The website of a popular watch retailer is reportedly redirecting users that visit the site on Android-based devices to a number of malicious domains serving up premium rate SMS malware.

Users looking for “cracked” Android files are in danger of running into a site that is peddling apps that are more or less a ploy to garner advertising clicks from unsuspecting users. The site, getwapi.com, boasts a collection of free, yet crooked looking downloads for Android phones including audio apps, Java apps, wallpapers, games and more.

Rarely a day goes by without mention of a targeted attack against some government-related website, massive disruptions in online banking services, or critical vulnerabilities in specialized software running our power plants and water supplies. And all the while, IT and security organizations have thought little about fighting back. Their options were limited to better patching, more security hardware and new firewall rules. That dynamic is changing because the buzzwords active defense and hacking back are creeping into conversations between vendors and customers, IT managers and executives, executives and legal teams. 

Social networking sites such as Twitter and Facebook have become not just communication hubs, but also authentication mechanisms for third-party sites. Many sites and Web applications allow users to sign in with their Facebook or Twitter credentials rather than registering, which is a nice convenience. That is, until, it turns into a security liability. Security researcher Cesar Cerrudo recently discovered a bug in Twitter’s code that enabled third-party apps to access users’ private direct messages under some circumstances, even when users had not explicitly granted those apps that level of access.

With Skype expanding its reach with services designed for small businesses, and other messaging platforms such as Microsoft Windows Messenger shutting down, Skype is becoming an attractive target for malware writers.Reports surfaced last week of the Shylock financial malware spreading on Skype and yesterday, researchers reported the discovery of more malware propagating on Skype.  

A Canadian college student was expelled after reporting a vulnerability in the school’s Web site that potentially exposed private data on more than 250,000 students.The high-achieving computer science major, Hamed Al-Khabaz and another student, Ovidiu Mija, in November were developing a mobile app using Omnivox Web portal software when they discovered “sloppy coding” that could lead to a major data breach. Ominvox is used at hundreds of Canadian campuses, including theirs at Montreal’s Dawson College.

Early research from Symantec estimates that spammers behind a new type of Android malware may have already stolen “between 75,000 and 450,000 pieces of personal information” from Japanese users. While these numbers may be disparate it does suggest the malware, , has been successful since popping up a few weeks ago.