Companies Unwilling to Disclose Financial Loss

Malware attacks and infections are up 50 percent from 2008 and losses are down, according to a Computer Security Institute report, but the industry organization says very few companies are willing to disclose dollar amounts. Read the full article. [Security Focus]

ID Thief Feels Bite of Prison Sentence

Michael A. Roseboro, a/k/a “Mike Ross,” a/k/a “Michael Johnson,” a/k/a
“Michael Smith,” was sentenced on November 25 to 116 months in prison
for his participation in a massive identity-theft and credit card fraud
scheme in which he targeted and stole the identities of at least 176
dentists. Read the full article. []

A consortium of cybersecurity researchers from MIT, Purdue and Carnegie Mellon was announced in Washington D.C. with the stated goal is to collaborate on cybersecurity research including 10 projects, one which is the development of an Internet-scale model on which to perform
constrained experiments not possible on the live Internet. Read the full article. [TechTarget]

Microsoft released data collected from an FTP-server
honeypot, showing that attempts to guess passwords continue to focus on
the low-hanging fruit: passwords with an average length of eight
characters, with “password” and “123456” being the most common. Read the full article. [Security Focus]

Nigel Parkinson, president of Parkinson Construction who built the D.C Convention Center and Nationals baseball stadium, fell victim to phony SSN email site that stole passwords, including those to the company’s bank account where money mules were used to steal funds. Read the full article. [Washington Post]

Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms.The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile.  During this process, a malware file gets planted on the user’s machine.

By Nick Selby (Managing Director,
Trident Risk Management)

Vulnerability assessment vendor Rapid7
has announced the first of a series of steps to integrate its
penetration testing and vulnerability assessment scanning products. The
first step is a module that allows users of the Metasploit Framework,
which Rapid7 acquired in October to natively import NeXpose scanner results and then take automated action against vulnerabilities MSF is capable of attacking.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.