Best Of The Web

VIAFORENSICS BLOG
No-Permission Android App Gives Remote Shell
Proof-of-concept Android app demonstrates how Android apps can require no permissions but still provide an attacker with a remote shell to hack the smartphone

THE NEW YORK TIMES
Hacked Chamber Of Commerce Opposed Cybersecurity Law
The breach was an ironic twist of fate for the Chamber, which has been one of the more vocal critics of cybersecurity legislation

THE TIMES
Romania, FBI Team Up On Cybercrime
Romanian officials say more than 80 percent of online fraud out of its country targets U.S. nationals and cmopanies -- FBI is teaming up with officials there to catch cybercriminals

GOVINFOSECURITY
Bill Would Foster Cyber-Threat Info Sharing
House legislation creates National Information Sharing Organization, or NISO, a private-sector-controlled, nonprofit to create best practices, offer technical assistance, help critical infrastructure providers share cyberattack information

THE REGISTER
Mobiles Forced To Send Premium-Rate Texts In New Attack
A weakness in mobile technology could allow attackers to force handsets to send premium-rate SMS messages or prevent them from receiving messages

CIO
FBI Warns Hacktivists: You're Breaking The Law
Assistant Executive Director Shawn Henry discusses the challenges associated with investigating hactivists and how the FBI has disrupted some of their activities

KREBS ON SECURITY
Busy Signal Service Targets Cyberheist Victims
A new cybercrime service ties up the phone lines of targeted mobile or land lines as a diversionary tactic to assist e-thieves in robbing commercial customers of banks that routinely call customers to verify large financial transfers

JEFFREY CARR BLOGSPOT
Why I Oppose The 12 Chinese Hacker Groups Claim
No one has named the 12 hacker groups, which prevents independent analysis with no vested interest, and it fuels anti-China paranoia

INFOSEC ISLAND
Iran Invests Heavily In Developing Cyberwarfare Capabilities
The Jerusalem Post reports that Iran will invest up to $1 billion to increase both cyberdefensive and offensive capabilities

THREAT POST
USAA Warns Members Of Sophisticated Phishing Scam
USAA says an email campaign with the subject line "Deposit Posted" attempts to install a malicious banking Trojan on its members' computers

PAKISTAN OBSERVER
Pakistan Hacks Drone Technology
Pakistani officials say they have been able to hack drone technology and force it to land in Pakistan, according to a report in the Pakistan Observer

CSO ONLINE
Nation's Nuclear Power Watchdog Comes Up Short On FISMA Compliance
The Nuclear Regulatory Commission has compliance gaps in configuration and vulnerability management, according to an independent audit

SYMANTEC BLOG
Android Trojan Spreads Message Of Revolution
A new Trojan mass-mailer/downloader has been spotted embedded in a pirated Islamic compass app for Android

ASSOCIATED PRESS
Iowa GOP Worried By Hacker Threat To Caucus Vote
In the wake of a threat allegedly from Anonymous, the Iowa Republican Party is tightening security of the electronic systems it will use to count the first votes of the 2012 presidential campaign

THREAT POST
Exploit Kits Now Updated With New Wares Before Patches Are Ready
Recent events indicate exploit kit developers are no longer just using exploits based on older vulnerabilities and already-patched bugs

SILICON REPUBLIC
No More Passwords In Five Years, IBM Predicts
IBM says within five years, biometrics will become the main mode of authentication

THE VERGE
SOPA Vote Delayed Until January
Tomorrow's committee vote on the controversial Stop Online Piracy Act has been postponed -- the second time in committee for SOPA

BLOOMBERG
Juniper Networks Sues Palo Alto Networks Over U.S. Patents
Juniper Networks has filed a lawsuit claiming that Palo Alto Networks infringed on six of its U.S. patents for firewall technology

INTERNET NEWS
Microsoft Issues 13 Security Bulletins For December
Microsoft's Patch Tuesday includes 13 bulletins -- but does not include a fix for 'The Beast' SSL issue

THE NEW YORK TIMES
Digital Data On Patients Raises Risk Of Breaches
As patient records have been digitized, health data breaches have surged

NVISIUM SECURITY
Kindle Fire Security, Part III: Making Purchases With A Deregistered Device
Amazon will issue a fix by month' end for a newly discovered security flaw in Kindle Fire that allows anyone with access to the device to continue purchasing via the Amazon store for three days after deregistering devices

MCAFEE BLOG
Zeus Spam Changes Tactics
A new malicious spam campaign spreads password-stealing Trojans associated with the Zeus/Zbot family

TEAM SHATTER
Gamers: Hackers Latest Hot Target
Gaming companies need to redirect IT security efforts away from the network perimeter and start putting protections around the databases that house customer information and intellectual property

EWEEK
Cisco: Younger Employees Ignore IT Policies, Don't Think About Security
Younger employees tend to ignore IT policies and don't think corporate IT security is their responsibility at all, according to a recent Cisco report.

