Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.

VULNERABILITIES

Microsoft Refutes Windows Vista Vulnerability Report
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207603257

Denial of service holes in Cisco products
http://www.heise-online.co.uk/security/Denial-of-service-holes-in-Cisco-products–/news/110736
http://www.scmagazine.com/uk/news/article/809478/cisco-warns-ip-telephony-flaws/

Privilege escalation through driver bug in Windows
http://www.heise-online.co.uk/security/Privilege-escalation-through-driver-bug-in-Windows–/news/110728

Facebook safeguards ignore enterprise users
http://www.vnunet.com/vnunet/news/2216707/facebook-safeguards-ignore

More Asian companies want code tested
http://www.zdnetasia.com/news/security/0,39044215,62041217,00.htm

PATCHES

Microsoft Patch Tuesday: Six Vulnerabilities Fixed In Four Bulletins
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207603294
http://www.heise.de/english/newsticker/news/107858
http://www.zdnetasia.com/news/security/0,39044215,62041306,00.htm
http://www.scmagazine.com/uk/news/article/809101/microsoft-releases-three-critical-bulletins-patch-tuesday/

Debian fixes serious crypto bug
http://www.theregister.co.uk/2008/05/13/debian_openssl_bug/

Upgraders to XP SP3 warned over IE downgrades
http://www.zdnetasia.com/news/security/0,39044215,62041200,00.htm

COMPUTER VIRUSES, WORMS & TROJANS

DVD smut malware blights US forces in Iraq
http://www.theregister.co.uk/2008/05/12/dvd_smut_malware_hits_army/

Shape-shifting malware hits the web
http://www.vnunet.com/vnunet/news/2216675/shape-shifting-malware-hits-web

EXPLOITS & ACTIVE ATTACKS

Brute-Force SSH Server Attacks Surge
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207603339
http://www.scmagazine.com/uk/news/article/809222/brute-force-ssh-attacks-surge/

Botnet sics zombie soldiers on gimpy websites
http://www.theregister.co.uk/2008/05/14/asprox_attacks_websites/

Another mass attack on websites
http://www.heise.de/english/newsticker/news/107857

Hackers Find a New Place to Hide Rootkits
http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html

GOVERNMENT SECURITY ISSUES

NATO members set up Cyber Defence Centre
http://news.bbc.co.uk/2/hi/europe/7401260.stm
http://www.heise-online.co.uk/security/NATO-members-set-up-Cyber-Defence-Centre–/news/110738
http://news.smh.com.au/technology/nato-launches-cyber-defence-centre-in-estonia-20080515-2ef3.html

European Commission seeks security genius
http://www.scmagazine.com/uk/news/article/808964/european-commission-seeks-security-genius/

Air Force Colonel Wants to Build a Military Botnet
http://blog.wired.com/27bstroke6/2008/05/air-force-col-w.html
http://blog.wired.com/defense/2008/05/air-force-mater.html
http://news.smh.com.au/technology/colonel-suggests-using-hackers-tool-against-them-20080515-2el0.html

MoD fights data losses with encryption
http://www.silicon.com/publicsector/0,3800010403,39214543,00.htm
http://www.vnunet.com/computing/news/2216316/encryption-software-protect-mod

F.B.I. Says the Military Had Bogus Computer Gear
http://www.theregister.co.uk/2008/05/09/fbi_counterfeit_kit_probe/
http://www.nytimes.com/2008/05/09/technology/09cisco.html?_r=2&adxnnl=1&oref=slogin&ref=technology&adxnnlx=1210594119-OMauZ7uwSY4iw7q4PYQu4A

SPAM, PHISHING & ONLINE SCAMS

Identity fraud hits net telephony
http://news.bbc.co.uk/2/hi/technology/7398676.stm

Spammers open new front on social networking sites
http://www.theregister.co.uk/2008/05/14/social_network_spam/

Phishing Campaign Targets Tax Rebate Checks
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207601673

Google Mail can distribute spam
http://www.heise-online.co.uk/security/Google-Mail-can-distribute-spam–/news/110709
http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html

Spammers fill up on petrol scam
http://www.vnunet.com/vnunet/news/2216339/spammers-fill-gas-scam

PIRACY & COPYRIGHT

Software Piracy On The Rise, Study Finds
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207800168
http://news.smh.com.au/technology/software-piracy-increases-in-asiapacific-industry-group-20080515-2een.html

UK software piracy rate declines
http://news.bbc.co.uk/2/hi/technology/7400260.stm

DATALOSS/INFORMATION SECURITY BREACHES

Classified Hong Kong “watch-list” leaked on internet
http://www.topnews.in/classified-hong-kong-watch-list-leaked-internet-240641

DU Students, Alums Warned Of Security Breach
http://www.nbc5.com/news/16205384/detail.html

Hackers take down Zimbabwean state-owned newspaper
http://www.scmagazine.com/uk/news/article/808870/hackers-down-zimbabwean-state-owned-newspaper/

OSU admits computer security breach
http://newsok.com/osu-admits-computer-security-breach/article/3243594/?tm=1210801442

Multiple Chilean government and utilties servers breached
http://www.heise-online.co.uk/security/Multiple-Chilean-government-and-utilties-servers-breached–/news/110706
http://news.bbc.co.uk/1/hi/world/americas/7395295.stm
http://news.smh.com.au/hacker-splashes-data-from-six-million-chileans-on-internet-report/20080512-2d79.html
http://www.nzherald.co.nz/feature/story.cfm?c_id=1501832&objectid=10509564

