Best Of The Web

BUSINESS WIRE
Study: Organizations Unsure How To Secure Their Software
Security and development professionals disclose distinctly different priorities

ZDNET
Anonymous: LulzSec Returns On April Fools' Day?
Does the hacktivist group have big plans forthcoming? It all seems farfetched -- any maybe it is

NETWORK WORLD
US ISPs Commit To New Cybersecurity Measures
FCC advisory committee recommendations target botnets, domain name fraud, and Internet route hijacking

THE REGISTER
8,400 Email Addresses Spaffed By Student Loans Company
SLC apologizes after inadvertently leaking the email addresses of students

THE REGISTER
Report: Feeble Spam Filters Catch Less Junk Mail
Independent tests conducted by Virus Bulletin of 20 corporate email filtering products found that enterprise spam filters are blocking less junk mail; several missed more than twice as much spam as in previous editions of VB's tests

INFOSEC ISLAND
U.S. Nuclear Facility Networks "Under Constant Attack"
Undersecretary for Nuclear Security and Administrator of the National Nuclear Security Administration said networks that control the U.S.'s nuclear arsenal are "under constant attack" from millions of hacking attempts by mostly governments and other non-state actors every day

THE HILL
Pentagon Invests Heavily In New Arsenal Of Cyberweapons
The Defense Department is investing about $3.4 billion into cyberwarfare accounts across the services and various combat commands, including $154 million for the department's new Cyber Command, which is the first-ever combat command focused on network warfare

ZDNET BLOG
Spoofed LinkedIn Emails Serving Client-Side Exploits
Look out for phony but convincing-looking LinkedIn emails that attempt to fool users into clicking on client-side exploits

SECURITY WEEK
Application Security Processes Not Implemented At Many Enterprises, Survey
New survey by Ponemon found that many organizations are still not building security into their application development process

H ONLINE
Alleged LulzSec Hacker Ackroyd Released On Bail
Alleged LulzSec hacker Ryan Ackroyd was released on bail under the condition that he would not access the Internet or use any device with Internet access

FORBES
Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)
VUPEN Security hackers who cracked the security of Google's Chrome browser say they weren't planning to share their findings with Google and want to keep the information for their NATO government and NATO partner clients

THREAT POST
As Data Breaches Mount, PwnedList.com Finds A Market Identifying Victims
A website that gathers and provides information on victims of data breaches is rolling out a commercial service that will charge for daily monitoring of a customer's email addresses against a growing database of more than 12 million email-login credentials

BBC
Small Firms Easy Targets For Cybercrime
Small businesses are fair game, depending on what they have to offer, hackers say

NETWORK WORLD
Stolen Encryption Key The Source Of Compromised Certificate Problem, Symantec Says
Kaspersky Lab's discovery of Mediyes malware signed with Conpavi digital certificate sets off search

HELP NET SECURITY
Confidential Documents Are Leaving The Workplace
Ninety percent of Americans believe people remove confidential documents from the workplace, even though it is grounds for termination

HELP NET SECURITY
Phishers Trick Gamers With Adult Cam Show Offer
Popular gaming brand is NOT introducing low-cost peep shows, so don't try to sign up

INFOWORLD
How To Defeat The New RDP Exploit --The Easy Way
While you're installing the patch, consider using nondefault port assignments for added security

SOPHOS
Want To Use Your Gadgets At Takeoff And Landing? U.S. FAA To Review Policy
FAA to take 'fresh look' at using personal devices such as e-readers and tablets during takeoff and landing

THREAT POST
Newly Compiled Driver Shows Duqu Authors Still At Work
Attackers behind industry's most complex attacks developing new exploits, experts say

THE REGISTER
Now CHINA Complains Of Surge In Cyberattacks
Massive pot calls kettle black

NETWORK WORLD
Computer Viruses Could Cross Frontier Into Biological Realm, Researchers Say
Cybercriminals could write malicious software that crosses the line from technology to biology, crafting viruses that could spread dangerous epidemics, researchers said at Black Hat Europe said

PC MAGAZINE
Study: Free Android Apps Can Steal Your Phone's Power
A study conducted by Purdue University and Microsoft found that that as much of 75 percent of the power a smartphone application uses is for serving up third-party ads