WIRED
Forensic Examiner Found No Match Of Cables On Manning's Laptop To WikiLeaks
A government forensics expert who yesterday testified that he had discovered thousands of diplomatic cables on the Army computer WikiLeaks source suspect Bradley Manning said under cross-examination that none of the cables that he compared to those released by WikiLeaks actually matched

THREAT POST
Report: UK Newspaper Computer Hacking Could Be As Widespread As Phone Hacking
A BBC report indicates a widening probe into alleged computer hacking by reporters at Rupert Murdoch's News of the World

THE REGISTER
'Self-Aware' Bank Account Robbing Code Unleashed By Hacker
A hacker has published code for a high-powered cross-site scripting (XSS) attack that lets attackers put up content on a trusted site

CHRISTIAN SCIENCE MONITOR
Exclusive: Iran Hijacked US Drone, Says Iranian Engineer
An Iranian engineer says the country's engineers exploited a known GPS vulnerability in the RQ-170 Sentinel that tricked the drone into landing in Iran

THREAT POST
Adobe To Patch Reader Zero Day On Friday
Adobe was set to release an out-of-band patch today for the zero-day vulnerability in its Reader and Acrobat applications on Windows being used in targeted attacks

BANK INFOSECURITY
POS Fraud: How Hackers Strike
The case of Romanian suspects indicted by the U.S. Department of Justice earlier this month for their alleged connection to a multimillion-dollar point-of-sale fraud scheme used war-driving

THE WASHINGTON POST
China's Cyberwar
A look at China's mostly invisible but massive cyberwar against the U.S. to steal most sensitive military and economic secrets -- ? and how relatively little is being done about it despite the high stakes

M86 SECURITY LABS
Prevalent Exploit Kits Updated With A New Java Exploit
M86 Security Labs found that the Blackhole exploit kit version 1.2.1, Phoenix exploit kit 3.0, and Metasploit, were outfitted with a an exploit for a new Java vulnerability

IT BUSINESS
Bahn, Supplier Of Hotel Internet Services, Denies Breach
Bahn -- which provides Internet service to 3,000 hotels worldwide -- denied reports that its network was infiltrated by hackers out of China

GOV INFOSECURITY
White House Unveils Cybersecurity R&D Plan
Program calls for research must be aimed at underlying cybersecurity deficiencies and root causes of vulnerabilities

PACKETSTORM SECURITY
GlobalSign Confesses To Certificate Attack
The certificate authority says it was targeted, but its systems and certificates were not compromised

TECHNOLOGY REVIEW
Seven Ways To Get Yourself Hacked
Among the dangers are running Windows XP and using kiosk computers at hotels, airports, libraries, and "business centers"

BETA BEAT
As Banks Start Nosing Around Facebook and Twitter, The Wrong Friends Might Just Sink Your Credit
Micro-lending startup calls itself "the first credit scoring service that uses your online social network to assess credit"

INFOSEC ISLAND
Army Officially Activates First Dedicated Cyber Brigade
The U.S. Army last week launched its new 780th Military Intelligence Brigade, which will support U.S. and Army Cyber Commands with their missions "to provide a proactive cyber defense"

WIRED
Congress Authorizes Pentagon To Wage Internet War
The House and Senate gave the U.S. military the power to conduct "offensive" strikes online, as part of a provision in the military's 2012 funding bill

THREAT POST
Internet Pioneers, Security Experts Send Letter To Congress Blasting SOPA
Steve Bellovin, Paul Vixie, Vint Cerf, Jon Callas, Tony Li, Robert W. Taylor, Esther Dyson and Fred Baker, and others, signed a letter to Congress criticizing the SOPA and PIPA bills and asking lawmakers not to pass the legislation