New Rootkit Threatens Windows Users
The rootkit was originally discovered by security researcher Matt Richard of Verisign's iDefense labs. Richard said the first attacks in the wild began Dec. 12 and infected about 1,800 users. Dec. 19, a second wave of attacks infected about 3,000 more users. Richard said antivirus vendors are now detecting the rootkit components.
SearchSecurity.com-9 January, 2008- Read Article
 
InfoWorld: Facebook Hack Fuels Web 2.0 Concerns
An adware-distribution scheme being carried out on the Facebook social networking site considered to be the first attack propagated on the wildly popular online portal. Disguised as a legitimate "Secret Crush" request on the site designed to inform Facebook users about other members who find them attractive, the application instead attempts to secretly install an adware program made by Zango after it has been successfully downloaded.
CSO - January 4 ,2008- Read Article 

Man siphons info for 300 credit cards from hotel kiosks
A former computer consultant has admitted to breaking in to more than 60 business kiosks at hotels and stealing credit card information during a three-day crime spree earlier this year.
Channel Register - December 19, 2007- Read Article

Sophisticated Trojan Loots Business Bank Accounts
A German-speaking hacker crew is looting commercial bank accounts in four countries using a custom-built Trojan put in place by expertly crafted and extremely focused phishing attacks, a security researcher said Thursday.
CSO - December 14, 2007- Read Article

IT pro admits stealing 8.4M consumer records
A senior database administrator for a consumer reporting agency in Florida has admitted stealing more than 8.4 million account records and selling them to a data broker. He netted $580,000 over five years from the scheme.
Channel Register - December 4 ,2007- Read Article

Trojan quickly building botnet via MSN Messenger
A trojan has used MSN Messenger to multiply the number of PCs added to a botnet 24 times in one day. The trojan increased its bot network from 500 infected PCs Sunday at noon EST to more than 12,000 by today at 2 p.m. EST. The trojan is believed to be the first of its kind to scan for Virtual Network Computing instances. It appears to be a ZIP file, containing pictures from a buddy list member.
SC Magazine - November 19, 2007- Read Article

Theft of Home Depot laptop puts 10,000 at risk
Home Depot on Wednesday confirmed a company laptop was stolen that contains personal information about approximately 10,000 employees of the do-it-yourself retailing giant.
Network World- October 17, 2007-Read Article

TJX Data Criminal Gets Five Years in Prison
The leader of an identity theft ring that stole credit card numbers from TJX has been sentenced to five years in prison and fined US$600,000.
Irving Escobar of Miami, Fla., pleaded guilty to charges of an "organized scheme to defraud" in March and was sentenced this week, Florida Attorney General Bill McCollum announced Thursday.
CSO – September 17, 2007 - Read Article

Names, Contact Info on TD Ameritrade Customers Compromised
Brokerage firm TD Ameritrade Holding Corp. Friday disclosed that the names, addresses, phone numbers and "miscellaneous trading" information of potentially all of its more than 6 million retail and institutional customers have been compromised by an intrusion into one of its databases.
CSO – September 17, 2007 - Read Article

Former Network Engineer Faces Jail Time for Sabotaging Data
A former network engineer and technical services manager at the Council of Community Health Clinics (CCC) in San Diego could spend 10 years in prison after a federal jury convicted him last week of hacking into his former employer’s computers and sabotaging patient data.
CSO – September 5, 2007 – Read Article 

Pfizer Confirms Third Breach Involving Employee Data
Pfizer Inc. appears to be having an especially hard time of late keeping its employee data secure.
The company today confirmed that as many as 34,000 of its employees may be at risk of identity theft after a former employee illegally accessed and download copies of confidential information from a Pfizer computer system without the company’s knowledge. The compromised information included, names, Social Security numbers, dates of birth, phone numbers and bank and credit card information.
CSO – September 5, 2007 – Read Article

Lawsuit Filed on Behalf of Consumers in Data Breach Case
A California law firm has filed a class-action lawsuit against Fidelity National Information Services (FIS) and one of its subsidiaries over an incident involving the potential compromise of personal data belonging to 8.5 million consumers.
CSO - Aug 21, 2007 – Read Article

Vendor Warns over Skype Eavesdropping
Skype is an easy target for hacking and offers a way inside a corporate network.
That’s according to a report from managed security company Network Box, which said Skype could be undermined by a malevolent insider working to open hidden backdoors.
CSO - Aug 21, 2007 – Read Article

Ex-Boeing worker accused of stealing documents
Short of strip searching employees every time they walk out the door, there’s probably nothing Boeing could have done to prevent the alleged data theft that has a former employee facing criminal charges, security expert Bruce Schneier says.
If a company hires an untrustworthy employee, there is almost nothing it can do to prevent theft, Schneier argues. “What’s done in African mines is they do full-body cavity strip searches every time they leave. That works,” Schneier says.
Network World – July 13, 2007 - Read Article

IT Managers Say Risk Of Data Loss Is Bad And Getting Worse
Nearly half of IT and compliance professionals said in a recent survey that their organizations are doing an inadequate job of lowering the rate of data loss.
The survey of more than 1,000 IT and compliance practitioners also showed that 45% said that if they were hit by a data breach, they don't believe they would be able to notify users and customers, according to researchers at the Ponemon Institute. The same IT managers added that their companies lack the necessary security tools or internal controls to prevent, detect, and correct data security breaches. The study was commissioned by Oracle.
Information Week – June 18, 2007 - Read Article