HELP NET SECURITY
US Government And Military Email Addresses Offered For Sale
Webroot recently discovered an offer for sale of millions of email addresses harvested by a cybercrime underground service via a database based on country or generic top-level

THE REGISTER
Brit LulzSec Suspect Charged Over NHS, Plod Web Attacks
Alleged LulzSec member Ryan Ackroyd, 25, appeared in a London court on Friday charged to face charges for cyberattacks against websites maintained by the CIA and the UK's Serious Organised Crime Agency

COMPUTERWORLD
MDM: Part Of The Mobile Security Solution?
Mobile device management (MDM) applications and services can help with security issues but an MDM-only mobile security program is not enough

INFOSEC ISLAND
Spoofed LinkedIn Messages Serving BlackHole Exploit
LinkedIn users have reported receiving email notifications containing a malicious link infected with a BlackHole exploit

CNET
Imuler/Revir Trojan For OS X Resurfaces
A new variant of the Trojan malware scam Revir and Imuler was uncovered that tried to lure Mac users into installing the malware, which then stole their personal information ? the new version is hidden in ZIP files

USA TODAY
Caller ID Spoofing Scams Aim For Bank Accounts
Phone-calling scams that steal online banking credentials are on the rise using Caller ID spoofing: In the second half of 2011, Pindrop Security detected more than 1 million fraudulent calls, including 189,439 in December, a 52 percent surge from July

THREAT POST
Can Google Be Forced ByTthe FBI To Unlock Users' Phones?
FBI officials have requested a search warrant that would force Google to "provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code ("PUK"), in order to obtain the complete contents of the memory of cellular telephone" in the wake of a case of an alleged gang member's swipe passcode

THE REGISTER
Hackers Hit 112 Indian Gov Sites In Three Months
The Indian government this week said that more than 100 of its websites had been hacked in just three months at the beginning of the year, including that of a state-owned telecom company

NAKED SECURITY BLOG
Google: 130 Million Scam Ads Axed In 2011
Google says it has trimmed scam ads by more than 50 percent year over year from 2010 to 2011, according to a new Google blog post

IT WORLD
SonicWall Buy Signals Dell's Security Ambitions
Dell branches further into security with purchase of security appliance and UTM vendor SonicWall, after previous acquisitions of SecureWorks and Kace

TECHTARGET BLOG
NSA Mobile Security Plan Could Be Roadmap For All Mobile Device Security
The NSA's recommended Enterprise Mobility Architecture could be the blueprint needed for the private sector

ZDNET BLOG
Exploit Code Published For RDP Worm Hole; Does Microsoft Have A Leak?
Signs indicate that Microsoft's prepatch vulnerability-sharing program has been breached or has suffered a major leak as Chinese hackers have released proof-of-concept code that provides a road map to exploit the newly disclosed and patched Remote Desktop Protocol vulnerability

THE NEW YORK TIMES BLOG
Daily Report: Pressure Builds Over App Store Fraud
Facing hijacked accounts and phony apps, consumers are reporting Apple's iTunes Store and, in particular, its App Store, are not as secure as advertised

BROOKINGS INSTITUTION
Cybersecurity And U.S.-China Relations
In order for the U.S. and China to build a stronger relationship, they must deal with the sticky issue of cybersecurity

MSDN BLOG
Enhanced Memory Protections In IE10
Internet Explorer 10's memory protection features make vulnerabilities harder to exploit in the browser

COMPUTERWORLD
Tennessee Insurer To Pay $1.5 Million For Breach-Related Violations
BlueCross BlueShield will pay HHS for HIPAA violations tied to 2009 breach that exposed data on 1 million members

THE NEXT WEB
Anonymous Claims That The Operating System, 'Anonymous-OS' Is Fake
One of the Anonymous Twitter accounts said that the Anon OS that was recently released does not belong to the hacktivist collective and is a fake software program filled with Trojans -- it has already been downloaded more than 20,000 times in less than four days

INFOSEC ISLAND
Yet Another Chinese-Based Targeted Malware Attack
Targeted attack that uses tensions between West and Iran as a lure to get victims to open infected Word file