Top 10 Stories

Threatpost: Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video website and hijacked users’ browsers in order to flood the site with traffic. The attack on the unnamed site involved the use of injected Javascript on the site which would execute in a user’s browser whenever he views a profile image that contains the Javascript. Once the code runs, it then...

Threatpost: Microsoft has announced this summer it will change the way it classifies adware by beginning to block unwanted and intrusive advertisements from users. New objective criteria drafted up by the company stipulates that by July 1 internet ads must have a visible close button and must clearly state who’s behind them, or they’ll be branded as adware. A blog post by Michael Johnson, a researcher at the company’s Malware Protection Center, described the changes in a...

IT News: Dutch authorities announced on Friday that the government had signed a multi-million deal with Microsoft to extend support for the discontinued Windows XP operating system, following on from the British who spent AUD$10 million to do the same. Dutch language publication Webwereld reported that the contract, which is worth millions of Euros, will extend support for XP into early next year.  

IT News: US law enforcement teams are jointly investigating a serious data breach involing a subsidiary of credit reporting firm Experian that exposed the social security numbers of some 200 million people to potential criminal activity. The focus of the multistate investigation will likely be on whether Experian and other parties followed laws requiring companies to properly secure consumer data and comply with breach disclosure rules.  

The Hacker News: An application layer or 'layer 7' distributed denial of service (DDoS) attacks is one of the most complicated web attack that disguised to look like legitimate traffic but targets specific areas of a website, making it even more difficult to detect and mitigate. Just Yesterday Cloud-based security service provider 'Incapsula' detected a unique application layer DDoS attack, carried out using traffic hijacking techniques. DDoS attack flooded one of their client with over 20 million GET requests,...

Wired: Barrett Brown, whose case became a cause célèbre after he was charged with crimes related to the Stratfor hack, has agreed to a plea deal with prosecutors, according to court filings. Prosecutors filed a motion this week in a Texas court agreeing to seal the plea agreement, which the court granted (.pdf). Brown’s attorney, Ahmed Ghappour, won’t discuss the matter, due to a court-ordered gag, but another document filed by the government this week...

  Threatpost: The list of threats on the Internet is long and getting longer each day. Cybercrime, nation-state attackers, cyber espionage and hacktivists all threaten the security and stability of the network and its users in one way or another. But the one threat that some experts have warned about for years and has never emerged is cyber terrorism, a former top U.S. intelligence official said. In the years after 9/11, as the Internet became...

SC Magazine:  A federal judge ruled that a class-action lawsuit, stemming from LinkedIn's 2012 password breach, could move forward based on claims that the company misrepresented its security practices. On Friday, Edward Davila, a U.S. District Court Judge in San Jose, Calif., denied (PDF) LinkedIn's motion to dismiss all of the claims made by one plaintiff.  

Gov Info Security: The new director of the National Security Agency, Navy Adm. Michael Rogers, says he accepts the challenge of regaining the trust of some Americans "who don't believe in us." At his swearing in ceremony April 3 as NSA director and commander of the U.S. Cyber Command, Rogers promised to "engage in a dialogue with the citizens of our nation about what we do and why we do it," according to the American...

CSO: A recently discovered variant of the Zeus banking Trojan was found to use a legitimate digital signature to avoid detection from Web browsers and anti-virus systems. Security vendor Comodo reported Thursday finding the variant 200 times while monitoring and analyzing data from users of its Internet security system. The variant includes the digital signature, a rootkit and a data-stealing malware component. Security vendor Comodo reported Thursday finding the variant 200 times while monitoring and...