The PCI Security Standards Council’s (PCI-SSC) recently published March Assessor Newsletter , which contains rather “interesting” language for certain Approved Scanning Vendors (ASV). It is unclear what the penalty will be for firms who continue their misleading practices

See the original post:
PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6

People choose their passwords based on different factors: how easy they are to remember, how strong or complex they are, the sentimental value they have, etc.

Continued here:
Passwords—Can’t Live With ‘em, Can’t Live Without ‘em

In the past couple of months, Symantec has observed a mass phishing attack on two major brands that provide retail electronic payment services for banks across the globe.

Go here to see the original:
Mass Phishing of Retail Electronic Payment Brands

The Saturday night boxing match between Manny Pacquiao and Joshua Clottey was one of the most awaited sports events of 2010. It should not be a surprise then that cybercriminals took advantage of it to spread malware. Another blackhat search engine optimization (SEO) attack led users who wanted to watch the fight online via live video streams (using the search phrase “manny pacquiao vs joshua clottey live streaming”) to malicious sites.

Here is the original post:
Pacquiao-Clottey Live Streams Lead to FAKEAV

For cybercriminals, another celebrity’s death means a new life for their scams.

Read more:
Corey Haim’s Death Leads to FAKEAV

Before reading the following, ask yourself if you’d recommend to the average user that they store their passwords in a local password manager. Today there are four primary ways users lose control over their web-based passwords. Phishing Scams (email or SEO), Malware (installing malware or drive-by-downloads), website break-ins (SQLi, RFI, misconfiguration, etc.), and website brute-force attacks.

Here is the original post:
Password Managers, is this the best option user’s have?

In February, spammers continued to use the news of the earthquake in Haiti and the recent earthquake in Chile as another vector to utilize.

More here:
Spam and Phishing Landscape: March 2010

Following our blog, 0-Day attack on IE6: JS.Sykipot doesn’t spare retired software , covering the recent IE 0-day , we thought it might be interesting to look at an attack in the wild using this vulnerabili

Continued here:
Backdoor.Sykipot At Work

Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway

See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)