Google Researcher Reveals Zero-Day Windows Bug
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
InformationWeek (May 24, 2013)

Strike Back If China Steals IP, Companies Told
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
InformationWeek (May 23, 2013)

Twitter Two-Factor Security Combats Takeovers
Authentication measure comes in wake of Syrian Electronic Army account hacks, further security steps coming.
InformationWeek (May 23, 2013)

Dropbox Adopts Single Sign-On Technology
Dropbox says any off-the-shelf or homegrown identity management system that's compatible with the Security Assertion Markup Language (SAML) standard can be configured to automatically sign users into its service.
InformationWeek (May 22, 2013)

FBI Arrests NYPD Detective On Hacking Charges
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
InformationWeek (May 22, 2013)

Google Aurora Hack Was Chinese Counterespionage Operation
Attackers were after U.S. government surveillance requests for undercover Chinese operatives, say former government officials.
InformationWeek (May 21, 2013)

Anonymous Threatens Gitmo, U.S. Locks Down Wi-Fi
Guantanamo Bay Naval Base authorities turn off Wi-Fi and social media after Anonymous threatened to shut them down.
InformationWeek (May 21, 2013)

APT Attacks Trace To India, Researcher Says
Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany.
InformationWeek (May 21, 2013)

Yahoo Japan Data Breach: 22M Accounts Exposed
Yahoo breach could have compromised 10% of all Yahoo user credentials. Meanwhile, Syrian Electronic Army targets The Financial Times.
InformationWeek (May 20, 2013)

How Password Strength Meters Can Improve Security
Color-coded password-strength meters nudge users to improve the strength of their important passwords, but have little effect on unimportant ones, researchers say.
InformationWeek (May 20, 2013)

Who Is Syrian Electronic Army: 9 Facts
Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
InformationWeek (May 17, 2013)

Smartphone Theft: What Is Best Defense?
While mobile network operators are creating a global database to track stolen smartphones, some police say that's not enough. New York's Attorney General wants more from smartphone makers.
InformationWeek (May 17, 2013)

LulzSec Hackers Sentenced In London
Group's 50-day hacking spree compromised websites run by Sony, CIA, Arizona State Police, Westboro Baptist Church and more.
InformationWeek (May 16, 2013)

DHS Eyes Sharing Zero-Day Intelligence With Businesses
DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.
InformationWeek (May 16, 2013)

LulzSec Hacker 'Pirates' Face Sentencing
Four members of Anonymous spinoff faced sentencing Wednesday for leaking data and launching distributed denial of service attacks against Sony, the Pentagon and other major sites.
InformationWeek (May 15, 2013)

FBI Briefs Bank Executives On DDoS Attack Campaign
FBI expedited security clearances so it could share classified info on Operation Ababil, a distributed denial of service attack that continues to disrupt U.S. financial websites.
InformationWeek (May 14, 2013)

Apple iPhone Decryption Backlog Stymies Police
Apple's waiting list to bypass security controls on latest-generation iPhone and iPad devices means months-long delays for law enforcement investigators.
InformationWeek (May 14, 2013)

Microsoft Tech Support Scams: Why They Thrive
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
InformationWeek (May 13, 2013)

Huawei CEO Dismisses Security, Spying Concerns
Company founder denies that Huawei employees would ever be forced to spy for China.
InformationWeek (May 10, 2013)

Washington State Courts Reveal Security Breach
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
InformationWeek (May 10, 2013)

McAfee, AV's King Of Crazy, Resurfaces
Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past.
InformationWeek (May 09, 2013)

How Syrian Electronic Army Unpeeled The Onion
Satire site The Onion details multi-pronged Twitter account takeover strategies used by hacktivists.
InformationWeek (May 09, 2013)

Nginx Patches Critical Web Server Software Vulnerability
Meanwhile, hackers behind Cdorked malware that targets Apache servers now have extended it to infect open-source Nginx and Lighttpd server software.
InformationWeek (May 08, 2013)

Syria Back Online After Internet Blackout
All Internet traffic from the war-torn country -- via overland and submarine connections -- went offline Tuesday.
InformationWeek (May 08, 2013)

