Sony seem to be having a tough year, earlier in the year they had an unprecedented series of compromises of their networks which resulted in many of their public offerings being taken offline until they fixed things. Yesterday they announced that they had detected the compromise of 93000 customer accounts.

In the past few weeks a Chinese security company blogged about a new piece of malware, nothing special there you cry, well this is a little special. It is a piece of malware that is able to rootkit the BIOS of targeted machines.

In another blow to the already shaky reputation of the Internet's certification architecture, Diginotar, a Dutch certification authority (CA) recently suffered a catastrophic security breach that led to them issuing a number of bogus certificates. Initially it seemed that the result was a bogus certificate for google.com, but later revelations uncovered over 300 bogus certificates were generated and used in anger.

A turkish hacker group managed to compromise the DNS for a number of major sites over the weekend and alter the DNS information to have it point the sites at a system they controlled to so their defacement message.

Earlier in the week someone posted a Perl script named 'Apache Killer' to the Full Disclosure Mailing list. The script credited to Kingcope basically exploits a vulnerability in the way httpd handles multiple overlapping ranges and leads to system memory exhaustion and this Denial of Service.

China is often blamed for launching cyber-attacks and their capabilities have been known for over a decade. However, definite proof has been hard to come by, until is seems now.

In response to BART’s shutdown of cell phone service Thursday, Anonymous has taken to the Internet and begun #opBART and #opMuBARTek to perform attacks on BART infrastructure on the Internet in protest of the action.

In the United Kingdom there hasn't been a good security conference for quite a few years, not really since the short run of Access All Areas in the 90s. This is about to change with the new conference that will kick off for the first time at the end of August called 44Con.

SpyEye is currently the most advanced and dangerous malware kit today, has been incorporating functionality of the Zeus malware builder kit since early 2011. This 'crimeware' has been sold by developers for up to $6000 USD and this week Steven K, author of a blog called Xylibox released detailed instructions on how to patch the SpyEye Builder version 1.3.x bypassing licensing checks.

It seems Microsoft have re-released the security update for MS11-043 after stability issues have reared their ugly head.