Top 10 Stories

Help Net Security - Last week, Kaspersky Lab released their research (Unveiling Careto - The Masked APT) on a fresh APT campaign, which is supposed to had been running for several years. A researcher from AlienVault gives Yara rules to help detect.

Softpedia - Forbes has published a detailed timeline of the hack attack launched by the Syrian Electronic Army against the company. A member of the Syrian hacktivist group has also provided additional details on the operation.

SC Magazine UK - With 6.8 million compromised records costing an average loss of $136 (£82) per record, potential costs of the Target breach are some US$925 million...and may exceed a billion US dollars.

Verizon - The only report of its kind, the Verizon 2014 PCI Compliance Report uses data and insights drawn directly from assessments we’ve conducted for global enterprises across a variety of industries. Whatever your industry and wherever you operate, PCI compliance matters to you. Yet our results indicate that nearly nine out of 10 companies failed their PCI DSS baseline assessment. Learn from their pitfalls—and more—to better protect cardholder data.

Graham Cluley - Adobe Flash users are once again being told they need to update their software, after a new zero-day exploit was discovered. The critical security flaw in Adobe Flash Player was uncovered after hackers targeted visitors to a number of different foreign and economic policy websites dealing with matters of US national security.

Infosecurity Magazine: Microsoft Pays Another $100K Bug Bounty Microsoft has paid out its second $100,000 bug bounty since launching its reward program in mid-2013. The award brings total payouts for the program to $253,000 in under a year. The latest recipient is Yu Yang, a researcher with NSFOCUS Security Labs. He won the Mitigation Bypass bounty, which pays up to $100,000 for qualifying submissions from security researchers who discover “truly novel exploitation techniques” against protections built into...

Infosecurity Magazine: Zeus Trojan Now Hiding in Plain Sight – Using Pictures A new variant of the notorious Zeus banking trojan is making the rounds, with a new approach that uses steganography, a technique that allows it to disguise data inside of an existing file without damaging it. Dubbed ZeusVM, this particular offshoot uses images as a decoy to retrieve its configuration file, a vital piece for its proper operation. As Malwarebytes researcher Jerome Segura...

Technet: Microsoft Releases Security Advisory 2934088 Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click...

USA News: Iranian Hackers Are Becoming More Advanced Breach of U.S. Navy data shows increasingly tech-savvy, aggressive Iran. Iran’s hack of the U.S. Navy Marine Corps Intranet in 2013 lasted longer than previously reported by officials, indicating the Middle Eastern nation’s years of cybersecurity development have made it a digital force to be reckoned with. The hack of the nonclassified network that U.S. officials say was conducted by Iran was first reported in September, but...

Washington Post: U-Md. computer security attack exposes 300,000 records More than 300,000 personal records for faculty, staff and students who have received identification cards at the University of Maryland were compromised in a computer security breach this week, school officials said. The breach occurred about 4 a.m. Tuesday, when an outside source gained access to a secure records database that holds information dating to 1998. Brian Voss, vice president and chief information officer at U-Md., said officials think...