News briefs

Monster breach
Hackers harvested personal info of at least 1.3 million users stored on the job recruitment site.

The multi-layered attack used stolen credentials to access the site, then sent a trojan to capture personal info later used in spear-phishing attacks.

Sal Iannuzzi, Monster CEO, said in the days following the attack that the company was planning to beef up security.

Microsoft announced plans to release Service Pack 1 for Vista, a major update containing security upgrades and other software enhancements, during the first quarter of next year.

The Redmond, Wash.-based software corporation also disclosed plans to release its third service pack for the XP operating system, called by company officials “a rollup of previously released updates for XP including security updates, out-of-band releases and hotfixes.”

Authorities were hopeful that the arrest of a Ukrainian man in Turkey on identity theft charges would lead them to the criminals behind the TJX breach.

Maksym Yastremskiy, 24, was arrested earlier this year in Kemer, a Turkish resort town. Authorities said he had trafficked more than a million credit card numbers.
“He was involved in the distribution of information,” said Greg Crabb, an agent with the U.S. Postal Inspection Service's global investigations unit. “We do have information that suggests other individuals were the masterminds of the hack.”

A law firm filed a class-action lawsuit against Certegy Check Services on behalf of customers whose info was sold to direct marketers by a former employee.

The complaint, filed by Girard Gibbs, charges that Certegy did not institute adequate security controls to prevent the breach.

The “storm worm” trojan switched tactics, using malicious e-cards and a bogus link to YouTube.
Messaging security vendors reported a 400 percent increase in spam as a result of the storm worm, first seen in January.

Winn Schwartau founded a nonprofit organization charged with educating end-users through cybersecurity certification programs.

SCIPP International will provide training for corporate and government employees, as well as educators and the self employed.

Accused adware distributor Zango dropped its lawsuit against PC Tools, which it had filed on the grounds that the anti-spyware vendor unfairly blocked Zango software.

Zango said it withdrew the suit because PC Tools “no longer eliminates Zango software as it did previously.” PC Tools claimed Zango withdrew the suit as it was clear Zango would not prevail in court.

Errata:  On the vendor table on page 43 of September's NAC
feature, there were errors.

Nevis should be listed as supporting Embedded in Switch. It is a major part of their product line.

Mirage Networks' Mirage Endpoint Control, supports Pre-
connect  checks. Mirage cloaks immediately, and then checks.  Also, it supports identity-based NAC.

We failed to include Bradford Networks in the chart – an oversight for which we apologize given the company has been working with SC Labs for a review, the result of which can be found this month..

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.