SecurityWeek

AlienVault, the San Mateo, California-based company behind open source SIEM, OSSIM, and the AlienVault Open Threat Exchange, today announced that it has closed a $22.4 million Series C funding round led by Kleiner Perkins Caufield & Byers (KPCB) and Sigma—two prominent venture firms.

Yesterday, SecurityWeek reported on a blog post by Microsoft security researcher Terry Zink, who said that a spammer had control of Android devices. As it turns out, while malware on the Android platform is a reality, spammers may not have gained total control.  “All of these message are sent from Android devices,” Zink wrote initially. He was commenting on an unusually high number of junk emails that had Yahoo Mail headers, and an Android-based signature.

After the discovery of systems infected with an unknown family of malware at India’s Eastern Naval Command, the country has quickly pinned the blame on China. India’s accusal is based on the fact that data harvested from the infected systems was copied to a server with a IP address in China.

Sun Tzu once said, “if you know your enemies and know yourself, you can win a hundred battles without a single loss.”

In a letter sent to partners, Jay Bavisi, President and CEO of the EC-Council, said that the company responsible for making Certified Ethical Hackers (C|EH) had launched an investigation after one of their own embezzled company funds.

A Google Android botnet has been spotted spamming messages pushing counterfeit medication. According to Sophos, the activity represents the latest way to monetize Android botnets. Traditionally, mobile malware has made money by intercepting SMS messages used as part of two-factor authentication mechanisms for online banks and charging fees for premium-rate SMS messages. This botnet however is sending messages that push Viagra and Cialis.

Apple’s closed model, while criticized by many, has kept iPhone and iPad users relatively safe from malware and other potentially malicious apps, especially when compared to Android users.While some iOS apps have been called into question before over privacy concerns and aggressive advertising tactics, Kaspersky Lab researchers are saying they have discovered an iOS app that they are outright calling malware.

A team of security researchers have demonstrated how a security flaw in Android 4.0.4 can be exploited by a rootkit.

The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. With it comes fear, uncertainty and doubt for those looking to execute PCI compliance controls properly and in turn to preserve their jobs. I had a chance recently to present as a guest keynote speaker at the North America CACS ISACE conference on implementing sound compliance and audit controls for key management.

In late June, Symantec reported on a form of malware that had been launching junk print jobs and wasting paper until the printer runs out. Symantec calls the malware Milicenso, or the “Printer Bomb”, and code examination marks it as a variant of a malware delivery system discovered in 2010.

Venafi, a Salt Lake City, Utah-based provider of enterprise key and certificate management solutions, has shared the results of scans performed on 450 Global 2000 companies, revealing that on average, nearly one in five digital security certificates deployed by the organizations rely on a technology that makes them open targets for Flame-, Stuxnet- and Duqu-style malware breaches.

CrowdStrike Streamlines Malware Reverse Engineering With CrowdREArmed with $26 million in venture funding, security startup CrowdStrike has released a tool designed to make it faster to reverse engineer malicious files by encouraging researchers to work together on a cloud-based collaboration platform.

Researchers at AlienVault believe an updated version of the Sykipot Trojan is being used to target the aerospace industry.

Microsoft has identified two of the 39 defendants in an ongoing legal assault on botnet activity.