Online Crime Group Logs 1 Millionth Complaint
Online consumers in the United States have had a million things to complain about. Literally.
The Internet Crime Complaint Center (IC3) says that it received its 1 millionth complaint earlier this week.
CSO - Jun 18, 2007 - Read Article

In Fight Against Botnets, Warning Victims Is Half The Battle
The feds have caught some of the alleged "bot herders" it says are spamming the world from botnets they've created. Now they'd like to warn more than 1 million computer owners whose machines have been infected, but doing so will be an inexact and tedious undertaking.
Information Week – June 16, 2007 - Read Article

Over 1 Million Potential Victims of Botnet Cyber Crime
Today the Department of Justice and FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses. The FBI is working with our industry partners, including the CERT Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity.
FBI - June 13, 2007 - Read Article

GAO Criticizes FBI Network Security
The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls needed to thwart an insider attack.
CSO – May 25, 2007 - Read Article

CEOs Grade Security: Wished-for Attention, More Scrutiny
Google CEO Eric Schmidt must be really devoted to enterprise security. In recent SEC filings, Google reported Schmidt pulled in all of $1 in salary in 2006 but received personal security costing over $532,700. Corporate security got a black eye in a Hewlett-Packard dustup when, in 2005 and 2006, some of its board of directors started the ball rolling on an internal investigation that turned external and allegedly involved wire fraud and “pretexting.”
Security Magazine - May 1, 2007 - Read Article

Police blotter: Ex-employee sued for deleting files
What happened, according to court documents: Until recently, Scott Arledge was a senior vice president at PharMerica in Tampa, Fla., where he was responsible for more than 2,500 employees and oversaw much of the company's day-to-day operations.
ZD Net - March 28, 2007 - Read Article

Student Suspended for Breaking Cisco's NAC
A University of Portland student was suspended for writing a program to bypass the Cisco Clean Access NAC system on campus. Apparently this incredibly dangerous activity is a Patriot Act violation. Or, at least, it is if you believe the letters being sent out by the administration at UP who seem to be confusing "skipping security checks" and "hack into a licensed product"
Dark Reading - April 30, 2007 - Read Article

New worm hits AIM network
'A new worm spread quickly on America Online's AIM instant messaging service Wednesday afternoon but was contained within hours, experts said. The worm spread in instant messages with the text: 'LOL LOOK AT HIM' and included a Web link to a file called 'picture.pif.' If that file was downloaded and opened, the worm would send itself to all contacts on the victim's AIM Buddy List.

CNET News, June 15, 2005 - Read Article

Attack of the iPods!
'MP3 players and USB drives can be used for more nefarious purposes than just carrying data out the door.
A lot has been written about the threat of iPods, digital cameras and USB memory sticks to information security programs. Because all of these are basically high-capacity storage devices, they make it easy for thieves (whether insider or outsider) to slip into your organization, quickly download a bunch of confidential docs, and then slip out—and all the while, you thought that they were just enjoying some groovy tunes. Thieves can hide corporate secrets on the SD card of a digital camera, and if they want to be really sneaky, they can even delete the files so that the information won't show up during a casual inspection. Then, when they get home, they can use an "undelete" program to recover the secrets.
CSO Online, May, 2006 - Read Article

Israeli firms 'ran vast spy ring'
'At least 15 Israeli firms have been implicated in the espionage plot, with 18 people arrested in Israel and two more held by British police. Among those under suspicion are major Israeli telecoms and media companies. Police say the companies used a 'Trojan horse' computer virus written by an Israeli to hack into rivals' systems. Interpol and the authorities in Britain, Germany and the US are already involved in investigating the espionage, which Israeli police fear may involve major international companies.'
BBC News, May 31, 2005 - Read Article

Israeli Police Uncover Massive, Trojan Horse-Based Industrial Spy Ring
'Israeli police have uncovered a massive industrial spy ring that allegedly used Trojan horse software to snoop into some of the country's leading companies. The case will have major implications for the business community in Israel - and possibly beyond - as all the companies accused of having used the software are themselves leading companies.'
PC World, May 31, 2005 - Read Article

Uh, Folks, Your Data Was Swiped
'100,000 Customers of Wachovia and Bank of America were the victims of bank employees, whose jobs granted them access to information valuable enough to sell for $10 an account. We’ve got a nasty problem and it keeps getting worse says Peter Neumann of SRI International.'
Wired, May 23, 2005 - Read Article

Sumitomo Matsui Bank sophisticated hacking sends alarm signals
'A criminal gang with advanced hacking skills has tried to steal GBP 220 million (USD 421 million) from the London offices of the Japanese banking group Sumitomo and transfer the funds to 10 bank accounts around the world. Intelligence on the attempted theft via key logging software installed on banks' computers has been circulating in security circles since late last year after warnings were issued to financial institutions by the police to be on the alert for criminals using Trojan Horse technology that can record every key stroke made on a computer.'
IT-Observer, March 22, 2005 - Read Article

Trojan targets UK online bank accounts
'Virus writers have created a new Trojan horse capable of helping crooks to break into the accounts of British internet banking customers. The malware records passwords and keystrokes once users of infected machines visit targeted websites. This data is then surreptitiously transmitted to crooks, allowing fraudsters to later empty bank accounts.'
The Register, November 12, 2004 - Read Article