McAfee today unveiled its 2012 Threat Predictions report, outlining the top threats that McAfee foresees for the coming year. The list indicates that emerging threats from 2011 are on track to become the major players for cyberactivity in 2012, including mobile banking, "legal" spam and virtual currency. McAfee Labs also predicts that attacks involving political motivation or notoriety will also make headlines, including high-profile industrial attacks, cyberwarfare demonstrations and hacktivist attacks targeting public figures.

"Many of the threats that will become prominent in 2012 have already been looming under the radar in 2011," said Vincent Weafer, senior vice president of McAfee Labs. "Over the past year, the general public has become more aware of some of these risks, such as threats to critical infrastructure or the impact of hacktivism as they gain international media attention. In the meantime, we continue to see cybercriminals improving their toolkits and malware and are ready to make a significant impact in 2012."

Windows 8 implements a radical new user interface called Metro for desktop PC's, which has so far received a mixed reception. However, there's many other changes under the hood and one of those is how password security is handled, which we look at here. It's a fact of life, that in today's modern world, we have to remember a plethora of passwords and PIN's, which can be daunting. This leads to security issues as users end up writing down passwords and/or create very insecure ones which can be easily guessed. Windows 8 aims to uphold strong password security, while at the same time, easing the burden on the user. Also, passwords can be obtained in various ways by miscreants, such as phishing, keylogging, guessing, and cracking. Windows addresses each of these problems in three main ways:

Optical disc drives have been pretty cheap for years now, yet there is enough money in the business, that three executives managed to collude in price fixing of these devices, scamming HP, Dell and Microsoft in the process - and in the end the consumer, who foots the higher prices. The three are from Hitachi-LG Data Storage Inc. (HLDS) and have reached a plea agreement with the U.S. Department of Justice on price fixing charges for optical disc drives during the 2005-2009 timeframe. According to Security Week, the three executives, Sang Hun Kim, Young Keun Park, and Sik Hur, will each pay $25,000 USD in fines and serve little sentences of seven to eight months in prison at a "correctional facility" aka prison, that is yet to be decided.

Tomorrow, Tuesday aka December 13th Microsoft is set to let loose no less than 14 updates which are supposed to resolve 20 vulnerabilities affecting products like Windows, Office, Internet Explorer, Microsoft Publisher, and Windows Media Player.

Three out of the 14 patches are rated 'Critical' and target bugs that could lead to remote code execution, while the other 11 are rated 'Important' and are set to plug in holes that can result in remote code execution and (unwanted) privilege elevation. As always, Microsoft isn't giving out specifics on the vulnerabilities that will be patched so we'll have to wait for tomorrow to get the full scoop. And to update of course.

AMD (NYSE: AMD) today announced that AMD Fusion '12 will be held June 11-14, 2012 in Bellevue, Washington. The company's annual developer summit will return to the Meydenbauer Center and the Hyatt Regency in Bellevue.

This event will build on the success of AMD Fusion '11, where more than 700 leaders from industry, academia, and government converged on the forefront of heterogeneous computing. The summit offers an engaging opportunity to learn more about next-generation software development and AMD Fusion System Architecture (FSA), Accelerated Processing Unit (APU) technology, central processing unit (CPU) and graphics processing unit (GPU) processor technologies, and programming methods using industry-standard application programming interfaces (APIs) such as OpenCL, OpenGL, Microsoft DirectCompute and C++ AMP.

Yes, that's right the maker of notoriously vulnerable software is now blaming you, the user, should you get a virus, trojan or other malware infection on your Windows computer. However, it does look like they have some justification for saying this. For those with long attention spans, Microsoft have just released their 168 page Microsoft Security Intelligence Report 6MB PDF, with the stated aim of providing:

An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011

The first thing to note about the report is that it is limited to its Malicious Software Removal Tool and Microsoft's other anti-malware products. Zero-day attacks that it can't detect are not included in the findings. So, surely it can't all be the user's fault then? It also means that the security angles from third party security vendors such as Kaspersky, Norton and McAfee aren't represented here.

