Malware

The number of vulnerabilities in the average Web site is actually decreasing, one of the more surprising findings in an annual study done by WhiteHat Security.

The FBI is the country’s top police unit, charged with tackling the biggest problems facing its citizens. Cybercrime, by just about any measure, would fall somewhere near the top of that list of problems.The FBI historically has been ineffective and at times indifferent to all of this. However, there are signs–including the major carder takedown yesterday–that the bureau might just be finding its feet in the fight against malware gangs, botnet operators, carders and other assorted bad guys.

Zemra, a new crimeware bot that shares traits with the banking Trojans Zeus and SpyEye has been making the rounds lately, according to a recent post on Symantec’s Security Response blog.

By Wade WilliamsonFor years enterprises have been trying to control peer-to-peer (P2P) technologies inside their networks, and for good reason. The efficiency with which P2P technology move large files have made P2P networks key enablers of the Internet grey market by acting as the distribution mechanism of choice for pirated movies, music or applications. Aside from P2P being a source for pirated content, they are also a significant enabler of malware as both an infection vector and a command-and-control (C2) channel. These security risks have made controlling P2P traffic a priority for many security teams.

A recent fraud ring through which attackers raided high-value bank accounts, nicknamed Operation High Roller (.PDF), employed attacks that were quick, required no human interaction and have already affected several tiers of credit unions, regional banks and large global banks, over the last several months.

UPDATE: The U.S. Federal Trade Commission has fined Wyndham Hotels for a string of data breaches that resulted in information on hundreds of thousands of customers being lost to cyber criminals.

The U.S. Commodity Futures Trading Commission (CFTC), an independent federal agency that helps regulate futures and option markets, was hit with a data breach last month according to an e-mail statement from the Commission that circulated online late last week.