Anonymous OpUSA Hackathon: Mostly Bluster
DHS predicts Tuesday's hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site The Onion.
InformationWeek (May 07, 2013)

Sweet Password Security Strategy: Honeywords
To improve detection of database breaches, businesses should store multiple fake passwords and monitor attempts to use them, according to researchers at security firm RSA.
InformationWeek (May 07, 2013)

China Tied To 3-Year Hack Of Defense Contractor
U.S. defense contractor QinetiQ ignored persistent attack warning signs, lost terabytes of secret information, say investigators.
InformationWeek (May 02, 2013)

Twitter To News Outlets: More Takeovers Ahead
Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more?
InformationWeek (May 02, 2013)

FBI Seeks Real-Time Facebook, Google Wiretaps
Government proposal would expand wiretap laws to cover not just service providers, but also the likes of Facebook and Google, backed by escalating fines for noncompliance.
InformationWeek (May 01, 2013)

U.S. Labor Dept. Website Hacked, Serves Malware
Attack bears strong similarities to previous campaigns executed by Chinese APT attack group "DeepPanda," reports security expert.
InformationWeek (May 01, 2013)

Darkleech Apache Attacks Intensify
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
InformationWeek (April 30, 2013)

D-Link Camera Security Flaw: Upgrade Now
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
InformationWeek (April 30, 2013)

Spamhaus DDoS Suspect Arrested
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
InformationWeek (April 29, 2013)

Syrian Hacktivists Hit Guardian Twitter Feeds
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
InformationWeek (April 29, 2013)

Email Without A Warrant? Senators Not Sold
Update to 1986 Electronic Communications Privacy Act would require police to demonstrate probable cause before accessing someone's email or stored cloud data.
InformationWeek (April 26, 2013)

Twitter Two-Factor Authentication: Too Little, Too Late?
Two-factor authentication is a good step. But for securing many sites, Twitter included, it's not enough.
InformationWeek (April 26, 2013)

Anonymous Australia Disavows Self-Proclaimed LulzSec Leader
Australian police trumpet hacktivist mastermind takedown, but Anonymous dismisses him as a wannabe.
InformationWeek (April 26, 2013)

California Proposes 'Do Not Track' Honesty Checker
After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy.
InformationWeek (April 25, 2013)

AP Twitter Hack: Lessons Learned
The bad news: beefing up password info won't save businesses from Twitter account takeover attacks.
InformationWeek (April 25, 2013)

Java Flaw Targeted By Crimeware Toolkit: Patch Now
InformationWeek (April 24, 2013)
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.

Twitter Preps Two Factor Authentication After AP Hoax
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
InformationWeek (April 24, 2013)

Cyber Strikes Like Nuclear Bombs, Says Chinese General
Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.
InformationWeek (April 23, 2013)

Twitter Battles Syrian Hackers
Hacking group Syrian Electronic Army seizes CBS Twitter accounts and publishes links to websites that infect visitors with malware.
InformationWeek (April 23, 2013)

Chinese Hackers Seek Drone Secrets
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
InformationWeek (April 22, 2013)

Oracle Bug Hunter Spots Java 7 Server Flaw
Server Java Runtime Environment vulnerability can be used to escape sandbox and execute code, says Polish security expert.
InformationWeek (April 22, 2013)

Android Smartphone Sellers Should Patch, Refund Or Perish
FTC should crack down on wireless carriers and smartphone manufacturers that put their customers at risk by failing to update Android devices.
InformationWeek (April 22, 2013)

Oracle Delays Java 8 To Improve Java 7 Security
Oracle's Java platform lead architect argues that security resources should continue to be devoted to securing Java 7.
InformationWeek (April 18, 2013)

Java 7 Malicious App Warning System Draws Criticism
Java runtime environment fails to verify that digital certificates used to sign "trusted" applications haven't been revoked.
InformationWeek (April 18, 2013)

Malware Attackers Exploit Boston Marathon Bombing
Now, 40% of all spam on the Internet name-drops the tragedy to trick users into executing malicious files or visiting sites that launch drive-by attacks.
InformationWeek (April 18, 2013)

