SecurityWeek

During her keynote at RSA Europe earlier this week, Adrienne Hall, Microsoft’s Trustworthy Computing General Manager, announced the release of a tool that will help companies with up to 500 employees understand the impact of cloud migration.

During Google’s Pwnium competition at the Hack in the Box conference in Kuala Lumpur, Malaysia this week, a clever teenage hacker leveraged two bugs within Chrome to defeat its protections and fully compromise the system used in the contest. Google uses their Pwnium contest to address bugs and other exploitable vulnerabilities in their browser that were missed during code reviews and other QA processes. To date, they have paid more than million dollars in rewards to researchers.

WASHINGTON - The United States faces a growing threat of a "cyber-Pearl Harbor" and has drafted new rules for the military that would enable it to move aggressively against digital attacks, Defense Secretary Leon Panetta said late Thursday. The amended rules of engagement underline the need to defend Defense Department computer networks, "but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace," he said.

Korn/Ferry International, one of the world’s largest and most well-known recruitment and executive search firms, said Thursday that it had been hacked.

The distributed denial of service attacks against financial institutions continue, with Capital One, SunTrust, and Regions Financial being the latest victims. Capital One Financial Corp was targeted on Tuesday in the latest round of coordinated attacks to disrupt the Websites belonging to major U.S. financial institutions, a spokesperson said in a statement. SunTrust was hit by a DDoS attack on Wednesday. As of Thursday afternoon, SecurityWeek was unable to access Regions Financial.

The Industrialization of Hacking Has Created a Wave of Threats That are Increasingly Sophisticated

Universities face unique challenges keeping their servers and networks secure from cyber-criminals while accommodating the influx of student and faculty-owned devices each year. A recent analysis of online transaction data highlighted to what extent some universities have already been compromised.

Microsoft Patched XSS Flaw After Google Security Researchers Found It Within HotmailThe HTML sanitization flaw patched by Microsoft in this month's Patch Tuesday appears to have been discovered originally as a cross-site scripting flaw on Microsoft's Web-based Hotmail email service.

Mozilla has removed the latest version of their FireFox Web browser just over a day after it was released, due to a vulnerability that was discovered after it had shipped. The action was dismissed by many, simply an example of a organization protecting users by fixing a flaw. However, opponents of their new release schedule say this most recent event could have been prevented with proper checking.

A recent report from Blue Coat Systems, has revealed that the number of malicious networks – or "Malnets" – has tripled in the last six months. Collectively, the Malnets themselves are responsible for millions of attacks each month on systems used at home and the office.

Iranian official Mohammad Reza Golshani, head of the communications and IT of the NIOOC (Nat’l Iranian Offshore Oil Company), said that Israel launched a cyber attack against his company, and was soundly defeated before it could cause any damage.

While There are Numerous Options on How to Protect Mobile Payments, Attaining Impermeable Protection is Non-Negotiable.

Professional, coordinated attackers with a plan, breached a server maintained by Northwest Florida State College (NWFSC) and walked off with nearly 300,000 records, and have used the information to commit at least 50 acts of identity theft, the school’s president said.

The Irish version of Google and Yahoo briefly went offline on Tuesday when unknown perpetrators managed to change the sites' Domain Name Server records, according to the IE Domain Registry. A "security incident" on Tuesday resulted in the DNS nameserver records for two "high profile .ie domains" to be changed, IEDR said in a statement on its site Wednesday. There was apparently an "unauthorized access" to a registrar's account which resulted in the change, according to the statement.

Less than two years after being aquired by Intel, McAfee said that it will be laying off a "small percentage" of the now-security division's roughly 7,100 employees, according to a report that was confirmed with SecurityWeek on Thursday.