to perpetuate fraud. Want to swap the fake Vuitton bag you bought on Canal Street for a real one? Just buy that real one on eBay, pay through PayPal and report the ‘fake’!

Credit card transactions in general place the burden of proof on the merchant. For example, if I ordered goods and subsequently advised the credit card issuer that the product didn’t arrive, the merchant would face a chargeback unless they were able to provide strong evidence to the contrary. PayPal adds an additional layer. If a buyer who has purchased through PayPal using a credit card is not satisfied and disputes the charge through their credit card issuer, the burden of proof falls to PayPal.

My point is not to excuse PayPal of their responsibilities.  They’re in the payment game and need to treat all parties fairly as well as manage their own risk. However, it’s also not fair to assume that these type of disputes or the potential for merchant losses are specific to PayPal. It’s also not realistic for sellers to assume that PayPal will protect them from all potential fraud scenarios.

I’m happy to see PayPal take a strong stand against counterfeit goods, but I just wonder if destroying a violin — even if the label was wrong — was the right answer in this case. I suspect executives at PayPal are asking that same question.

1. Amazon Kindle Fire browser hacked for your Android pleasure
   Everyone gets to be smooth as Silk: Hackers have managed to get Amazon’s proxy-based Silk browser compiled into other Android versions, allowing anyone* to take advantage of the Amazon cloud.
2. Man convicted of murder gets retrial after virus eats court files
   Official’s blunder sparks transcript deletion: A US man who had been convicted on a second-degree murder charge will get a new trial after a computer virus destroyed transcripts of court proceedings.
3. Sites knocked offline by OpenDNS freeze on Google
   JavaScript-hosting server branded ‘phishing’ den: Innocent websites were blocked and labelled phishers on Wednesday following an apparent conflict between OpenDNS and Google’s Content Delivery Network (CDN).
4. KIBOSH ‘non lethal’ sticky-bomb hits a car, fills it with gas
   US Special Ops: We didn’t kill them, the crash did: US special operations troops will shortly be armed with a projectile which can be fired from a portable launcher to hit a car or boat some distance off, following which the pocket-size adhesive bomb will release one of several types of “non lethal” gas into the target’s interior. The new weapon has been dubbed the “KIBOSH” by the secret super-troopers’ procurement office.
5. Two new security books ponder how vulnerable we are
   Two recently-published books, “America the Vulnerable” by Joel Brenner, a former official at the National Security Agency (NSA) and “When Gadgets Betray Us,” by writer and security analyst Robert Vamosi, have one theme in common: We’ve come to depend on modern networks and technology, but the compromise of them by attackers is a serious threat to both individuals and society as a whole.
6. Pastebin on the mend after DDoS battering
   Were hacktivists the real target?: Popular text file sharing service Pastebin.com has returned online following a denial of service attack on Tuesday.
7. Smartphone users hold false sense of security
8. Care2.com social network accounts breached by hackers
9. Over 1M pages compromised in massive SQL injection attack
10. Anonymous hackers hit Nazi hate sites
11. After 18 years, $6-million and a change of laws, Stephen Lawrences killers jailed
12. ZyXEL Melds Low-Cost IP Security Cameras with Remote Access Via the Cloud
13. Analysis of Stratfor Site Breach Reveals Weak Passwords, Poor Enforcement
14. RIAA: Kodak/Apple/RIM patent tangle proves we need Web censorship fast
15. Amazon Web Services Adds Cloud-Based Check Point Security Gateways
16. Small Internet firms cry foul over CRTC ruling, file fresh complaint
17. Kodak shares plunge after report that firm preparing bankruptcy filing
18. Hands-on: hacking WiFi Protected Setup with Reaver
19. New Pike Research Report Spotlights Growing Need For Integrated Approach To Security
20. SpyEye malware borrows Zeus trick to mask fraud
21. At 10 years old, Internet Explorer 6 is almost an artifact
22. Check Point Partners With Amazon To Offer New Security Solution In The Cloud
23. Fujitsu Working on ‘Good Virus’ to Seek and Destroy Attacking Systems
24. UL Expands Global Payment And Security Evaluation Services With Acquisition Of Witham Laboratories
25. MetricStream And Qualys Partnership Brings Actionable Security And Risk Intelligence To IT-GRC

