By Andrew Storms

Every month, like clockwork, Microsoft releases security bulletins and every month people ask me if it's small or a big release. While the exact details of the patches are generally treated as news, the expected workload each month really shouldn't be a guessing game because Microsoft's patch releases are predictably cyclical.

The Public Interest Registry will add an extra layer of security known as DNS Security Extensions (DNSSEC) to the .org domain in June -- a move that will protect millions of non-profit organizations and their donors from hacking attacks known as cache poisoning. Read the full article. [Network World]

The March issue of Information Security magazine is out this week. The cover story is a look at how security information management systems need to evolve, in particular by integrating identity management with SIM in order to tie policy violations to user activity. Also, expert Andrew Jaquith writes about how to measure meaningful information security metrics. Finally, editor Marcia Savage takes on the HITECH Act's impact on HIPAA and how health care organizations must up their security game. Download the issue here [PDF]

Dennis Fisher talks with Marc Maiffret of FireEye at RSA Conference 2010 about the lack of sophistication in the Aurora attack and the state of malware attacks on the Web.

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Read the full article. [Wired]

The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came after their ISP found a new upstream provider to provide connectivity to the outside world, autonomous system records showed. Read the full article. [The Register]

A network frequently used for malware delivery was shut down Wednesday night, probably against the will of its operators. Troyak.org, an Internet service provider well-known for serving Zeus botnets and other malware delivery methods, went dark overnight, resulting in the shutdown of as many as 25 percent of the world's Zeus botnets, according to researchers. Read the full article. [Dark Reading]

New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit offers a $10,000 module that can let attackers completely take control of a compromised PC. Read the full article. [Network World]

Apple has shipped a new version of its Safari browser to plug multiple serious security vulnerabilities.

The Safari 4.0.5 update, available for Mac OS X and Windows, fixes flaws that could lead to remote code execution if a user is tricked into surfing to a maliciously rigged Web site.

Digital Underground podcast with Dennis Fisher

Dennis Fisher talks with security researcher Robert “Rsnake” Hansen about how online privacy became such a mess, Google’s effect on personal privacy and the virtual impossibility of using the Internet without using Google’s services.