»Visitors to the website of Sohaib Athar, or Twitter user “@ReallyVirtual,” an IT consultant who lives in Pakistan and who tweeted about hearing helicopters during the U.S. military operation to kill Osama bin Laden, may have downloaded malware onto their PCs, according to researchers at web security firm Websense. Athar's website, which is linked from his Twitter account, was compromised to host rogue anti-virus software. The site has since been cleaned. Other attackers, meanwhile, jumped to exploit bin Laden's death through black hat search engine optimization tactics and Facebook scams.»The FBI must bolster its cybersecurity expertise to effectively combat the most serious cyber intrusions, according to a new audit. The U.S. Department of Justice inspector general review assessed the FBI's ability to counter national security-related intrusions, such as those carried out by foreign adversaries for intelligence or terrorist purposes.
»Privacy concerns ran rampant following revelations that smartphone and tablet devices from Google and Apple are collecting and storing information about users' locations. The issue rose to prominence after researchers disclosed that Apple devices running iOS v4 contain a file that logs, with a timestamp, users' coordinates. The same week, researchers revealed that Google regularly transmits the location data of users' Android smartphones back to a central server. Apple said the iPhone does not log users' locations, while Google said that any location data sent back to its servers is not traceable to a specific user.
»Amazon, in a letter posted to its website, apologized for a recent cloud computing outage that left many popular sites unavailable for several days. But the incident likely will prompt some to re-evaluate their use of cloud services, according to experts. For security practitioners, the incident should serve as a reminder that like any technology the cloud can fail and they must be prepared for that, said Philip Cox, director of security and compliance at consultancy SystemExperts. When using cloud services, users should implement risk-based security controls and have disaster recovery and business continuity plans.
»The U.S. government's response to cyberthreats against the nation's critical networks must be grounded in public evidence, not “alarmist rhetoric,” according to a new research paper. The authors – Jerry Brito and Tate Watkins of the Mercatus Center at George Mason University in Arlington, Va. – argued that the dangers of “threat inflation” may lead to decisions based on inaccuracies, similar to the choice to invade Iraq when that country was not housing weapons of mass destruction. A similar decision in the cyberworld may result in the unnecessary regulation of private and public networks and unjust spending of federal dollars on cybersecurity, they said.
»A Georgia man pleaded guilty to fraud and identity theft after authorities found him in possession of more than 675,000 credit card numbers, some of which he obtained by hacking into business networks. Rogelio Hackett Jr., 26, pleaded guilty to charges of access device fraud and aggravated identity theft after authorities discovered the card numbers, used to conduct fraudulent transactions totaling more than $36 million, on his computers and storage devices. Authorities hunted Hackett down after monitoring his activity in internet relay chat rooms and on underground forums, where he sold stolen card numbers to buyers around the world.