Ryan Naraine

From DarkReading (Tim Wilson)
Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves [darkreading.com] from insider threats, according to two new analyst reports.
Although 88 percent of the respondents to a Forrester Research study said they consider data security a “challenging issue,” some 40 percent of respondents said they had no interest in, no plans for, or no knowledge of emerging tools for information leak protection.  Read the full story [darkreading.com]  See related story from Matt Hines [eweek.com]

From CIO (Robert McMillan)
Corporate IT staffers will get a double whammy next week, as both Microsoft and Oracle are set to release critical security updates [cio.com] on the same day, including a likely fix for an Excel bug that has been used by cybercriminals.
This month, Oracle’s quarterly software fixes and Microsoft’s monthly patches happen to fall on the same day, next Tuesday. For Windows users, there will be a lot to patch. Microsoft plans to release eight updates in total [microsoft.com]: Five of them are for Windows, with a single update each for Internet Explorer, Excel and Microsoft’s Internet Security and Acceleration (ISA) server. Read the full story.  More from ZDNet Zero Day [zdnet.com]

The Conficker botnet has started to use its peer-to-peer communication system to update itself and download scareware (fake anti-virus programs) to millions of infected Windows machines, according to malware hunters tracking the threat.
The latest Conficker mutant comes a week after a heavily-hyped April 1st activation date and provides the first sign of the motivation behind this malware threat — financially motivated cybercrime.

From ZDNet (Dancho Danchev)
The official web site of Paul McCartney (paulmccartney.com) has been compromised, and is serving live exploits to its visitors [zdnet.com].
According to Mary Landesman [scansafe.com], the compromise might have occurred through stolen FTP accounting data, taking into consideration the fact that the campaign is also present at several different flat HTML only web sites.  Read the full story [zdnet.com]

Security researchers at Kaspersky Lab (our corporate sponsor) are warning about a new potentially unwanted program [viruslist.com] targeting Symbian-based smart phones.
The program, called iPornPlayer (screenshot at right), promises sexually-explicit content on handsets but there’s a hefty price attached because it calls international premium rate numbers. 
Read the full story [viruslist.com]

From Washington Post (Brian Krebs)
Web site host and domain name registrar Register.com has been the target of a sustained attack this week [washingtonpost.com], disrupting service for thousands of customers. The attacks began on Wednesday, causing a three-hour outage for many Web sites that rely on the company for hosting and/or use the company’s domain name system (DNS) servers, said Roni Jacobson, executive vice president at Register.com.
Read the full story [washingtonpost.com]

From Computerworld (Gregg Keizer)

An old, but little-known worm has copied some of the infection strategies of Conficker [computerworld.com], the worm that raised a ruckus last week, Microsoft security researchers said late Friday.

Neeris, which harks to May 2005, is now exploiting the same Windows bug that Conficker put to good use, and is spreading through flash drives, another Conficker characteristic, said Ziv Mador and Aaron Putnam, researchers with the Microsoft Malware Protection Center. Read the full story [computerworld.com]