ACLU Seeks Carrier Smackdown Over Android Updates
ACLU urges FTC to let consumers return carrier-supplied Android devices for full refund or exchange within two years if they don't get regular security updates.
InformationWeek (April 17, 2013)

DDoS Attack Bandwidth Jumps 718%
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China.
InformationWeek (April 17, 2013)

Oracle Preps Massive Java Bug Fix
Java updates set to fix 42 bugs -- 39 of them exploitable vulnerabilities -- and Java 7 gets interface changes to flag suspect Java apps.
InformationWeek (April 16, 2013)

Anonymous Takes Down North Korean Websites
Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.
InformationWeek (April 16, 2013)

Wireless Camera Flaws Allow Remote Exploitation
Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.
InformationWeek (April 16, 2013)

CISPA 2.0: House Intelligence Committee Fumbles Privacy Again
Cybersecurity bill's backers portray threat intelligence sharing as a panacea, but yet again ignore the potential privacy and security downsides.
InformationWeek (April 16, 2013)

WordPress Hackers Exploit Username 'Admin'
Thousands of WordPress sites with accounts that use the common default username 'admin' have been hacked. One theory: the creation of a large WordPress botnet.
InformationWeek (April 15, 2013)

FAA Dismisses Android App Airplane Takeover
Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturers.
InformationWeek (April 12, 2013)

Anonymous-Linked Hacker Claims North Korea Win
Botmaster "The Jester," whose DDoS attacks have targeted Westboro Baptist Church, PayPal and Mastercard, calls "tango down" on Pyongyang's new, third Internet connection.
InformationWeek (April 12, 2013)

Airplane Takeover Demonstrated Via Android App
Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
InformationWeek (April 11, 2013)

How South Korea Traced Hacker To Pyongyang
Apparent mistake exposed the March bank hacker's IP address, which investigators traced to a North Korean address.
InformationWeek (April 11, 2013)

North Korea Behind Bank Malware, South Korea Says
Evidence ties North Korean cyber-espionage unit to two waves of attacks on banks and broadcasters, South Korean officials say.
InformationWeek (April 10, 2013)

LulzSec Hackers Plead Guilty To CIA, Sony Attacks
Three men admit in London courtroom they launched distributed denial of service attacks and defacements that targeted a variety of websites.
InformationWeek (April 10, 2013)

South Korea Charges Alleged Hackers
South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.
InformationWeek (April 09, 2013)

Microsoft Windows 8 Security Software Lacks Teeth
Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.
InformationWeek (April 09, 2013)

California Weighs Tough Rules For Data Brokers
Right To Know Act would allow state residents to see full reports from any website, mobile app or data broker who collects personal data about them.
InformationWeek (April 08, 2013)

Anonymous Claims 100,000 Israel Site Disruptions
But Israeli government officials dismiss the claim and call the hacktivist group's 'OpIsrael' campaign ineffective.
InformationWeek (April 08, 2013)

Alleged Carberp Botnet Ringleader Busted
Joint Ukrainian and Russian operation busts alleged Carberp boss and about 20 developers of malware-driven botnet that stole millions of dollars.
InformationWeek (April 05, 2013)

Anonymous Seizes North Korean Twitter, Flickr Feeds
Breach follows joint DDoS attack with botmaster The Jester in retaliation for North Korea's declaration of war against South Korea.
InformationWeek (April 05, 2013)

Laws Can't Save Banks From DDoS Attacks
A threat information-sharing bill wouldn't do much to help banks defend themselves against distributed denial of services (DDoS) attacks.
InformationWeek (April 05, 2013)

Banks Hit Downtime Milestone In DDoS Attacks
Top 15 U.S. banks have experienced double the downtime from same period last year. Lawmakers demand passage of a cyber threat intelligence sharing bill.
InformationWeek (April 04, 2013)

Exposed Website Reboots, Reveals Celeb Credit Reports
Personal data on U.S. Secret Service director, Anderson Cooper, George Clooney and other public figures released by Exposed website, famous for leaking data on Michelle Obama.
InformationWeek (April 04, 2013)

Robocall Killers Seek End Of Nuisance Calls
FTC contest winners have new ideas on to how to identify and block illegal spam calls to landlines and cellphones.
InformationWeek (April 03, 2013)