1. Anonymous hunts neo-Nazis with WikiLeaks-style site
   Loads of alleged donors and right-wing players to send those pizzas to: Members of Anonymous have re-doubled their offensive against German neo-Nazis.
2. Saudi hackers plaster 14,000 credit card privates on web
   Raid on Israeli sites exposes up to 400,000 punters: A Saudi Arabian hacking group claims it has leaked information on up to 400,000 Israelis, including names, addresses and credit card details.
3. Fujitsu creates antivirus virus for Japanese government
   Code seeks out and destroys malware and botnet systems: Fujitsu has developed code for the Japanese government that will destroy malware and collect information on its creators.
4. Researcher: Many Stratfor passwords are weak
   At Utah Valley University, 120 computers are now working to decode encrypted passwords revealed by the hack of Stratfor Global Intelligence, one of the most significant data breaches of last year.
5. Stratfor so very, very sorry in wake of mega-hack
   Private spook biz still reeling from credit card data raid: The website of global intelligence-analysing firm Stratfor remains offline – a week after hacktivists broke into its poorly secured systems and extracted passwords and credit card details.
6. Stratfor breach shows that passwords are weak, says Utah Valley
7. Risk Control 6.0 released
8. Israeli credit card hack creates more opportunities
9. Pirate Party discovers illegal downloading in the House of Commons
10. California union latest Anonymous police victim
11. Enterprises Need Encryption to Secure Private Data
12. No Warrant Needed for GPS Monitoring, Judge Rules
13. Latest Apple iOS Jailbreak Tool Exploits Two Security Flaws
14. NYPD arrest man suspected in Islamic centre fire-bombing
15. 5 top cyber threats for 2012
16. Japan testing ‘virus’ cyberdefence weapon, reports say
17. Defensive search-and-destroy “virus” delivered to Japanese government
18. Murder retrial ordered after court records destroyed by virus
19. PhoneFactor
20. Alleged Saudi hackers disclose credit card information of thousands of Israelis
21. Cold case murder probe after womans body is found on Queens country estate
22. AntiSec hackers hit California State Law Enforcement Association
23. Entrust IdentityGuard
24. DigitalPersona Pro Enterprise v5.2
25. Deepnet Security DualShield v5.2
26. Cryptocard Blackshield Server v3.1
27. ActivIdentity 4TRESS Authentication Appliance FT2011

1. Japan tasks Fujitsu with creating search-and-destroy cyber-weapon
   Zombie boss hunter developed in lab: Fujitsu has been commissioned to develop seek and destroy malware, reportedly designed to track and disable the sources of cyber-attacks.
2. Cloud SWAT teams
   Cloud computing poses unique security challenges. Here’s how cloud-specific ‘security incident-response teams’ could help governments and large enterprises respond to malicious activity and make the cloud more trustworthy. Insider (registration required)
3. Raytheon acquires cybersecurity specialist
4. McAfee releases 2012 cyber threat predictions
5. 2,519 first and last names, usernames, clear-text passwords, e-mail addresses, as well as dozens of full credit card numbers with expiration dates and e-mail spools dumped by hackers
6. A “small fraction” of its 12 million users’ verified account information acquired by hackers
7. Stuxnet and Duqu created on same platform, say researchers
8. Snipers, still a threat as Syrian military hovers on outskirts of cities: Arab League head
9. Iran test fires long-range missiles near the Strait of Hormuz

1. Pharma Wars: Google, the Cutwail Botmaster
   Previous stories in my Pharma Wars series have identified top kingpins behind the world’s largest spam botnets. Today’s post includes never-before-published information on “Google,” the secretive hacker in charge of the infamous Cutwail botnet.
2. Another year, another Telstra privacy slip
   Customer list pops up on cloud spreadsheet service: Telstra, which hasnt yet gotten over the privacy breach that required 60,000 password resets in December, has suffered another embarrassment involving customer data.
3. 2011 Reg roundup: Hacking hacks, spying apps and an end to Einstein?
   Smartphones, privacy and a year of tears: Part Two As mobile sales and connections continued to soar and break records, just how much your phone knows about you and who can see that information were big subjects in 2011.
4. Two new tools exploit router security setup problem
   Researchers have released two tools that can take advantage of a weakness in a system designed to let people easily secure their wireless routers.
5. Fake Amazon smartphone shipping confirmation leads to malware
6. Anonymous strikes again? Hackers release elite research firm’s subscriber data
7. 2,784 forum usernames, clear-text passwords, and e-mail addresses dumped by hacker
8. Names, Mileage Plus numbers, future flight itineraries with confirmation codes, and previous trip info of 20 people available to individual who logged in to mobile web site
9. 194 usernames, e-mail addresses, IP addresses, and easily decrypted MD5 passwords posted to web by hacker
10. A spreadsheet with e-mail addresses,dates of birth, and phone numbers of more than a thousand BigPond customers uploaded to an external site by a consultant in training
11. Arab Leauge advisory body urges monitors to withdraw from Syria over violence
12. Duqu, Stuxnet Built on Common Platform With Other Similar Super-Malware
13. Latest Phishing Scams Target Users of New Christmas Gadgets
14. 17,900,617 members notified of forced password reset after hacker accesses “limited number” of users’ logins
15. Boston D.A. Subpoenas Twitter Over Occupy Boston, Anonymous
16. Anonymous publishes Stratfor customer data
17. Beyond Blowin in the Wind: The Music of Occupy Wall Street
18. Hacking group releases more Stratfor subscriber data
19. Raytheon Buys Henggeler Computer Consultants for Key Intelligence Contracts
20. Stuxnet and Duqu part of larger cybermalware campaign
21. Dell, Cisco, IBM Among Top Buyers of Security Companies in 2011
22. Microsoft Ruins Perfect Record with Out-Of-Band Patch
23. Letter shows HP ex-CEO Hurd pursued sex with former contractor

1. New Tools Bypass Wireless Router Security
   Security researchers have released new tools that can bypass the encryption used to protect many types of wireless routers. Ironically, the tools take advantage of design flaws in a technology pushed by the wireless industry that was intended to make the security features of modern routers easier to use.

