Think Information. Think Security.
Computers components and other electronics imports may increasingly contain malicious software, according to a Congressional cyber-security expert, adding to the growing list of cyber-security threats affecting the U.S. government.

Hackers may be able to inject bad code into components imported from overseas plants, planting tools to help them launch cyber attacks on the U.S., according to Representative Jim Langevin (D., R.I.).

"Corrupting hardware and software is embedded in the supply chain," Langevin said. "We have a real challenge on our hands to better secure the supply chain."

It seems that malware is becoming a regular thing for Android base devices. This is something that Google should look into seriously if they really want to maintain their status as a major player in the mobile market.

ZeuS, also known as ZBot, is one of most well-known malware in the industry. The main purpose of this malware is to steal information, primarily banking credentials that are used to perform electronic fraud. In September of 2010 a new variant of ZeuS was discovered targeting mobile devices (Symbian, Blackberry and Windows Mobile) which basically will intercept SMS’s sent to the user by the bank and forward the captured mTANs to a remote server in order to defeat the SMS-based banking two-factor authentication.

Hackers infected computers, derailed websites, and plundered networks in a memorably miserable quarter, according to a report released Wednesday by Internet security firm PandaLabs.

Hacking groups Lulz Security and Anonymous caused "widespread mayhem" during the three months ending June 30, and malicious software "spread substantially," according to the research unit of Spain-based Panda Security.

"This quarter has been one of the worst on record," PandaLabs said in a quarterly security report.

"The number of attacks suffered by businesses and large organizations has set alarm bells ringing as systems and companies that until now were considered 'hack-proof' have fallen victim to cyber-crime," the report continued.

Hacker groups that attack or steal -- some estimates say there are as many as 6000 of such groups online with about 50,000 "bad actors" around the world drifting in and out of them -- are a threat, but the goals, methods, effectiveness of these groups varies widely.

Malicious activity alert: Anonymous hack-school grads come online in 30 days

When they're angry, they hack into business and government systems to steal confidential data in order to expose information about their targets, or they simply disrupt them with denial-of-service attacks. These are the hackers with a cause, the "hacktivists" like the shadowy but well-publicized Anonymous or the short-lived Lulz Security group (which claimed to have just six members and just joined forces with Anonymous).

There have been a number of high-profile security breaches in the last few months that have exposed the email addresses of millions of users. In December, Gawker Media's servers were hacked, and over 500,000 email accounts were compromised, and in April, Epsilon, one of the largest email marketing companies announced that its database had been breached. Epsilon said the breach was limited to only 2% of its clients - only about 50 companies. But those 50 companies include Citigroup, Capital One, Walgreen, Best Buy, Target, Hilton, Kroger, Tivo, Disney, The College Board and Marriot. 

Now that the Lulzboat has run aground during its three hour tour, and the rats have gone overboard in search of the relative safety of a pineapple under the sea, the computer media continues with the personal soap operas of "Anonymous" and "AntiSec" with the kids engaged in their infighting, whereas the attention of security people returns once again to the larger, more serious issues that involve the client side of the world.

When we last left our heroes, Microsoft had announced the takedown of a major botnet known as "Rustock." Well... not a complete takedown of course, but it's dwindled a bit aseWeek reports. Rustock had a good run before it was wrestled to the ground (almost) given that it first appeared in 2006.

A mere five year half life for malware is considered perfectly acceptable these days in the computer security realm.

A brand new spam campaign that promotes a fake Windows update is currently circulating on the Web.

The past few days have brought another mid-sized spam wave impersonating update reminders for the Windows operating system. Building on the awareness campaigns initiated by anti-malware vendors, cyber-crooks are now attempting to serve Windows users various OS updates that in the end prove to be rigged with malware.

While most spam campaigns use sloppy text that often makes no sense for a native English user, this time cyber-crooks invested a lot of effort into giving a touch of “authenticity” to this social engineering attack. And this specific wave of messages can easily mislead the untrained eye of a user who wants an operating system update.