Darkleech Attacks Hit 20,000 Websites
Malicious Apache modules, installed after root-level server compromises, are serving hard-to-detect real-time malware attacks against Windows users.
InformationWeek (April 03, 2013)

Google Play Hit By One Click Billing Fraud
More than 200 Android apps have been designed to trick people into parting with up to $1,000 for adult content, warns Symantec.
InformationWeek (April 02, 2013)

Anonymous Hits North Korea Via DDoS
Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.
InformationWeek (April 02, 2013)

Spamhaus DDoS Attacks: What Business Should Learn
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
InformationWeek (March 29, 2013)

DDoS Attack Doesn't Spell Internet Doom: 7 Facts
Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.
InformationWeek (March 28, 2013)

DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
InformationWeek (March 28, 2013)

Tougher Computer Crime Penalties Sought By U.S. Legislators
Draft version of Computer Fraud and Abuse Act includes amendments largely recycled from 2011 DOJ proposals -- and running counter to leading legal experts' demands to narrow anti-hacking laws, critics say.
InformationWeek (March 27, 2013)

Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions
Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam.
InformationWeek (March 27, 2013)

Malware Developers Hijack Chromium Framework
Google Chromium project responds by switching to another download site and promising to put new techniques in place to block automated downloads.
InformationWeek (March 26, 2013)

Android Malware Infects Activists' Phones
Targeted, data-stealing attack launched via Tibetan activist's email account leads to Chinese server in Los Angeles, says Kaspersky Lab.
InformationWeek (March 26, 2013)

How South Korean Bank Malware Spread
Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage.
InformationWeek (March 25, 2013)

Apple Patches Password Reset Vulnerability
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period.
InformationWeek (March 25, 2013)

Unpatched Remote Access Tools: Your Gift To Attackers
Three-year old "TeamSpy" espionage campaign should be a wake-up call. Lock down your remote-access tools, or else.
InformationWeek (March 25, 2013)

Who Owns Application Security, Patching In Your Business?
Too many organizations lack a formal security plan, leaving applications vulnerable to exploits, warns SANS Institute.
InformationWeek (March 22, 2013)

South Korea Changes Story On Bank Hacks
South Korean officials now say there's no evidence that the InformationWeek (March 20 attack against banks and television stations was launched from a Chinese IP address.
InformationWeek (March 22, 2013)

Hackers Eavesdrop Using Legitimate Remote Control Software
For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe.
InformationWeek (March 22, 2013)

South Korea Bank Hacks: 7 Key Facts
Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say.
InformationWeek (March 21, 2013)

Cisco Password Fumble: Hardware Security At Risk
Password implementation error results in easy-to-crack Type 4 passwords in latest versions of IOS and IOS XE operating systems that run Cisco's switches and routers.
InformationWeek (March 20, 2013)

South Korean Banks Lose Data In Malware Attack
Computer networks at banks and television stations in South Korea froze after targeted malware deleted data from numerous PCs. Was North Korea involved?
InformationWeek (March 20, 2013)

Beware Smartphone Lurkers: Cloud Storage File Remnants
Security investigators recovered Box, Dropbox and SugarSync files and unique file IDs, via forensic dump of iPhone and Android smartphone memory.
InformationWeek (March 20, 2013)

Anonymous DDoS Attack Report Bogus, Spamhaus Says
Anti-spam service says Russian malware gang launched attack, claims Anonymous accusation was the work of a man listed in its spammer directory.
InformationWeek (March 19, 2013)

HTTPS Security Encryption Flaws Found
Security researchers find weaknesses that could be exploited to crack some types of encrypted Web communications.
InformationWeek (March 19, 2013)

Anonymous Investigators Probe Reuters Reporter, Sabu
Feds indict Reuters social media editor for allegedly helping hacktivist group Anonymous -- and LulzSec leader Sabu -- deface the Los Angeles Times website.
InformationWeek (March 18, 2013)

Celeb Data Breach Traced To Credit Reporting Site
Tiger Woods and Mitt Romney are latest to see personal financial details published; credit agencies confirm hackers took data from AnnualCreditReport.com.
InformationWeek (March 14, 2013)