   At issue is a technology that ships with most modern consumer wireless routers, called “Wi-Fi Protected Setup” (WPS). According to the Wi-Fi Alliance, an industry group, WPS is “designed to ease the task of setting up and configuring security on wireless local area networks. WPS enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security.”

2. Happy 2nd Birthday, KrebsOnSecurity.com!
   I’m taking a short break from some year-end downtime to observe that KrebsOnSecurity.com turns two years old today!
3. New Chinese space plans are all about security and strategy on Earth
   Nothing much to do with manned or deep space exploring: Analysis Chinese officials have published a new white paper detailing China’s aspirations in space for coming years. Most media have chosen to focus on Beijing’s vague aspirations toward deep-space and manned exploration, but in fact the concrete details given all point toward a primary emphasis on strategic advantage for China here on Earth.
4. Kaspersky claims smoking code linking Stuxnet and Duqu
   Warns of three other unknown variants: Researchers at Kaspersky Lab are claiming to have found proof that the writers of the Stuxnet and Duqu malware are one and the same, and are warning of at least three new families of advanced malware potentially in circulation.
5. Wi-Fi Protected Setup easily unlocked by security flaw
   Couple of hours of brute force will crack a network’s PIN: Security researcher Stefan Viehbck has demonstrated a critical flaw in the Wi-Fi Protected standard that opens up routers to attack and has prompted a US-CERT Vulnerability notice.
6. Bits Blog: Hackers Release More Data From Stratfor
7. Anonymous 101 Part Deux: Morals Triumph Over Lulz
8. Son-in-law of Spanish King charged in fraud case
9. Hacker Attacks Like Stratfors Require Fast Response
10. 2,967 names, addresses, and full credit card numbers with what may be expiration dates and CVV’s from German, Austrian, and Swiss customers posted on web
11. Court Revives NSA Dragnet Surveillance Case
12. Stratfor Taps CSID To Protect Identities Breached In Cyberattack
13. Book of Lists: 2011′s strongest trends, weirdest news
14. Race for Facebook Likers heats up
15. Microsoft delivers rare out-of-band patch for ASP.NET issue
16. Flaw Makes WiFi Network Security Vulnerable to Brute-Force Attacks: US-CERT
17. Microsoft Patches ASP.NET Vulnerability
18. Mobile Phone Users Remain Lax about Cyber-Security, Says McAfee
19. Stuxnet, Duqu Date Back To 2007, Researcher Says
20. Laptop and external hard drive stolen from an employees car contained names, Social Security numbers, driver’s license numbers, dates of birth, and phone numbers of those undergoing drug testing and those doing the testing
21. Backup tapes or disks with personal details of 1.4 million loan customers as well as data on some employees reported missing
22. Moving files through the cloud: your favorite free file-sharing services
23. Prolexic Issues Dirt Jumper Threat Advisory And Releases Free Security Scanner
24. Kim Jong-un declared North Koreas supreme leader as mourning period ends
25. Beware of password-protected documents carrying malware
26. Hitachi ID Systems Releases 2011 Data Security Survey Results

1. Microsoft announces ASP.NET zero-day vuln
   Workaround ahead of patch: Just in case anybodys got a BOFH working at the moment, pay attention: Microsoft has released a security advisory covering a zero-day vulnerability in ASP.NET.
2. Stratfor attackers prep to publish emails
   Thats if you trust the Pastebin posts: Someone claiming to speak or at least post on behalf of Antisec has published a threat on Pastebin that they are planning to release e-mails obtained in the Stratfor Global Intelligence break-in.
3. Bits Blog: Stratfor Hackers Claim Another Attack
4. 1,336 Social Security and driver’s license numbers and patients’ medical records stolen by employee
5. 2011: The Year Intellectual Property Trumped Civil Liberties
6. 1,300 Social Security and driver’s license numbers and patients’ medical records stolen by employee
7. 3,079 patients Social Security numbers, birthdates, account numbers, disability codes and diagnoses on stolen computers from physician’s office
8. Criminals Used Affiliate Marketing Sites in Majority of Facebook Scams in 2011
9. CSOs Should Address Risks and Network Visibility With Board of Directors
10. Talented hackers could shut down train lines: security expert
11. Email from The New York Times meant for 300, sent to 8M
12. New York Times mistakenly spams 8 million people
13. Vulnerability allows brute force hacking of wireleless routers
14. Microsoft Releases Workarounds for DoS Zero-Day Bug in ASP.NET
15. Aggressive Phishing Attack Targets Military Personnel
16. Microsoft scrambles to address widespread ASP.NET bug
17. Antisec hits private intel firm; millions of docs allegedly lifted
18. Anonymous, RSA Lead the Top IT Security News of 2011