Toshiba announces the first family of self-encrypting hard disk drives (HDDs) engineered to automatically invalidate protected data when connected to an unknown host. The new Toshiba Self-Encrypting Drive (SED) models enable OEMs to configure different data invalidation options that align with various end-user scenarios. Designed to address the increasing need for IT departments to comply with privacy laws and regulations governing data security, the drives are ideally suited for PC, copier and multi-function printer, and point-of-sale systems used in government, financial, medical, or similar environments with an acute need to protect sensitive information.

Building on the industry-standard Trusted Computing Group "Opal" Specification, the new Toshiba MKxx61GSYG models leverage advanced access security and on-board encryption alongside second generation data wipe technology. Whether to protect against data loss resulting from lost or stolen notebooks or to maintain the security of document image data stored within copier and printer systems, Toshiba SEDs can securely invalidate protected data. Data invalidation attributes can be set for multiple data ranges, enabling targeted data in the drive to be rendered indecipherable by command, on power cycle, or on host authentication error-an industry first. This flexibility provides systems designers with a powerful set of data security options that can be easily incorporated into existing system architecture.

Toshiba Storage Device Division (SDD), the pioneer in small form factor hard disk drives (HDDs), today announced a 7,200 RPM 2.5-inch (6.4cm) Self-Encrypting Drive (SED) that provides government-grade AES-256 hardware encryption incorporated in the disk drive's controller electronics. The MKxx61GSYD is the newest addition to the Toshiba family of drives designed for commercial notebooks and security-sensitive applications, including shared desktop PCs. The drive's built-in hardware encryption offers benefits that go beyond software encryption.

Based on the Opal Security Subsystem Class (Opal SSC) specification from the Trusted Computing Group (TCG), the new Toshiba SED enables secure and quick deployment of encryption on notebook and desktop PCs to protect confidential information. Many organisations are taking steps to comply with security policies and new laws governing data privacy. The SED technology from Toshiba helps IT departments to achieve strong, cost-effective security without interrupting business flow or impacting application performance.

Combining unprecedented security, performance and energy efficiency, Intel Corporation today launched the Intel Xeon Processor 5600 series. The new processors deliver two new security features -- Intel Advanced Encryption Standard New Instructions (Intel AES-NI), and Intel Trusted Execution Technology (Intel TXT) -- that enable faster encryption and decryption performance for more secure transactions and virtualized environments, providing data centers with a stronger foundation for cloud security.

These are also the first server and workstation chips based on the groundbreaking, new Intel 32nm logic technology, which uses Intel's second-generation high-k metal gate transistors to increase speed and decrease energy consumption. The Intel Xeon Processor 5600 series supports up to six cores per processor and delivers up to 60 percent greater performance than the 45nm Intel Xeon processor 5500 series. In addition, data centers can replace 15 single-core servers with a single new one, and achieve a return on their investment in as little as 5 months.

Seagate Technology today announced worldwide availability of the Seagate Secure Self-Encrypting Drive (SED) option across its portfolio of enterprise-class hard drives. Products with the Seagate Secure option include: Savvio 15K.2, Savvio 10K.3, Constellation and Cheetah 15K.7 drives. These enterprise-class products are an extension of Seagate's first-to-market leadership with Seagate Secure Self-Encrypting Drive (SED) technology, designed to deliver data-at-rest security for servers and storage systems.

"Self-Encrypting Drives are one of the easiest, most cost-effective security measures companies can implement," said Eric Ouellet, vice president at Gartner. "The use of SEDs provides businesses with complete data-at-rest protection against information breaches that can occur in drives and systems that have been repurposed, decommissioned, disposed of, sent for repair, misplaced or stolen. Because all disk media eventually leaves a company's control, the use of SEDs ensures that data is protected at these critical stages of a system's life cycle."