Microsoft Patches For USB Key Vulnerability
Driver bug would allow anyone with physical access to compromise a PC by using exploit code loaded onto a USB storage device.
InformationWeek (March 13, 2013)

iPhone, iPad Configuration Files Security Hole Shown
Mobile configuration files used by carriers could be repurposed to steal data and remotely control an iPhone or iPad, security firm warns.
InformationWeek (March 13, 2013)

Hackers Appear To Target Michelle Obama, FBI Director
Michelle Obama is among several public figures whose personal information appeared to be published via a website with a Soviet Union registration; some watchers see signs of hoax.
InformationWeek (March 12, 2013)

China Hack Attacks: Play Offense Or Defense?
The Chinese government has been blamed for launching cyber-espionage APT attacks against U.S. businesses. In this debate, two security experts examine how business should respond.
InformationWeek (March 12, 2013)

Google Preps $7 Million "Wi-Spy" Case Settlement
Google reportedly will settle with 30 states over its controversial Street View Wi-Fi hotspot sniffing program that was undertaken by a "rogue engineer."
InformationWeek (March 12, 2013)

Apple Ups Security For App Store
Apple begins using secure Web pages -- HTTPS -- for all App Store communications, to protect against password theft and other potential problems.
InformationWeek (March 11, 2013)

9 Must-Know Java Security Facts
More than half of all Java users are still using Java 6, which Oracle officially retired last month. Is it time for a consumer recall?
InformationWeek (March 09, 2013)

Pwn2Own Prizes Exceed $500K For Exploits
Only Google Chrome OS withstands attack in annual hacking contest as Flash, Java and every major browser are exploited.
InformationWeek (March 08, 2013)

Cell Phone Spam Doesn't Pay, FTC Says
FTC has filed 8 civil lawsuits against cell phone spammers, accusing them of promoting award scams.
InformationWeek (March 08, 2013)

Password Police Cite Evernote Mistakes
Evernote used the wrong security method to store passwords, cryptography experts say. Unfortunately, it's a common error.
InformationWeek (March 08, 2013)

Java, Browsers, Windows Security Defeated At Pwn2Own
How secure are the latest versions of Chrome, Firefox and IE10? All were successfully exploited on the first day of the annual Pwn2Own contest.
InformationWeek (March 07, 2013)

Bank Attackers Restart Operation Ababil DDoS Disruptions
Some customers report difficulty accessing banking sites, but officials said DDoS defenses and service provider blocks may be partly to blame.
InformationWeek (March 06, 2013)

EU Fines Microsoft $732 Million In Browser Brawl
Microsoft stopped offering browser-choice screen to European Windows consumers, in violation of 2009 agreement with antitrust regulators.
InformationWeek (March 06, 2013)

Java Emergency Patch Slaps McRAT Infections
Oracle patches two more zero-day bugs in Java 6 and Java 7. But security researcher spots new vulnerabilities in Java 7.
InformationWeek (March 05, 2013)

Evernote: We're Adding Two-Factor Authentication
After data breach and wide password reset, Evernote accelerates plans to offer additional security to users.
InformationWeek (March 05, 2013)

Kim Dotcom Plans Mega IPO
MegaUpload founder, still sought for extradition by the U.S. government, hires CFO to help float his new cloud storage service.
InformationWeek (March 04, 2013)

Evernote Breach: 7 Security Lessons
Both cloud service providers and users should heed the security takeaways from Evernote's breach and response.
InformationWeek (March 04, 2013)

Kill Passwords: Hassle-Free Substitute Wanted
Passwords keep proliferating, but do new technologies and approaches offer an alternative? Maybe.
InformationWeek (March 04, 2013)

Anonymous Launches Operation Wall Street, Targets CEOs
Hacktivist collective cites mortgage crisis, Aaron Swartz and bank spying in call to arms to dox "any and all personal information" on financial services firm executives.
InformationWeek (March 01, 2013)

Zero Day Java Vulnerability Allows McRat Trojan Infections
Security experts urge users of latest versions of Java 6 and 7 to disable Java in their browsers until Oracle releases a patch.
InformationWeek (March 01, 2013)

