SecurityWeek

Earlier this month, SecurityWeek reported that NASA was investigating claims made by a group of Iranian hackers that an SSL certificate issued to its Research and Education Support Services (NRESS) group was compromised, and used in a Man-in-the-Middle attack.

McAfee recently released its quarterly threats report for Q1 2012, detailing the increase in malware across all platforms. According to the data, PC-based malware hit a new high during the quarter, making it the largest jump the segment has seen in four years.Within the first quarter of 2012, McAfee Labs detected 8 million new malware samples, Vincent Weafer, senior vice president of McAfee Labs said.

Serco Says Server Intrusion via "Sophisicated Cyber Attack" Affected Federal Retirement Plan

FBI Sends Warning to InfraGard Members of Possible Memorial Day Attacks On Thursday, the FBI issued an alert to InfraGard members, warning them about an alleged plot to launch a series of DDoS attacks against high profile corporations. The campaign, titled OpNewSon (Operation NewSon), was initially proposed in April by a group of Anonymous supporters using the name TheWikiBoat.

While it’s commonplace to share information online and via social media, we all want our information safe, and we want control over what we share. Unfortunately, control is becoming harder to establish and maintain. As much as I am a technogeek, I am also security and privacy paranoid. Social media exposes us. Technology itself exposes us. My biggest privacy worries are currently around social media, and the mobile use of private information supported by smartphones. Facebook

Researchers have submitted a draft proposal to Internet Engineering Taskforce about a way to catch forged SSL certificates and address challenges to the level of trust in certificate authorities. Two researchers have proposed an extension to TLS (transport layer security) as a solution to some of the security challenges facing the SSL certificate ecosystem.

Felix Rogue and His Son Were Arrested for Hacking and Disabling a Website That Criticized the West New York Mayor 

Nominum, a vendor that focuses on DNS and security solutions for enterprises and service providers, announced a new addition to its Nominum Mobile Suite on Wednesday, the Mobile Network and User Security solution.According to the company, the goal of the newest addition is to reduce latency and network failure, and protect mobile networks from increasing attacks.

Yahoo has since released an updated extension to address the issue, which was discovered by a security researcher shortly after Yahoo announced Axis. When Yahoo released its new Axis extension for Google's Chrome browser Wednesday, the company accidentally disclosed a private signing key that could be abused by an attacker.

Verizon Wireless appears to be the latest victim of a vishing attack, with a well-crafted scam targeting its customers and looking to capture sensitive customer information.

Protegrity, a provider of data security solutions, on Wednesday announced Protegrity Vaultless Tokenization, an offering designed to help payment processors and gateways cost-effectively provide tokenization services to their clients.That company says it can now support the largest companies in the payments industry with a lightweight tokenization solution that can scale to thousands of merchants, quickly, without the cost and complexity of backend database infrastructure.

Companies Join Forces to Deliver Android-based Commercial Smartphones and Tablets with Defense-grade Security

The National Centers of Academic Excellence in Cyber Operations Program, an initiative of the National Security Agency, aims to increase the amount of professionals with expertise in this area. The program is designed to identify institutions that offer a deeply technical, interdisciplinary curriculum centered on fields such as computer science, computer engineering, and electrical engineering. In addition, it supports the government's work to better protect cyberspace.

Polytechnic Institute of New York University (NYU-Poly) is introducing a management track to its master’s degree in cyber security. The first classes begin this summer."We created the management track in response to calls from industry for highly qualified executives with strong technical knowledge," said NYU-Poly Computer Science and Engineering Professor Nasir Memon."It will prepare graduates to manage a team of cyber-security personnel as well as a command of the business acumen to secure information in line with company objectives."

Intel has released a single sign-on application that will enable enterprises to use Salesforce.com credentials on all of the Force.com applications, in addition to scores of others across the Web. More over, Intel’s Cloud SSO service offers two-factor authentication options and has detailed reporting implemented from the start.