The RSA FraudAction Research Lab has published the results of its findings based on its tracking and research of the Sinowal Trojan, also known as Torpig and Mebroot. The data collected during almost three years indicate that this may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters.

Among the main insecurities scammers face while embedding an ATM skimmer, is the retrieval process of the device that is now containing the credit card details of several hundred people depending on the volume of transactions that occurred while the device was in place. How are then scammers going to minimize the risk of getting caught without having to come back at the crime scene?

October is Cyber Security Awareness Month and this year the SANS Internet Storm Center is going to focus on incident handling areas.

SANS Institute presents a template of Security Policy for the use of handheld devices in corporate environments.

The third final version of BackTrack has been released two days ago.

Today many Russian websites report in their news about a strange virus that steals or damages ICQ passwords. They say, a new user 12111 appears in ICQ contacts, and “infected” users should immediately remove it, change their password and re-start ICQ.

Bruce Schneier’s response to the Stop Gpcode international initiative announced by Kaspersky Lab on June, 9: “What are they smoking at Kaspersky? We’ve never factored a 1024-bit number — at least, not outside any secret government agency — and it’s likely to require a lot more than 15 million computer years of work.”

ICANN SSAC (Security and Stability Advisory Committee) has published an advisory SAC 028 “Registrar Impersonation Phishing Attacks”.

Ed Skoudis describes some of built-in Windows commands. They can be useful to determine if a system has been hacked.

Nmap, Nessus, Metasploit Framework, Wireshark and KisMAC are featured in yesterday’s Computerworld article.