QNAP Security today unveils the high performance 8-bay chassis VioStor-8040U-RP NVR and 8-bay tower VioStor-8040 NVR network surveillance systems featuring Intel Core 2 Duo 2.8 GHz CPU, 2 GB DDRII memory, 8 hot-swappable hard drive bays for up to 16TB storage capacity, 40-channel recording from IP cameras, megapixel recording (up to 8 megapixels) and other advanced features such as RAID 0/1/5/6/5+spare/6+spare, Online RAID Capacity Expansion, and Online RAID Level Migration. The VioStor-8040U-RP NVR and VioStor-8040 NVR support M-JPEG, MPEG-4, and H.264 video compression and are compatible with the IP-based cameras and network video servers from AXIS, ACTi, Arecont, Canon, Cisco, D-Link, EDIMAX, ELMO, EtroVision, GANZ, iPUX, IQeye, LevelOne, Linksys, MOBOTIX, Panasonic BB/ BL/ i-Pro, SANYO, SONY, TOA, TOSHIBA, TRENDnet, VIVOTEK, and Y-CAM, etc.

VIA Technologies, Inc, a leading innovator of power efficient x86 processor platforms, today announced that it will be showing examples of its customized security solution service at Computex 2009, helping customers to employ a comprehensive and effective security infrastructure in all segments.

VIA Nano, VIA C7 and VIA Eden processor platforms are the only processors that currently offer a built-in Advanced Cryptographic Engine. In order to better help customers access this unique feature, VIA is now offering a comprehensive security solution service that can accurately meet the security needs of individual customers across a range of embedded segments.

Mozilla today released an important security update to Firefox. With sub-version 3.0.8, The browser has been patched for two critical security vulnerabilities, which are all that make it to this release.

The first vulnerability, titled "Arbitrary code execution via XUL tree element" could allow attackers to compromise a box by using a browser crash to run arbitrary code. The second one titled "XSL Transformation vulnerability" is where attackers get to use browser crashes caused by XSL stylesheets during XSL transformation, to run arbitrary code. For more information, refer to the Security Advisories page for Firefox. Existing Firefox versions will be updated to version 3.0.8 automatically by default. Firefox 3.0.8 can be downloaded from the Mozilla Website.

QNAP Security today announces the new firmware version 2.8 for the entire VioStor NVR series (VioStor-101/ 201/ 5020) to support the world's first innovative multi-server monitoring. By the firmware update, the VioStor NVR is turned to be a high expansibility network surveillance system which is capable of monitoring up to 120 channels simultaneously.

"We are more than excited to unveil the new firmware for our VioStor NVR series. The multi-server monitoring function is a significant technology breakthrough in the network surveillance industry. By upgrading the firmware on one single VioStor NVR, our users can add other QNAP NVR servers regardless of their physical locations and monitor the channels. There is no need to install any other software and no complicated configuration is required," remarked by Jacky Cheng, Senior Product Manager from QNAP. "More importantly, a maximum of 120 IP-based cameras can be monitored on a standalone server with this embedded feature. The scale of the network surveillance is boundlessly expanded by grouping the multiple NVR servers together for simultaneous monitoring."

Shuttle Inc., the market leader in the Mini-PC segment and manufacturer of Multi-Form-Factor solutions, today presents its first product in the "Special Solutions" category. The new Shuttle D 1416S surveillance system offers a unique operating convenience through an easy to understand software interface. Up to 16 separately available CCTV cameras can be connected and video signals can be recorded.

Seagate today announced sweeping advances in its global push to help secure notebook computer information from theft or loss. To combat growing threats to mobile information, Seagate, the world leader in storage solutions, is now shipping its groundbreaking, self-encrypting notebook PC hard drives, now with up to 320GB of capacity, to the worldwide distribution channel, with 500GB models coming soon. Additionally, Dell is now shipping a notebook with a 160GB self-encrypting hard drive. McAfee is set to provide software for the enterprise-wide management of notebooks with Seagate Secure hard drives.

