Companies Unwilling to Disclose Financial Loss

Malware attacks and infections are up 50 percent from 2008 and losses are down, according to a Computer Security Institute report, but the industry organization says very few companies are willing to disclose dollar amounts. Read the full article. [Security Focus]

ID Thief Feels Bite of Prison Sentence

Michael A. Roseboro, a/k/a “Mike Ross,” a/k/a “Michael Johnson,” a/k/a
“Michael Smith,” was sentenced on November 25 to 116 months in prison
for his participation in a massive identity-theft and credit card fraud
scheme in which he targeted and stole the identities of at least 176
dentists. Read the full article. []

A consortium of cybersecurity researchers from MIT, Purdue and Carnegie Mellon was announced in Washington D.C. with the stated goal is to collaborate on cybersecurity research including 10 projects, one which is the development of an Internet-scale model on which to perform
constrained experiments not possible on the live Internet. Read the full article. [TechTarget]

Microsoft released data collected from an FTP-server
honeypot, showing that attempts to guess passwords continue to focus on
the low-hanging fruit: passwords with an average length of eight
characters, with “password” and “123456” being the most common. Read the full article. [Security Focus]

Nigel Parkinson, president of Parkinson Construction who built the D.C Convention Center and Nationals baseball stadium, fell victim to phony SSN email site that stole passwords, including those to the company’s bank account where money mules were used to steal funds. Read the full article. [Washington Post]

Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms.The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile.  During this process, a malware file gets planted on the user’s machine.

The Koobface botnet, one of the most efficient social engineering driven botnets, is entering the Xmas season with a newly introduced template spoofing a YouTube video page, in between enticing the visitor into installing a bogus Adobe Flash Player Update (New Koobface campaign spoofs Adobe’s Flash updater), which remains one of the most popular social engineering tactics used by the botnet masters. Read the full article. [ZDNet]

Whether Hannaford Bros. customers may recover damages for the time and
trouble it took them to straighten out their bank or credit card
accounts after the Scarborough-based firm’s computer system was
breached in late 2007 and early 2008 now is up to the Maine Supreme
Judicial Court. Read the full article. [Bangor Daily News]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.