Computer server with client data missing at HSBC Hong Kong
http://rss.xinhuanet.com/newsc/english/2008-05/08/content_8126223.htm
http://www.zdnetasia.com/news/security/0,39044215,62041175,00.htm

Classified Hong Kong “watch-list” leaked on internet
http://www.topnews.in/classified-hong-kong-watch-list-leaked-internet-240641

DWP sending sensitive data with passwords
http://www.computing.co.uk/computing/news/2216315/dwp-sending-sensitive-passwords
http://www.vnunet.com/vnunet/news/2216356/pension-details-leaked-latest

Financial watchdog’s laptop computer stolen from hotel
http://www.independent.ie/business/irish/financial-watchdogs-laptop-computer-stolen-from-hotel-1372336.html

Some Students, Parents Defend New Trier Hacker
http://www.wbbm780.com/pages/2150588.php
http://www.signonsandiego.com/news/business/20080507-9999-1b7saic.html

Park National vendor loses laptop with employees’ personal info
http://www.bizjournals.com/columbus/stories/2008/05/12/tidbits1.html

Photobucket Requests Password Change After Security Issue
http://www.appscout.com/2008/05/photobucket_asks_users_to_chan.php

NBC 4 Investigates Stolen State-Owned Computers
http://www.nbc4i.com/midwest/cmh/news.apx.-content-articles-CMH-2008-05-14-0008.html

Customer data on stolen laptop
http://calsun.canoe.ca/News/Alberta/2008/05/14/5560321-sun.html

ARRESTS, SENTENCING & CONVICTIONS

Five IRS Employees Charged With Snooping on Tax Returns
http://blog.wired.com/27bstroke6/2008/05/five-irs-employ.html

More tied to UCLA snooping
http://www.latimes.com/business/careers/work/la-me-ucla13-2008may13,0,4998130.story
http://www.dailybruin.ucla.edu/news/2008/may/14/13-more-involved-file-breach/

TJX credit card heist suspect, 2 others, accused of new scam
http://www.theregister.co.uk/2008/05/13/trio_accused_in_carding_scam/

Feds nab modern-day Bonnie and Clyde
http://www.theregister.co.uk/2008/05/15/aggravated_identity_theft_charges/
http://www.foxnews.com/story/0,2933,355103,00.html

Mac thief caught on webcam
http://www.smh.com.au/news/technology/mac-thief-caught-on-webcam/2008/05/12/1210444306538.html
http://www.theregister.co.uk/2008/05/12/macbook_betrays_burglars/
http://www.vnunet.com/vnunet/news/2216352/mac-app-catches-crooks

COURT CASES AND LEGAL ISSUES

MySpace wins US$230M in spam suit
http://www.zdnetasia.com/news/security/0,39044215,62041322,00.htm
http://www.theregister.co.uk/2008/05/14/myspace_spam_ruling/
http://www.siliconrepublic.com/news/news.nv?storyid=single11014
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10510354

INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES

Banks agree to TJX breach settlement with Mastercard
http://www.iii.co.uk/news/?type=afxnews&articleid=6711624&action=article

TJX Earnings Suggest that Data Security Doesn’t Worry Consumers
http://blogs.wsj.com/biztech/2008/05/13/tjx-earnings-suggest-that-data–security-doesnt-worry-consumers/?mod=WSJBlog

Draft guidance for securing servers
http://www.gcn.com/online/vol1_no1/46239-1.html

IT body wants internet ‘snoop’ safeguards
http://www.smh.com.au/news/security/it-body-wants-internet-snoop-safeguards/2008/05/12/1210444311183.html

ICO warns of ‘substantial’ fines for data breaches
http://www.vnunet.com/vnunet/news/2216374/fines-data-protection-breaches
http://www.silicon.com/publicsector/0,3800010403,39216158,00.htm

DATA PRIVACY & PROTECTION

Outrage in UK over staff blacklisting database
http://www.siliconrepublic.com/news/news.nv?storyid=single10979

REPORTS & RESEARCH

Researchers dig into x86 chips for stealthier rootkits
http://www.theregister.co.uk/2008/05/12/smm_rootkits/

STUDIES AND SURVEYS

Study finds Vista more vulnerable than Windows 2000
http://www.heise.de/english/newsticker/news/107855

IT students not being educated on security
http://www.computing.co.uk/computing/news/2216373/students-educated-security

One in four data breaches involves schools
http://www.eschoolnews.com/news/top-news/?i=53791;_hbguid=2e98092b-4de1-4167-baed-62da478722f4&d=top-news

SMEs fear their own networks
http://www.vnunet.com/vnunet/news/2216263/smes-fear-own-networks

MISC

Checkpoint guards against web-borne malware
http://www.scmagazine.com/uk/news/article/809232/checkpoint-guards-against-web-borne-malware/

Security Flaws Exposed at Nuke Lab
http://www.time.com/time/nation/article/0,8599,1739535,00.html

Microsoft Cofee brews ‘back door’ fears
http://www.vnunet.com/vnunet/news/2216290/microsoft-cofee-brews-back-door

Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.