Shaun Nichols ( V3.co.uk - May 23, 2013 )
Apple is asking Windows users to update their copies of QuickTime following the release of a patch for multiple security vulnerabilities. The QuickTime 7.7.4 update contains fixes for a dozen different CVE-classified security problems. If exploited, the flaws could allow an attacker to remotely install malware on a targeted system. Among the updates are fixes for remote code execution vulnerabilities in the handling of movie files. The flaws could allow an attacker to use a specially-crafted movie file to target a memory error which would lead the application to crash and potentially allow an attacker to install malware.

Staff( Bournemouth Echo - May 23, 2013 )
HUNDREDS of sports centre users may have had their bank details stolen by computer hackers. More than 1,400 people who booked sessions online have been contacted by New Forest District Council following the discovery that someone has hacked into its website. They have been warned that their names, telephone numbers and e-mail addresses could have been accessed. Potential victims of the security breach include 240 people who also paid online and have been told that their credit and debit card details may have fallen into the wrong hands.

Shaun Nichols ( V3.co.uk - May 23, 2013 )
Twitter is moving to improve the security of its microblogging service with the introduction of two-factor authentication, finally meeting the demands of users of the site after endless hacks on accounts over the last few months. The company said that the new feature will allow users to connect their Twitter accounts with a mobile phone number which will be used to verify logins. When the user attempts to log in to their account, they will be asked to provide a randomly-generated code which will be sent via SMS.

Alastair Stevenson( V3.co.uk - May 22, 2013 )
Cybercrooks running the Apache Darkleech JavaScript attacks have become more tenacious, infecting hundreds more websites, according to security firm Zscaler. The security firm reported a marked increase in the number of websites falling victim to the Darkleech attack on Wednesday, warning that many of them are hosted in the UK. Zscaler’s Krishnan Subramanian wrote: “The Apache Darkleech attack has been in the news for quite some time now. The first compromise that we identified in our transactions dates back to mid-March. This Darkleech exploit (aka Linux.Cdorked) injects malicious redirections into a website that leads to a Blackhole exploit kit (BEK) landing page.

Bruce Schneier( Schneier on Security - May 22, 2013 )
For a while now, I have been thinking about what civil disobedience looks like in the Internet Age. Certainly DDOS attacks, and politically motivated hacking in general, is a part of that. This is one of the reasons I found Molly Sauter’s recent thesis, “Distributed Denial of Service Actions and the Challenge of Civil Disobedience on the Internet,” so interesting: This thesis examines the history, development, theory, and practice of distributed denial of service actions as a tactic of political activism. DDOS actions have been used in online political activism since the early 1990s, though the tactic has recently attracted significant public attention with the actions of Anonymous and Operation Payback in December 2010.

Ellen Nakashima( The Age - May 21, 2013 )
Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about US surveillance targets, according to current and former American officials. The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the US who may have been under surveillance by American law enforcement agencies.

Majorie Grace-Sayers( Flickr - May 21, 2013 )
The cybercriminal gang behind a dangerous ransomware attack, which locks victims out of their computer systems and scams them by demanding cash to fix the problem, has added password-stealing functionality to the malware, according to Microsoft researchers that have documented some of the latest attacks. Reveton, a popular ransomware campaign behind the Citadel banking Trojan, has been increasingly detected in infections globally. Reveton is included in a number of automated attack toolkits, including the popular Black Hole toolkit, said Stefan Sellmer, a researcher with Microsoft’s Malware Protection Center. In his analysis of the attack, Sellmer wrote that the Reveton authors are using password-stealing Trojans to monetize the threat when victims fail to pay the ransom.