While conducting research, I encountered a curious-looking new ZeuS/ZBOT sample using a very old toolkit version. I retrieved the sample two days ago

Read the original post:
ZeuS/ZBOT Targets Russian Banks

Vulnerabilities identifiable in an automated fashion, such as with a scanner, can be loosely classified as “low-hanging fruit” (LHF) — issues easy, fast, and likely for bad guys to uncover and exploit. Cross-Site Scripting, SQL Injection, Information Leakage, and so on are some of the most typical forms of website LHF

View original post here:
The Low Hanging Fruit scanner strategy can get you into trouble

Last week, we had two major mass compromises.

Read more here:
Passwords Matter—The Hidden Risks “Minor” Info Stealers Pose

There’s been a great deal of discussion (controversy?) recently regarding personal privacy and the pursuit of profit. Many pundits are concerned that businesses are putting personal data at risk for financial gains

Read this article:
Facebook, Google and Privacy

Note to Facebook: Your privacy settings are much too difficult for the average individual to fully understand. Even critics of your privacy policies can’t figure them all out. Let’s take Privacy Check for example.

Originally posted here:
Facebook Privacy Check

You might remember the Ghostnet white paper that was released a year ago? We blogged about it extensively. The same researchers, with the help of Shadowserver Foundation, has now published a new whitepaper, called Shadows In The Cloud: Investigating Cyber Espionage 2.0 (link to a PDF).

See the original post here:
Shadows in the Cloud

In 2005, the European Commission embarked on a new policy framework that embraced all aspects of the “information society.” This framework, called i2010 - A European information society for growth and employment , provides the broad policy guidelines for the information, c

View original post here:
New Healthcare IT Landscape and Related Security Needs

Phishing and its effects–namely, identity fraud –continue to grow. Unfortunately, it is now easier than ever to carry out these kinds of attacks

More here:
Phishing Made “Super”

A recent study published by 7Safe, UK Security Breach Investigations Report , analyzed 62 cybercrime breach investigation and states that in “86% of all attacks, a weakness in a web interface was exploited ” (vs 14% infrastructure) and the attackers were predominately external (80%). These results are largely consistent with the US-based Verizon Data Breach Incident Report (2008) which tracks over 500 cases

See original here:
Infrastructure vs. Application Security Spending

Would somebody please tell us why there’s so much hype regarding privacy issues and Google Buzz ? Buzz integrates into Gmail… an e-mail service that reads (i.e.

The rest is here:
Google’s Buzz, there is no such thing as bad publicity…