Best Of The Web

SECURELIST
Crimeware: A New Round Of Confrontation Begins
Paper discusses methods for stemming the volume of malware hitting financial sites

COMPUTERWORLD UK
Eight Out Of Ten UK Firms Were Hacked In 2009
Widespread use of Web 2.0, remote access could be contributors, study says

GOVERNMENT COMPUTER NEWS
Can Agency Systems Handle New FISMA Requirements?
Standards are designed to reduce paper, but security issues remain

TRENDLABS MALWARE BLOG
Spam Poses As Twitter Email Notification
Attack is designed to simultaneously steal personal information and infect the user with malware

ZSCALER RESEARCH
WordPress Sites Hacked, Again!
Zscaler found that 87 percent of hosts infected with malicious iFrames or JavaScript are running WordPress

ARS TECHNICA
Senators Complain About Facebook Privacy Changes
Sens. Al Franken, Charles Schumer, Michael Bennet, and Mark Begich wrote an open letter to Facebook yesterday, urging the company to take "swift and productive steps" to make user information more private and warning that the FTC may get involved

M86 SECURITY LABS BLOG
New, More Advanced PDF /Launch Attack
The Pushdo botnet is spamming mails with attached PDFs that exploit the \Launch action feature to run an executable file

TOP TECH NEWS
Palin E-Mail Hacking Case Goes To Jury
David Kernell's lawyer said the alleged hacking of Sarah Palin's e-mail account was merely a prank and the result of "stupid" decisions with no criminal intent

THREAT POST
Google Fixes Three Critical Flaws In Chrome
A new version of the Chrome browser for Windows addresses vulnerabilities in earlier versions of the browser

BLOOMBERG BUSINESS WEEK
McAfee Calls Gain On Hewlett-Packard Acquisition Bets
McAfee options jumped to the highest in almost a decade after Friedman Billings Ramsey & Co. said the security firm might be acquired by HP

YAHOO NEWS
Google: Fake Anti-Virus Software A Growing Online Threat
In an analysis of 240 million Web pages by Google during the past 13 months, the search engine giant found fake antivirus programs accounted for 15 percent of malware

V3
Infosec 2010: Europe To Mandate Reporting Of Serious Breaches
An upcoming European Union directive could force organizations to report all serious data breaches to the Information Commissioner's Office

COMPUTERWORLD AUSTRALIA
Cereal Hacker On Defacement Rampage
More than 70 websites hit in local attacks in Australia

THREAT CENTER LIVE BLOG
Pharma-Fraud Continues To Dominate Spam
Pharmacy spam reaches 140 billion messages a day, researchers say

REALWIRE
Media Up Their Interest In Hacking
Study shows marked increase in public profile of security

BBC
Web Security Attack 'Makes Silicon Chips More Reliable'
Defense method developed to stop attack could eventually make chips work better, experts say

MICROSOFT
Microsoft Re-Releases Critical Security Patch
New patch addresses problems raised in fixing Windows Media Services vulnerability

SPLUNK BLOGS
Splunk.com Password Leak -- Splunk The Product Not Affected
Back-end password exposure causes security company to advise password resets

CNET
Visa Targets Online Marketing 'Scam'
Credit card company calls out retailers for "unholy alliance" with online loyalty marketing firms

COMPUTER WEEKLY
Cybercriminals Step Up Click Theft From Online Advertisers
Click fraud is increasing at a rapid rate, researchers say

PC ADVISOR
McAfee To Offer Compensation To Crippled XP Users
McAfee says it will reimburse consumers for "reasonable expenses" they incurred due to the faulty AV update it issued last week

THE REGISTER
Verizon Dubs Security Researchers 'Narcissistic Vulnerability Pimps'
Member of Verizon Risk Intelligence unit calls researchers who disclose vulnerabilities "narcissistic vulnerability pimps," and compared them to criminals

H ONLINE
Malware Hides From Search Engines
Criminals are hiding malware in hacked websites from search engines such as Yahoo! and Google in order to prevent browsers from sounding the alarm when a user visits

HOST EXPLOIT
Internet Spreads Mexican Drug Gang Fears
Restaurants and bars closed this month after rumors of a curfew imposed by a drug gang spread by email and across social networking sites

ZDNET BLOG
Microsoft Admits MS10-025 Patch Didn't Fix Vulnerability
Microsoft pulled back security updates shipped in the MS10-025 bulletin after realizing the patch did not fix underlying security flaw

CSO ONLINE
Inside Oracle's Security Assurance Program
Oracle CSO says that when vulnerabilities are discovered, it falls to the original product developers at Oracle to fix them

SOPHOS BLOG
Why I??m Right to Use The Word 'Hacker' And Will Carry On Using It
Most people think "bad guys" if we say the word "hacker"

THE NEW YORK TIMES
Spammers Pay Others To Answer Security Tests
People in India, Bangladesh, China, and other developing countries are getting paid 80 cents to $1.20 for each 1,000 deciphered CAPTCHA box

ESET THREAT BLOG
McAfee False Positive News Misused For More SEO Poisoning
Searches for information on security software problem could result in malware downloads

SEARCH SECURITY
Researchers Aim To Smarten Web Application Security Scanners
Experts at SOURCE Boston conference say they've found a way to automate some scanning functions

INFO SECURITY
PwC Report Shows Bleak Security Landscape
Number of businesses reporting attacks on their networks is double what it was two years ago, study says

COMPUTER WEEKLY
UN Rejects International Cybercrime Treaty
Russia-backed proposal aimed to build more global support; U.S., EU back 2001 Budapest accord

HELP NET SECURITY
Survey: 71 Percent Of Companies Monitor Employees' Social Media Use
Almost 40 percent ban the use of Facebook, other social networking sites

SEARCH SECURITY
Feds Must Take Action On Cyber Storm Exercise Lessons, Expert Says
After failure to stop simulated attack, little has been done to improve defenses, Purdy says at conference

THE AGE
Anti-ID Theft Computer System Flops
High-tech system designed to fight identity crime is plagued with technical problems

PANDA SECURITY USA
The Effect Of Banking Trojans On Small And Medium-Sized Businesses In The U.S.
Most small businesses are unaware of the potential threats posed by banking Trojans, study says

MICROSOFT SECURITY RESPONSE CENTER
MS10-025 Security Update To Be Re-Released
Security patch affecting Windows 2000 Server was not completely effective, software giant says

TRENDLABS MALWARE BLOG
Koobface IP Taken Down, Gang Transfers Hosting To China
Authorities pull down server, but bad guys are quick to shift to another location

ESET THREAT BLOG
Another Look At Koobface: How It Infects Facebook Users
Online video shows, step by step, how malware fools users and invades their PCs

NEW ZEALAND HERALD
Health System's Viral Attack Holds Lessons
A detailed look at the aftermath and lessons learned from a Conficker attack