Attack targets PayPal, Barclays Bank and eBay were the three firms most targeted by phishers last month, according to statistics compiled by PhishTank users. More than 2,200 validated phishing attempts targeted PayPal users. Suzanne and Mark Stocker (left) were victims of ID theft when one of Suzanne's childhood friends hacked into their PayPal account and spent nearly $15,000.

The University of California, Los Angeles (UCLA) has alerted 800,000 victims that their personal information may have been compromised after discovering that hackers have been exploiting an undetected security hole in a database for more than a year.

The database, where UCLA discovered the breach on Nov. 21, contains the personal information of current and former students, faculty and staff, applicants, parents of students, or applicants who sought financial aid.

Upon the breach's discovery, UCLA immediately blocked access to Social Security numbers stored in the database. It also notified the FBI, which is investigating the incident.

 

The Cyber Security Industry Alliance (CSIA) announced that Paul Kurtz, former executive director, has left the organization to join Good Harbor Consulting as a partner and COO.

Kurtz doubled CSIA membership in his three years at the helm and brought the industry more visibility in U.S. and European policy.

Kurtz was replaced by Liz Gasster, who served as the CSIA's general counsel and senior adviser to the executive director for national and international law and policy.

 

LMH, the hacker responsible for the "Month of Kernel Bugs" project, and partner Kevin Finisterre, kicked off a hectic January of revealing one Apple flaw per day.

The project's first revelation was a vulnerability in QuickTime 7 that could be exploited by attackers to take over a compromised system.

The duo defended the project, called the "Month of Apple Bugs," by saying it would draw attention to security concerns in the Mac OS X operating system.

But critics swiped at the undertaking, saying it would do Apple customers a disservice by releasing flaw information to attackers.

 

Sony BMG Music agreed to pay $4.25 million in a settlement with 39 states over digital-rights management software the music giant surreptitiously installed on CDs late last year.

Sony is to compensate end-users whose PCs were damaged when trying to uninstall the rootkit-like technology that was designed to prevent piracy.

Sony also agreed not to distribute CDs containing copyright protection that is difficult to locate or remove.

 

A trojan posting as rarely seen Saddam Hussein execution videos made the rounds days after the deposed dictator was hanged. Researchers at F-Secure discovered emails embedded with three Saddam-related viruses that appeared as files to launch videos of his execution. Experts said this follows a growing trend among spammers to quickly create malicious emails that use current event topics to dupe an even larger number of users. In this case, two of the executables linked to YouTube to increase the scam's legitimacy.