A new piece of backdoor distributed-denial-of-service malware is found accompanying Gh0stRAT into infected machines. The US Postal Service, Vodaphone, and Panda Security are spoofed in phishing attacks. SearchSecurity offers an update on malware that evades detection by hiding behind innocent OS routines, like mouse actions. A new Trojan appears to be trolling for embarrassing photos, but may actually be a state-espionage tool.
Email, we are reminded, remains a security and privacy problem. Stuxnet is now seen as a turning point in SCADA security, as users of industrial-control systems aggressively seek out and fix exploitable software flaws. The cyber war (as most observers call it) between Iran and the US quietly escalates.
Google patches Chrome and adds malware detection to Jellybean. Adobe issues critical patches for Flash.
The Motley Fool thinks SourceFire is a small-cap darling because of its strong third quarter and pervasive news of cyber insecurity. Symantec honors twelve cyber security stars.
Narrowing user privileges remains a good idea, as the recently disclosed attack on Coca Cola suggests. This attack's delayed disclosure prompts analysts to wonder whether Coca Cola has exposed itself to a shareholder lawsuit, and observers question the adequacy of disclosure practices in industry generally. The Messaging, Malware and Mobile Anti-Abuse Working Group recommends sidestepping DKIM vulnerabilities by moving to verification keys with 1024-bit or higher encryption.
Barclays Bank wants to become the Apple of financial services, and establishes an IT skunk works to help it do so. Sandia Labs concludes CRADAs with GE and Northrop Grumman.