»Anonymous pulled off one of its most brazen hacks to date, when it compromised the email account of a law enforcement official to retrieve the dial-in details for an FBI-Scotland Yard conference call. The discussion, which the group recorded and posted online, centered on the ongoing cases of several members of Anonymous and LulzSec accused of hacking and launching denial-of-service attacks.
»The PCI Security Standards Council, which manages and drives adoption of the standard, is planning to launch a certification that attests to one being qualified in preparing an organization for a PCI assessment. Security practitioners want the credential to serve as a competitive differentiator, but also to express that they understand the intricacies of the 12-step standard for protecting credit card information.
»Hackers posted emails that chronicle an attempted sting operation between someone using the alias “Yamatough,” who is part The Lords of Dharmaraja, an Anonymous-affiliated group, and a supposed Symantec employee, Sam Thomas, who turned out to be a law enforcement official. The emails detail ultimately failed negotiations in which Yamatough attempts to blackmail Symantec with the promise that it won’t post stolen Norton and pcAnywhere source code that hackers stole.
»Temporary DNS servers that replaced infected DNS servers brought down by the FBI and Estonian police, after a raid dubbed Operation Ghost Click, are due to be taken offline March 8. The servers are currently being managed by the Internet Systems Consortium under a court order. Unless the court determines that the servers should be kept online past deadline, they could be turned off, potentially severing internet access to thousands.
»Since online activist group Anonymous shredded the systems of global affairs firm Stratfor to steal some five million emails and 90,000 credit card numbers, it has claimed other victims, including OnGuardOnline.gov; tear gas maker Combined Systems; police departments in Oakland, Boston and Texas; and the law firm that represented a U.S. Marine who avoided jail time for his role in a 2005 massacre in Iraq.
»The identities and whereabouts of the group responsible for spreading the notorious Koobface worm on Facebook, which earned the criminals millions of dollars, were outed by the social networking site. Facebook, which has been free of infection from the infectious malware for nearly a year, decided to release the information to help other sites, where the worm still may be propagating. But some criticized the decision by Facebook, saying it jeopardized an ongoing investigation, as shortly after the announcement, the gang cut off its command-and-control server.
»The food-and-beverage industry made up 44 percent of Trustwave‘s more than 300 data breach response investigations in 2011. That industry rated as the most targeted in 2010, as well. Many food-and-beverage locations are owned by franchisees, but their networks all are similarly set up, which offers hackers a formulaic blueprint for fleecing a large number of victims. In addition, the report blamed weak passwords and poor anti-virus for successful attacks that sought customer data.
»Google has been using a home-grown tool to scan mobile applications as a way to prevent its Android Market from becoming fertile ground for malware spread. Known as “Bouncer,” the service studies new and existing applications, looking for anomalies that could signal a program that is up to no good. Google credited Bouncer with lowering the number of “potentially” malicious downloads in the Android Market by 40 percent, between the first and second half of 2011.