SecurityWeek

After the discovery of systems infected with an unknown family of malware at India’s Eastern Naval Command, the country has quickly pinned the blame on China. India’s accusal is based on the fact that data harvested from the infected systems was copied to a server with a IP address in China.

Sun Tzu once said, “if you know your enemies and know yourself, you can win a hundred battles without a single loss.”

In a letter sent to partners, Jay Bavisi, President and CEO of the EC-Council, said that the company responsible for making Certified Ethical Hackers (C|EH) had launched an investigation after one of their own embezzled company funds.

A Google Android botnet has been spotted spamming messages pushing counterfeit medication. According to Sophos, the activity represents the latest way to monetize Android botnets. Traditionally, mobile malware has made money by intercepting SMS messages used as part of two-factor authentication mechanisms for online banks and charging fees for premium-rate SMS messages. This botnet however is sending messages that push Viagra and Cialis.

Apple’s closed model, while criticized by many, has kept iPhone and iPad users relatively safe from malware and other potentially malicious apps, especially when compared to Android users.While some iOS apps have been called into question before over privacy concerns and aggressive advertising tactics, Kaspersky Lab researchers are saying they have discovered an iOS app that they are outright calling malware.

A team of security researchers have demonstrated how a security flaw in Android 4.0.4 can be exploited by a rootkit.

The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. With it comes fear, uncertainty and doubt for those looking to execute PCI compliance controls properly and in turn to preserve their jobs. I had a chance recently to present as a guest keynote speaker at the North America CACS ISACE conference on implementing sound compliance and audit controls for key management.

In late June, Symantec reported on a form of malware that had been launching junk print jobs and wasting paper until the printer runs out. Symantec calls the malware Milicenso, or the “Printer Bomb”, and code examination marks it as a variant of a malware delivery system discovered in 2010.

Venafi, a Salt Lake City, Utah-based provider of enterprise key and certificate management solutions, has shared the results of scans performed on 450 Global 2000 companies, revealing that on average, nearly one in five digital security certificates deployed by the organizations rely on a technology that makes them open targets for Flame-, Stuxnet- and Duqu-style malware breaches.

CrowdStrike Streamlines Malware Reverse Engineering With CrowdREArmed with $26 million in venture funding, security startup CrowdStrike has released a tool designed to make it faster to reverse engineer malicious files by encouraging researchers to work together on a cloud-based collaboration platform.

Researchers at AlienVault believe an updated version of the Sykipot Trojan is being used to target the aerospace industry.

Microsoft has identified two of the 39 defendants in an ongoing legal assault on botnet activity. 

There is a saying in the InfoSec world – you can’t patch human stupidity. It isn’t hard to prove that statement depending on the situation, but a new account on Twitter is making the task a simple one. The account, @NeedADebitCard, is re-tweeting people who are openly declaring their intent to share the wealth (what little of it there is) by posting pictures of their debit and credit cards for all to see.

MasterCard and Deutsche Telekom on Monday announced a partnership in Europe designed to enable Deutsche Telekom’s 93 million mobile customers across Europe to use their mobile phones as an easy and secure way to pay.