Security Tools Show Many Dots, Few Patterns
Today's security software wastes valuable time by delivering data dumps, rather than focusing on trends. But you can create your own visualizations.
InformationWeek (March 01, 2013)

NYT, WSJ Hacks Scrutinized By Security Community
China is again being blamed, but security experts criticize the lack of evidence, call on the media outlets to release full details of the attacks.
InformationWeek (February 01, 2013)

Mega Repeat: Search Engine Mimics Dotcom's MegaUpload
Crowdsourced MegaSearch site indexes all files on Mega, allowing users to share uploaded, encrypted content.
InformationWeek (January 31, 2013)

Did Chinese Hackers Hit NY Times?
Some evidence suggests Chinese involvement in recent attack onThe New York Times. Meanwhile, Symantec goes into damage-control mode over failure to block hackers.
InformationWeek (January 31, 2013)

Firefox Moves To Block Java, Silverlight, Adobe Reader
Mozilla's "click to play" move will block all plug-ins from executing without explicit user authorization.
InformationWeek (January 31, 2013)

Want Stronger Passwords? Try Bad Grammar
Beware passwords built using too many pronouns or verbs, Carnegie Mellon security researchers say. String together nouns instead.
InformationWeek (January 30, 2013)

FBI Busts Alleged Skype 'Sextortionist'
Man is accused of extorting over 350 women into posing nude on Skype by threatening to post compromising photos of them to Facebook.
InformationWeek (January 30, 2013)

Bank DDoS Attackers Claim Victory Regarding Film
One copy of widely viewed film that attacks the founder of Islam has been excised from YouTube. But who removed it, and will all copies be pulled?
InformationWeek (January 29, 2013)

Unplug Universal Plug And Play: Security Warning
Tens of millions of devices with UPnP are remotely exploitable, warns Metasploit creator. New tool detects vulnerable devices, which include 6,900 different product versions spanning 1,500 vendors.
InformationWeek (January 29, 2013)

Java Security Work Remains, Bug Hunter Says
Proof-of-concept attack can be used to run arbitrary Java apps, despite Oracle's recent security fix.
InformationWeek (January 29, 2013)

HP Disputes Printer Security Vulnerabilities
Weaknesses in printer networking software could be used to bypass authentication, deny service and retrieve documents from any user, Spanish researcher says.
InformationWeek (January 29, 2013)

Anonymous Plays Games With U.S. Sites
Protesting over death of Internet activist Aaron Swartz, Anonymous defaces U.S. government websites to hide a free game of Asteroids.
InformationWeek (January 28, 2013)

Anonymous DDoS Attackers In Britain Sentenced
Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British ant-piracy lobby as part of Operation Payback.
InformationWeek (January 25, 2013)

Barracuda Security Equipment Contains Hardcoded Backdoors
Multiple appliances sold by Barracuda contain undocumented usernames and passwords, as well as SSH access functionality, which an attacker could use to gain shell-level access to devices.
InformationWeek (January 24, 2013)

China Accused Of Java, IE Zero Day Attacks
Human rights groups have been victims of "watering hole" attacks using recently discovered -- and patched -- flaws in Java and Internet Explorer, security researcher says.
InformationWeek (January 24, 2013)

Security Flaws Leave Networked Printers Open To Attack
Attackers can exploit HP JetDirect software, used by numerous printer manufacturers, to disable printers, evade physical security checks or recover printed documents.
InformationWeek (January 23, 2013)

'Mega' Insecure: Kim Dotcom Defends Rebooted Megaupload Security
Proof-of-concept attack against site's encryption leads to questions over its actual security and privacy protections.
InformationWeek (January 23, 2013)

Virut Malware Botnet Torpedoed By Security Researchers
Spamhaus group scuttles command and control systems for Russian botnet controlling an estimated 300,000 zombie PCs per day.
InformationWeek (January 22, 2013)

Java Hacker Uncovers Two Flaws In Latest Update
Expert Java bug hunter says Oracle's latest Java 7 update, released last week, has two sandbox-bypass bugs.
InformationWeek (January 22, 2013)

Uncertain State Of Cyber War
Just what does "cyber warfare" mean? We're still figuring out tactics and capabilities.
InformationWeek (January 21, 2013)

