Security researchers from AlienVault Labs have intercepted a currently circulating targeted malware attack aimed at Tibetan activist organizations.

The Consortium, a new hacktivist group, has introduced itself to the world by hacking the porn site Digital Playground. Everything, including credit card information, was stored in plain text.

Stuxnet showed, for the first time, that a cyber attack could cause significant physical damage to a facility. Does this mean that future malware, modeled on Stuxnet, could target other critical infrastructure — such as nuclear power plants or water systems?

All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Mozilla rates this a “critical” vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

M86Security’s newly released report “Security Labs Report - July – December 2011 Recap”, details some of the most commonly observed Web exploits currently in the wild.

An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service.

Gabe Newell, co-founder of Valve, posted a bulletin on Steam letting users know that hackers gained access to a database containing sensitive information. Read his announcement here.

The Laboratory of Cryptography and System Security (CrySyS) in Hungary has released an open-source toolkit that can find traces of Duqu infections on computer networks.

Researchers from CSIS have monitored 50 different exploit kits, and found out that 31.3 % of users were infected with the virus/malware due to missing security updates.