Government files High Court case.
The New Zealand Department of Internal Affairs has lodged a High Court case against Perth businessman Wayne Mansfield over an alleged email spam operation.
The department accuses Mansfield of using a number of email address lists to promote business and marketing seminars in New Zealand...

Given restricted access but retains job.
An IT employee behind a virtual currency mining operation at the Australian Broadcasting Corporation has been "closely supervised" since the incident, the broadcaster has revealed.

The worker, who had "high level IT access privileges" at the government-owned corporation, installed software on ABC servers in June last year in order to "mine" excess server capacity for the Bitcoin virtual currency...

AusCERT mulls civilian support for under-resourced police.
Under-resourced police could turn to civilian militia to help fight cybercrime, according to former Queensland University of Technology professor Bill Caelli.
Speaking to SC Magazine ahead of his presentation at the AusCERT conference last week, Caelli raised the notion as a means of using security professionals to assist authorities in fighting cybercrime...

Exams hosted in Canberra, AusCERT hears.
The Council of Registered Security Testers (CREST) could begin certifying web application penetration testers in Australia and New Zealand for the first time by November.
SC Magazine broke news of the formation of the Australian and New Zealand chapters of CREST when it launched in March this year...

Social engineering, faxes on the radar.
The Australian Taxation Office (ATO) has reported more than 4000 phishing attempts directing Australians users to fake sites for the government agency in the past year.
The department's chief information officer Bill Gibson told a parliamentary committee into online safety for seniors that his agency was often the subject of scams due to the community’s willingness to comply with requests from the ATO...

Personal data erased.
The ACT Government has offered schools the ability to lock down teacher and student smartphones and tablets while operating over the local network.

The no-holds-barred approach to personal devices would see security bypass methods such as jailbreaks, rooting and other disallowed security features banned while using local wi-fi and LAN networks...

Online fraud rates don't always justify the investment.
IT security projects at Australia's leading banks may not face high enough online fraud rates to justify their cost in pure return on investment (ROI) terms.
According to banking security specialist Jake Lambert, technical account manager at authentication vendor Vasco, Australia enjoys a relatively low level of online banking fraud compared with other advanced economies...

But it could have, Symantec says.
Symantec has slashed its own estimate for how much the Mac Flashback botnet was earning its controllers from US$10,000 a day to US$600. 

The security vendor’s previous claim about Flashback’s earning potential was based on a prior analysis of a Windows 32-bit ad-clicking trojan that netted 25,000 infections -- roughly five percent of the 600,000 Macs taken by Flashback -- that could generate its author up to US$450 a day...

AusCERT warned of global cyber arms race.
The 2009 Stuxnet attack on Iran's uranium enrichment facilities pitched governments in a race to stockpile security expertise, the AusCERT conference heard this week.
According to F-Secure's chief research officer, Mikko Hypponen, governments had ramped up use of defence contractors to increase their ability to attack foreign nations through software exploits...

Patches fix 23 vulnerabilities
Microsoft on Tuesday shipped seven patches to address 23 vulnerabilities, including fresh fixes for flaws that could enable the espionage trojan Duqu trojan to spread.
Three of the seven bulletins were rated "critical" by Microsoft, but all of the attention seemed squarely focused on one: MS12-034, a rather convoluted fix that remedies 10 issues in Windows, Office, Silverlight and the ...

How relevant are security certifications?
As its executive director, W. Hord Tipton may run the show at non-profit (ISC)2, which manages the security industry's flagship certification – the CISSP – but he knows no credential can serve as a silver bullet...

Microsoft's May Patch Tuesday update is now available, with seven security bulletins (three rated Critical) that deliver 23 fixes across Windows, Office, Silverlight, and the Microsoft .NET Framework.
At the top of the list is [url=http://technet...

‘March of Millions’ spills from streets to web.
Webcast outfits Ustream and Bambuser were knocked offline for hours Wednesday after massive distributed denial of services (DDoS) attacks hit ‘Russian opposition’ broadcasters on each platform...

Victims of mass hacking notified.
Twitter has attempted assure its users after reports circulated of 55,000 accounts being hacked and  login credentials publicly disclosed.

An anonymous hacker had published the laundry list of hacked accounts including Twitter usernames and passwords on five Pastebin entries...

Document verification service gets $7.5 million boost.
The Federal Government has injected its troubled National Document Verification Service with $7.5 million and will open the service to the private sector by year's end.
The budget allocation, to run to 2014, will also introduce a transaction fee that is designed to recoup $6...

OS X Lion users affected.
Passwords for Apple Mac FileVault are being stored in the clear due to a borked OS X security update issued in February.
The security hole affected OS X Lion users under specific conditions and could allow passwords for the local encryption software to be harvested...

Collects data on suspected protestors.
The Australian Federal Police (AFP) has renewed its outsourcing contract with a Melbourne firm that specialises in gathering intelligence on activist groups from social networks and the web.

The agency last month inked a one-year, $92,400 contract with the National Open Source Intelligence Centre (NOSIC), extending a string of direct-sourced contracts since 2002...

Microsoft boots security firm from partner program.
Microsoft has blamed a Chinese security firm for leaking Remote Desktop Protocol (RDP) exploit code that was patched in March.
Hangzhou DPTech Technologies Co, a specialist in firewalls and intrusion prevention systems, breached its non-disclosure contract with the Microsoft Active Protections Program (MAPP) by releasing the code...

Companies face financial penalties.
Organisations could face financial penalties for serious or repeated breaches of user privacy under proposed amendments to the Privacy Act set to be introduced into Parliament this month.

The amendments would also give the Privacy Commissioner Timothy Pilgrim increased powers to investigate and conduct regular privacy assessments of private sector companies...

Click-fraud scheme about the revenue.
The authors of the Flashback trojan that infected up to 650,000 Macs at its peak may have raked in up to US$10,000 a day, according to estimations released by Symantec.

The company based its calculation on an investigation into another click-fraud scheme last August, which found 25,000 compromised computers could generate revenues of up to US$450 a day...