Think Information. Think Security.
Watch out if you get email messages with attachments named like “Financial_Statement.exe” or “Postal_document.exe” – they mean trouble.

During these past few days we’ve seen here at BitDefender millions of spam messages either bundled with malware or containing a dangerous link. In this particular case I chose to present here, cyber-crooks tried to con the users by exploiting the natural and justified concern for their financial situation, serving them unsafe though extremely appealing attachments.

So, all in the name of money deposited in bank accounts and goods delivered via the postal service, there have been circulating e-mails with attached financial statements or postal documents. These are basically two facets of the same piece of malware – a downloader (identified by BitDefender asTrojan.Generic.KDV.280912) masquerading a Microsoft Word icon but bearing an .exe extension.

There have been a number of high-profile security breaches in the last few months that have exposed the email addresses of millions of users. In December, Gawker Media's servers were hacked, and over 500,000 email accounts were compromised, and in April, Epsilon, one of the largest email marketing companies announced that its database had been breached. Epsilon said the breach was limited to only 2% of its clients - only about 50 companies. But those 50 companies include Citigroup, Capital One, Walgreen, Best Buy, Target, Hilton, Kroger, Tivo, Disney, The College Board and Marriot. 

A brand new spam campaign that promotes a fake Windows update is currently circulating on the Web.

The past few days have brought another mid-sized spam wave impersonating update reminders for the Windows operating system. Building on the awareness campaigns initiated by anti-malware vendors, cyber-crooks are now attempting to serve Windows users various OS updates that in the end prove to be rigged with malware.

While most spam campaigns use sloppy text that often makes no sense for a native English user, this time cyber-crooks invested a lot of effort into giving a touch of “authenticity” to this social engineering attack. And this specific wave of messages can easily mislead the untrained eye of a user who wants an operating system update.

Get used to it: Malware can't be completely blocked or eliminated. But you can manage your PCs, mobile devices, and networks to function despite being infected.
How can you be sure your organization doesn't have insidious viruses or other malware lurking within systems and applications, waiting to inflict damage? You can't.

Malware has grown sophisticated to the point where there's no guarantee that it's actually gone, even when you've applied the latest antivirus software. Making matters worse, IT infrastructures are becoming much more complex -- with an ever-growing population of devices that give malware even more possible entry points.

These days, you have to assume there are some infected PCs or other devices on the corporate network.

BlackKatSec: The New Kids on the Block Who Allege They Took Down Al-Qaeda

Last week, the Al Qaeda site was taken down by unknown persons and their domain suspended by Godaddy for abuse.

Evan Kohlmann of Flashpoint Global was making the rounds on the media circuit pimping that it was in fact MI6 or the like that took the site down.

However, Evan had little to no evidence to back this claim, and frankly, the media just ate it up evidence be damned. I came to the party after hearing online the previous weekend that the site was under attack and going down from an unknown type of attack.

Cyber-attackers hit another Department of Energy research laboratory last week, forcing IT managers to shut down all of the facility’s computer links to the outside world to try to contain the damage.

Essential computer services remain offline nearly a week after a cyber-attackers hit another Department of Energy laboratory, this time in the state of Washington.

The Energy Department’s Pacific Northwest National Laboratory in Washington shut down Internet access and email services following a sophisticated cyber-attack, according to a July 5 post on the facility’s Twitter account. Officials became aware of the cyber-attack on July 1, Greg Koller, the lab’s spokesperson, told the Associated Press.

From the satellite pictures on Google Earth, Jinan looks like any other Chinese city — sprawling construction sites, massive factory blocks, apartment buildings, a university, dozens of railway lines and wide-open plazas.

But according to the Internet giant, somewhere in the city — the capital of China’s eastern Shandong province — are the computer servers used to try to steal the passwords of hundreds of Google e-mail account holders. They included senior U.S. officials, human rights activists and journalists.

Perhaps, experts say, it came from the “technical reconnaissance bureaus” of the People’s Liberation Army said to be based in the city. Perhaps it came from the technical college U.S. investigators linked last year to a previous attack on Google that prompted it to temporarily quit mainland China.

Mantra is an open source, Firefox-based security testing framework.

Mantra is an open source, browser-based framework for penetration testing and security assessments. It's based on Mozilla's Firefox Web browser, so it's cross-platform, and it's part of the Open Web Application Security Project — OWASP.

The following is an interview with the with project leader Abhi M. Balakrishnan to talk about Mantra and its goals.

Until your email is hacked, you may not know that you have a lot to protect. Various gadgets and devices are readily available to help you stop hackers, writes JAYNE AUGOYE.

The world over, hacking persists despite technological advancements and precautionary measures. With millions dollars lost on a daily basis to cyber crime, it remains a major challenge to individuals, organisations and government

Apple has become the latest target for hackers, with a group of Anonymous users releasing a list of what are said to be usernames and passwords for one of the Cupertino company’s servers. According to a tweet from the team, “Apple could be target, too”; however, they go on to say “But don’t worry, we are busy elsewhere.”