Top 10 Stories

Business Insurance: A total of 77% of midsize to large companies intend to have some kind of cyber insurance coverage in place within the next 12 months, while 42% of risk managers in the U.S. plan to increase their level of cyber insurance, or purchase it for the first time in the coming year, says Munich Reinsurance Co. Munch Re which based its conclusion on a survey of 100 risk managers of midsize to large...

PC Mag:  Don't obsess over zero-day vulnerabilities and the highly sophisticated, targeted attacks. Attackers are more likely to exploit older, known flaws in Web applications, so focus on basic patching and security hygiene instead. A vulnerability patched in 2010 and another in 2009 were among the ten most frequently targeted Web vulnerabilities in April, Barry Shteiman, Imperva's director of security strategy, told SecurityWatch. Despite their age, both private and industrialized attackers continue to target these vulnerabilities, because these attack campaigns are "lucrative." The...

The Register: Google has posted the source code for a new email encryption plugin that aims to make it easier to send secure messages using the Chrome browser. The company said that its End-to-End Chrome plugin, currently in alpha development status, will provide a secure method for transmitting data between users, with data encrypted locally in a user's browser and decrypted by the recipient via OpenPGP.  

IT Security Guru: Action by the National Crime Agency and other nations has disrupted Command & Control networks for the banking Trojan GOZeuS and the CryptoLocker ransomware. According to the NCA, working with international law enforcement partners including the FBI and Europol, as well as partners from the banking, internet security and ISP sectors, it has given the British public a unique, two-week opportunity to rid and safeguard themselves from the two distinct forms of...

Threatpost:Regardless that the fervor over the Heartbleed OpenSSL vulnerability has died down considerably, patching the bug should remain a top priority for enterprises because researchers continue to find new exploit vectors. The latest takes aim at Heartbleed over wireless networks. A researcher with Portugal-based consultancy Sysvalue has shared details of attacks he calls Cupid in which he has built patches that modify hostapd and wpa-supplicant, two programs that act as wireless access and authentication management points  

Hot for Security:The official Facebook page of rock band Linkin Park has been hacked, and its 62 million fans bombarded with spam messages containing coarse images and out-of-character links to third-party sites. Although someone appears to have committed a crime by accessing Linkin Park’s Facebook account without authorisation, it would have been much more worrying if the links had been deliberately crafted to appear as though they really did come from the band, and had...

The Breeze: Personal details of almost two thousand housing benefits claimants have accidentally been leaked by Basingstoke and Deane Borough Council. It's contacted people affected, after a mistake was made in response to a Freedom of Information request.  

Graham Cluley: If you work for Monsanto, or your organisation is a customer of the agriculture and biotech giant, then there’s some bad news. The controversial company has admitted that someone managed to breach its network security, and access servers that contained sensitive information – including customer names, addresses, tax ID numbers, and (in some cases) financial information.  

CBS News: A Russian computer hacker was accused Monday of leading a worldwide conspiracy that targeted hundreds of thousands of computers with malware, enabling his group to steal more than $100 million from business and other bank accounts. The group led by the man, Evgeniy Bogachev, infected computers with software that captured passwords and account numbers and stole millions of dollars from victims, U.S. authorities said. The members of the gang come from Russia, Ukraine...

Arstechnica: A 1Password clone has snuck its way into the App Store with a near-perfect replica of the real deal's logo. The clone version retails for $1.99, $16 less than the price of 1 Password developer Agile Bits'original login-storing app. The clone looks to be of dubious origin, as do a handful of other cloned apps submitted by the same developer. Apple's walled-garden system for its App Store is meant to prevent the more nefarious forms of...