Operation Red October Attackers Wielded Spear Phishing
Advanced, malware-driven espionage network employed over 1,000 modules and tools customized for just hundreds of targets, finds Kaspersky analysis.
InformationWeek (January 18, 2013)

Java Security 'Fix' Is Disguised Malware Attack
Security researchers spot malware masquerading as a Java security update. Users urged to download Java updates directly from Oracle.
InformationWeek (January 18, 2013)

Java Security Warnings: Cut Through The Confusion
Recent warnings to deactivate Java are raising additional questions: What about JavaScript, EJB, JavaFX, Android and any other use of the programming language?
InformationWeek (January 18, 2013)

TV-Monitoring Patent Prompts Privacy Worries
Could a television soon monitor your every move and conversation?
IAPP (January 17, 2013)

OKCupid Blind Date App: Beware Privacy Flub
OKCupid.com smartphone app promised safe blind date arrangement, but API failed to hide sensitive information about users.
InformationWeek (January 17, 2013)

Hacking Law Critics Demand Change After Swartz Suicide
Proposed legislation seeks to end felony charges related to 'unauthorized access,' but legal experts say bigger fixes are needed.
InformationWeek (January 17, 2013)

McAfee's Escape From Belize Turns Movie
Tale of eccentric antivirus founder John McAfee's escape to Guatemala and Miami set to be adapted by the team behind Crazy, Stupid, Love.
InformationWeek (January 16, 2013)

Another Java Zero-Day Vulnerability Hits Black Market
Just 24 hours after Oracle patched two critical flaws in Java, online vulnerability vendor starts selling never-seen Java bug.
InformationWeek (January 16, 2013)

10 Facts: Secure Java For Business Use
Businesses that rely on Java must now take additional steps to keep employees safe. Here's where to start.
InformationWeek (January 15, 2013)

Red October Espionage Network Rivals Flame
Newly discovered espionage malware infrastructure largely targets organizations in Eastern Europe and Asia.
InformationWeek (January 14, 2013)

Oracle Fixes Zero Day Java Flaws: Patch Now
Java 7 update, released Sunday, fixes bugs widely targeted by crimeware toolkits. Other critical bug updates coming later this week from Oracle and Microsoft.
InformationWeek (January 14, 2013)

Anonymous Says DDoS Attacks Like Free Speech
Hacktivist collective Anonymous petitions the White House to make DDoS attacks part of First Amendment protections. Shutdown attacks are akin to Occupy protests, group argues.
InformationWeek (January 11, 2013)

Java Under Attack Again, Disable Now
Java zero-day vulnerability is under attack by at least four active campaigns. Oracle has yet to respond. Here's what to do.
InformationWeek (January 11, 2013)

Bank Attacker Iran Ties Questioned By Security Pros
U.S. government officials continue to blame Iran for launching attacks against U.S. banks, but some information security experts see only circumstantial evidence.
InformationWeek (January 10, 2013)

Apple Targets App Store Bait And Switch Scammers
Apple will lock down app screenshots after approval to stem a spate of sellers hawking fake apps.
InformationWeek (January 10, 2013)

McAfee Takes Belize: Social Engineering Lesson
Eccentric antivirus firm founder John McAfee says he tricked people with spyware -- using free laptops. Social engineering attacks remain cheap, easy and effective.
InformationWeek (January 09, 2013)

Critical Ruby On Rails Issue Threatens 240,000 Websites
Bug allows attackers to execute arbitrary code on any version of Ruby published in the last six years.
InformationWeek (January 09, 2013)

U.S. Bank Hack Attack Techniques Identified
Security researchers detail how poorly secured, hosted servers helped launch botnet-based attacks; U.S. government continues to blame Iran.
InformationWeek (January 09, 2013)

Blackhole Botnet Creator Buys Up Zero Day Exploits
Crimeware toolkit is apparently so successful that creator been given $100,000 to shop for the latest vulnerabilities.
InformationWeek (January 09, 2013)

McAfee Strikes Back: Spyware Sting Targets Belize Government
Antivirus firm founder's story takes another bizarre twist, as he claims to have found connection between Hezbollah extremists and Belizean government officials.
InformationWeek (January 08, 2013)