Microsoft discloses zero-day IE flaw used in China attacks 19.01.10 The organized and well-resourced cybercriminals who compromised systems at Google, Adobe and more than 30 other large companies used a previously unknown, zero-day Internet Explorer exploit as part of their arsenal to install data-stealing malware on target machines, researchers at McAfee revealed Thursday. "As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals," George Kurtz, McAfee's CTO, said in a blog p... More detail

Cybercriminals revive old scams to target smartphones 16.01.10 As mobile phones get more sophisticated, hi-tech criminals are dusting off some old tricks. Security companies have noticed a rise in trojans known as diallers that used to be popular during the days of dial-up net access. On a smartphone the diallers are being used to call premium rate lines leaving victims with a big bill. Experts say the diallers are proving popular as a quick way for criminals to cash in. Diallers were widely used during the days of dial-up net access when most people connec... More detail

Microsoft admits Explorer used in Google China hack 16.01.10 Microsoft has admitted that its Internet Explorer was a weak link in the recent attacks on Google's systems that originated in China. The firm said in a blog post on Thursday that a vulnerability in the browser could allow hackers to remotely run programs on infected machines. Following the attack, Google threatened to end its operations in China. Microsoft has released preliminary guidance to mitigate the problem and is working on a formal software update. More detail

Google and US companies hacked by Chinese hackers 12.01.10 Beijing, China (CNN) -- Within hours of Google's announcement that it was no longer willing to self-censor in China, Google.cn was retrieving results for sensitive topics including the 1989 crackdown at Tiananmen Square, the Dalai Lama and the banned Falun Gong spiritual movement. Previously, a search for "Tiananmen" would only return images of the square itself. By early Wednesday, Google.cn linked to pages with information about the bloody government crackdown in 1989, though the page appear... More detail

Malicious apps found in Google's Android online store 12.01.10 Rogue applications developed to steal banking credentials from users were discovered late last month in Google's Android Market online software store.The malicious programs were disguised as a legitimate mobile banking apps and were designed to steal users' online banking credentials, according to Oregon-based First Tech Credit Union, which posted a fraud alert about the threat on Dec. 22. The malicious apps, which have targeted customers of First Tech Credit Union and California-based Travis Cr... More detail

U.S. enables Chinese hacking of Google Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn't that Chinese hackers engage in these activities or that their attempts are technically sophisticated -- we knew that already -- it's that the U.S. government inadvertently aided the hackers. More detail

Minimize Risk by Maximizing Accountability Risk management only works when it factors into everyone's thinking. Kerri Grosslight of Wells Fargo lays out steps for getting there. Faced with challenging economic times and heightened legislative and regulatory scrutiny, companies across all industries are increasingly compelled to keep risk management top of mind. Success depends upon customer and shareholder confidence in a company's ethical standards and its ability to make prudent decisions about handling risks. Whether a company's risk ... More detail

How one lost laptop can have a giant impact As the CTO of a data protection and encryption company, I hear many a tale of woe as other CTOs and CEOs confess to me the stories of how various laptops within their companies have gone astray and the destruction these lost laptops have caused in their wake.  With this in mind, here is one such tale of woe, albeit fictional, that I have heard time and time again. Where do I begin? If the evidence is to be believed it stems back to, what I assumed to be, a fortuitous meeting in the bar at the ... More detail

Managers of IT security technology are as important as the products Right about now, CIOs are finalizing budgets for 2010, and one of the main issues will be how to prepare for the next security threat. This is always a challenge regardless of the year; it's akin to looking into a crystal ball and trying to counter some ill-defined potential adversary that is largely out of an organization's direct control.However, that is most likely not where a company's biggest vulnerability lies. For all the tools and solutions won't matter if the people in charge of impleme... More detail

Recognizing the payment industry achievements of 2009 and looking ahead On a global level, the council continues to extend beyond simply defining the standards. We provide resources to address specific security challenges and mobilize the payment community through training sessions, open discussion forums and both formal and informal feedback sessions.  More detail