The latest phishing activity and trends report released by the Anti-Phishing Working Group has highlighted the fact that cybercriminals do not view summer as a holiday period. The report for the month of August has shown a rise in the number of unique phishing reports received by the group, although the number of actual malicious sites has dropped from a staggering 14,191 to a more “usual” 10,091, roughly the same as in June and more or less in the same trend as in the last eight months. The number of brands hijacked by cybercriminals in their phishing activity has also remained at roughly the high levels set in July, with 148 brands copied by phishers, compared to the 154 of July. (more…)

After September’s update that only contained four patches, Microsoft has returned to the routine of “Big Patch Tuesdays”, with it’s October security instalment containing ten security advisories of which six are rated critical. In the ten patches provided Microsoft fixes a record twenty-six vulnerabilities, of which nineteen are critical in nature and could be exploited remotely. IT manager might be happy to know that initially Microsoft was planning to release a total of eleven patches, but one of them did not pass quality control testing and was held back. However, the job of installing more than two-dozen fixes is going to be challenging for any IT professional running a large network. (more…)

As is typical with information surrounding Patch Tuesday releases, Microsoft did not specify the nature of the dropped patch. (more…)

The anti-spam group Spamhaus Project warned that more junk e-mail could be on the way as it prepares to lose its domain name thanks to a company it has accused of sending spam.

Executives at the U.K.-based Spamhaus Project said Monday they expect a federal judge in Chicago will soon sign an order that would suspend the domain spamhaus.org because the U.K.-based group has refused to recognize the U.S. court and comply with a $11.7 million judgment. (more…)

‘Which?’ consumer group criticized Tesco this Thursday for letting scammers get away with it at self-service checkouts in some 200 stores belonging to the supermarket chain in Britain. The problem is down to the fact that Tesco has not yet made these tills compatible with chip-and-pin technology. This makes it possible for thieves to use stolen cards when paying for goods without entering a PIN or even signing the receipt. (more…)

The US wants Russia to know that it’s really, truly, absolutely serious like a heart attack about putting an end to AllOfMP3.com. How else to explain the recent raft of references (try saying that three times fast) to the site by the highest trade officials in the US government?

US Trade Representative Susan Schwab yesterday told reporters, “I have a hard time imagining Russia becoming a member of the WTO and having a Web site like that up and running that is so clearly a violation of everyone’s intellectual property rights.” (more…)

A court in the Saratov region of Russia has sentenced three cybercriminals to eight years in jail each for a spree of extortion attacks in 2003. The three hackers managed to steal up to $4 million from UK companies by means of blackmail. All three men pleaded guilty and faced up to fifteen years jail time for extortion and the use of malicious computer programs. (more…)

Researchers have detected a potentially serious flaw in the way that Mozilla’s Firefox browser handles Javascript.

Two independant researchers outlined the vulnerability in a presentation over the weekend at the ToorCon hacker conference. The duo claimed that the vulnerability could allow attackers to take over control of a system through a specially crafted web page. (more…)