Top 10 Stories

  Errata: It's been a month since the Heartbleed bug was announced, so I thought I'd rescan the Internet (port 443) to see how many systems remain vulnerable. Whereas my previous scan a month ago found 600,000 vulnerable systems, today's scan found roughly 300,000 thousand systems (318,239 to be precise). The numbers are a little strange. Last month, I found 28-million systems supporting SSL, but this month I found only 22-million. I suspect the reason is that...

eWeek - In the second half of 2013, criminals increasingly used deceptive downloads that were bundled with malware and ransomware, the Microsoft research showed.   Cyber-criminals are increasingly using "deceptive tactics" to circumvent the protections that Microsoft has built into its software over the past couple of years, according to the latest Security Intelligence Report (volume 16) from the company's Trustworthy Computing division.    

New York Times: Snapchat just released a major update that’s been getting a lot of attention. But one less publicized aspect of this update is that Snapchat is a whole lot less ephemeral than it used to be. Snapchat introduced text messaging and chatting, as well as a FaceTime-like video conferencing feature. But people who like Snapchat’s disappearing messages should know that anyone can simply tap on a text message to save it in a thread forever.

IT Security Guru: Today is “National Password Day” as the security industry and world continues the battle with the dogged authentication method. Backed by companies including Microsoft, Intel and LastPass, the initiative follows on from stories where “hackers have leaked millions of passwords from sites like Facebook, Yahoo!, and Google”. The website offers basic advice on password security for consumers, but comes after the Heartbleed bug, which may have affected two-third of global websites and compromised...

Reuters: Hewlett-Packard Co said it plans to invest more than $1 billion over the next two years to develop and offer cloud-computing products and services. The company said it will make its OpenStack-based public cloud services available in 20 data centers over the next 18 months.  

  9Mobile: Two men have been charged with conspiring to hack into the computers of over 30 public and private organizations, including the U.S. Navy, according to the U.S. Attorney's Office in Tulsa. In a news release, the U.S. Justice Department said Nicholas Knight, 27, of Chantilly, Virginia and Daniel Krueger, 20, of Salem, Illinois hacked into the computer servers as part of a plan to steal identities.  

Threatpost: The CryptoLocker ransomware has been wreaking havoc on desktops for months now, demanding that victims pay hundreds of dollars in exchange for the key to decrypt their locked hard drives. Now the malware is expanding its scope, adding the Android platform to its targets. The new mobile version of the malware is being sold by the same group responsible for the Reveton ransomware, which has been circulating for more than two years. The goal of all ransomware...

New York Times: Russia has taken another major step toward restricting its once freewheeling Internet, as President Vladimir V. Putin quietly signed a new law requiring popular online voices to register with the government, a measure that lawyers, Internet pioneers and political activists said Tuesday would give the government a much wider ability to track who said what online. Mr. Putin’s action on Monday, just weeks after he disparaged the Internet as “a special C.I.A....

Gov Info Security: The Department of Health and Human Services has issued its largest HIPAA enforcement action to date, entering settlements totaling $4.8 million with two New York organizations tied to the same 2010 breach. The incident, which involved unsecured patient data on a network, affected about 6,800 patients. The settlements with New York-Presbyterian Hospital and Columbia University cite, among other factors, the lack of a risk analysis and failure to implement appropriate security policies.  

Wired: Researchers have uncovered Android-based malware that disables infected handsets until end users pay a hefty cash payment to settle trumped-up criminal charges involving the viewing of illegal pornography. To stoke maximum fear, Android-Trojan.Koler.A uses geolocation functions to tailor the warnings to whatever country a victim happens to reside in. The screenshot to the right invoking the FBI, for instance, is the notice that's displayed on infected phones connecting from a US-based IP address.