In Syria’s cyberwar, the regime’s supporters have deployed a new weapon against opposition activists — computer viruses that spy on them. A U.S.-based antivirus software maker, which analyzed one of the viruses, said that it was recently written for a specific cyberespionage campaign and that it passes information it robs from computers to a server at a government-owned telecommunications company in Syria. Supporters of dictator Bashar al-Assad first steal the identities of opposition activists, then impersonate them in online chats. They gain the trust of other users, pass out Trojan horse viruses and encourage people to open them. Once on the victim’s computer, the malware sends information out to third parties. – http://us.cnn.com/2012/02/17/tech/web/computer-virus-syria/index.html

US legislators sent a letter to Apple CEO Tim Cook asking why the company does not require iOS developers to obtain permission from users before apps download users’ contacts. The inquiry follows close behind news that the Path app downloaded users’ address books without their permission. Apple has responded to the question with a promise to change that policy so apps requiring use of address book data request that information explicitly. http://news.cnet.com/8301-1009_3-57378450-83/lawmakers-ask-apple-to-explain-iphone-app-privacy-policies/ http://www.computerworld.com/s/article/9224292

Twitter has joined the growing list of companies caught storing user’s data without making it explicit. The company has admitted that it is storing the entire address books of users for 18 months, if they use the “Find Friends” feature on its iOS and Android clients. The function searches through your existing address book looking for matches on Twitter, but doesn’t make it clear that Twitter will be storing the data, or for how long. – http://www.theregister.co.uk/2012/02/15/twitter_stores_address_books/

The Anonymous collective has again targeted the Federal Trade Commission, this time bringing down seven websites belonging to the consumer protection agency. The hackers, in a Pastebin file posted Friday, said they targeted the FTC because it failed to take action on Google’s newly announced privacy policy, which resulted in the agency being sued by the Electronic Privacy Information Center. – http://www.scmagazine.com/anonymous-hacks-ftc-over-google-privacy-acta/article/228288/

Security vendor RSA has denied there is a flaw with the algorithm for its X.509 public-key certificates, arguing that any problems stem from poor implementation of the technology. The company issued its response to Swiss researchers who claimed a smaller number of RSA public encryption keys offered “no security at all”. RSA responded by saying that the “exploding” number of Internet-connected devices were to blame and that the researcher’s findings pointed out the importance of proper implementation, rather than it being a problem with the algorithm. “True random number generation underpins nearly all cryptographic algorithms and protocols, and must be performed with care to protect against the weakening of well-designed cryptography,” – http://www.techweekeurope.co.uk/news/rsa-denies-x-509-public-key-algorithm-weakness-is-a-flaw-61329

Only five per cent of enterprise security networks are free of security gaps, despite a combined annual spend of over $20bn. According to FireEye’s Advanced Threat Report for the second half of 2011, virtually all enterprises continue to be compromised by malware, with more than 95 per cent of them having malicious infections inside their network each week. It also claimed that almost 80 per cent of enterprises averaged an infection rate of more than 75 per week. Research from Kaspersky Lab this week revealed that more than half (62 per cent) of UK companies have been infected by malware. – http://www.scmagazineuk.com/fireeye-report-enterprise-networks-often-have-security-gaps/article/227645/

A new piece of Android malware, named Android.Bmaster, has infected hundreds of thousands of devices in China and is able to generate millions of dollars in annual revenues. The Android malware was uncovered on a third-party marketplace and is bundled with a legitimate application for configuring phone settings. The total number of infected Android devices connected to the botnet is estimated at hundreds of thousands, with 10,000 to 30,000 infected devices able to generate revenue on any given day. The botmaster has been operating since September last year. – http://www.infosecurity-magazine.com/view/23803/new-android-malware-bags-millions-in-revenues/

Apple’s FileVault disk encryption can be circumvented in less than an hour, using new software which can also unlock volumes encrypted using TrueCrypt, a disk encryption software that ranks alongside PGP as the choice of privacy-conscious computer users, human rights activists and others. http://www.theregister.co.uk/2012/02/03/apple_disc_crypto_broken/