One of the things that is generally assumed about IT security is that the bad guys are making use of some massive amount of IT infrastructure they invested in to send malware. In reality, a report from Agari, a provider of an anti-phishing cloud security service, suggests that real primary source of all that malware out there is systems that have been compromised.

Back in the Dark Ages marauders would routinely raid various principalities and carry off everything that wasn’t nailed down. Acting either independently or under the auspices of one warlord or another, these raiders pretty much acted with impunity. Fast forward to 2012 and it’s a wonder how little progress has been made stopping “digital” raids in these more modern times.

A member of the infamous Anonymous-LulzSec hacker groups, Hector Monsegur, known as Sabu, appears to be the primary snitch in the arrest of five other members of LulzSec announced by the FBI  this week.

The Wall Street Journal is reporting the director of the National Security Agency, Gen. Keith Alexander, is warning of potential attacks by Anonymous on the U.S. power grid sometime in the next 12 to 18 months, according to sources attending private meetings at the White House.

As if it wasn’t bad enough that hackers are scamming QuickBooks users right in the heart of tax season, Intuit’s cure may be worse than the original scam: This week Intuit issued an alert to QuickBooks users warning of a “fake e-mail,” but then sent users to a site that itself is infected with malware.

Anonymous has struck again in one of its most outrageous and daring hacks ever -- the loose-knit group of worldwide hackers became participants in a cross-country, cross-Atlantic conference call between branches of the FBI and Scotland Yard.

FBI Director Robert Mueller told the U.S. House Permanent Select Committee on Intelligence this week that cyberthreats will equal or surpass the threat from counterterrorism in the relatively near future.

In yet another dangerous escalation of hackers sabotaging infrastructure, an alleged attack from overseas disrupted service on three unnamed Pacific Northwest railway lines. In the attack, the hackers managed to change railway signals, causing short delays in schedules.

In what may be the equivalent in boxing of hitting a man after the bell has rung, Anonymous is threatening to hit Sony hard Jan. 23, 2012, for its support of the Stop Online Piracy Act (SOPA) -- this despite SOPA's apparent momentum loss.

While gamers complain Microsoft is refusing to take the blame for hacked xBox Live profiles.

Online shoe retailer Zappos, following a hack attack that has apparently stolen the names, e-mail addresses, bill-to and ship-to addresses, phone numbers, last four digits of credit cards used on the site and “cryptographically scrambled” passwords, is advising its huge base of 24 million change their passwords.

Symantec has confirmed hackers have stolen source code for two of Symantec’s antivirus products for business, Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2.

Gathering intelligence is a lot like creating a mosaic: The best intelligence is developed by accumulating large numbers of small pieces of information. Eventually, the entity gathering the information gets a complete picture. That's why the latest hack attack by the Chinese government -- this time on the U.S. Chamber of Commerce -- is both fascinating and disturbing.

Four Romanian nationals were indicted this month following serial security breaches involving stolen data from more than 80,000 consumer credit, debit and gift cards over the course of four years.

Last week we reported the Lucky Supermarkets chain's self-service checkout kiosks were hacked all across Northern California. This week, Restaurant Depot and its subsidiary Jetro Cash & Carry, both wholesalers to food service operators and retail grocery chains, were targets of what appears to be an even more sophisticated attack.

On Nov. 25, 2011, two major malls -- Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. -- set up operations to monitor shopper movement throughout the malls. The plan was to continue the practice through the Christmas shopping season. But their plans have since been cut short.

The UCLA Health System notified 16,288 patients that an external hard drive with their first and last names, birth dates, medical record numbers, addresses and medical record information was stolen from the home of one of its employees.

Coupled with the now infamous Stuxnet attack on an Iranian uranium enrichment facility, the attack on a water treatment plant in rural Illinois may be just the beginning of a new kind of cyber warfare.