Powerful, easy-to-use notebook data security is increasingly important as the global adoption of mobile PCs continues to soar and more notebooks are used to store sensitive personal and business information. Lost or stolen notebooks can cost companies millions of dollars in compromised proprietary information and threaten consumers with the high cost of identity theft, yet many computers remain unprotected. According to the United States FBI, a notebook computer is stolen every 53 seconds and 97% are never recovered*.

As the new flagship system for the ASUS line of business notebooks, the B80A with a 14.1-inch widescreen is packed with the powerful features, robust security and stylish build that corporate users look for in their notebooks of choice.

Security vulnerabilities have plagued the computing world ever since computing became a significant advance of mankind. As of today, the plethora of security software we use that gobble money, system resources and network bandwidth to keep our computers and networks safe, have done a good job and it's relatively 'peaceful' these days. And just when we thought so, enter Kris Kaspersky, eminent security researcher, comes up with the hypothesis that microcode errors, known errors and flaws in the design of CPUs could be exploited by malicious code to attack and compromise systems irrespective of which operating system (OS) and other software are running. Kaspersky claims that different errata of the CPU could be exploited differently.

Following countless complaints of World of Warcraft (WoW) user account hijacks and misuse, Blizzard has come up with a device, a security code generator that each user possesses, the device generates a six-digit security code that the user has to enter when logging on to the WoW account. The generation pattern is unique for each user's generator and this effectively eradicates account misuse, or at least attempts to. Blizzard CEO and cofounder Mike Morhaime says "It's important to us that World of Warcraft offers a safe and enjoyable game environment", he further adds that an aspect of that is helping players avoid account compromise, so they are pleased to make this additional layer of security available to them.

Once activated with Blizzard, the authenticator offers a six-digit code that must be used within 60 seconds on a gamer's WoW account. The user has to enter this number alongside username and password. Similar methods are adopted by PayPal, banks, and other financial institutions to help protect data, PayPal charges US $5 for the PayPal Security Key.

Blizzard plans to charge US $6.50 for the device but no announcements are made as to when it will be available.

Nowadays everyone will tell you that most virus, spyware, malware and other malicious definitions are written solely for Windows, but it appears that times have changed a bit. Security experts are warning now about a new Trojan horse released in the wild, targeting Apple operating systems or more specifically Mac OS X Tiger and Leopard (version 10.4 and 10.5). In addition to the usual stuff a trojan can do (run in background, open ports, steal your passwords, replicate etc.) this one can also log what you type in every moment, take screenshots of your active desktop and even take a picture of you using Mac's built-in iSight camera. Here's how it works: AppleScript.THT comes either as a 3.1MB application dubbed AStht_v06 or as a 60KB compiled AppleScript script called ASthtv05. Once started on a Mac OS system it adds itself to the System Login Items and thus runs with root privileges every time the OS is started. Once the system is infected AppleScript.THT also moves itself into the /Library/Caches/ folder. To protect your system against this threat, security experts advice to run SecureMac MacScan 2.5.2 anti-virus software with the latest Spyware Definitions update (2008011). More details on the malicious code and additional removal instructions are posted here.

When open source software makers made what would eventually become the more current versions of Linux, Unix, and Mac OS X, they undertook a very important task: ensuring that whenever a password was generated to keep confidential data secret, that it would actually be secure. However, they apparently made a rudimentary programming error, and it went out into the world of open source software unnoticed. A couple years down the road, some hackers pointed out with glee that the OpenSSL key generator is basically useless as a security measure (the actual flaw is explained much more thoroughly in the source link). Because OpenSSL is used in far more systems than a couple home servers, we have a serious problem on our hands. Even though the original authors have issued a patch, there's no guarantee that it will get around fast enough to prevent some serious damage.