Goldblatt is the lead plaintiff in a class action lawsuit, filed Thursday against HP in California, claiming that the IT giant should have warned customers about the flaws ahead of time.

In a nutshell, the flaw is a pretty bad one. HP LaserJet printers built before 2009 will accept remote firmware updates without properly checking where they come from. This means that — at least in theory — a hacker could cook up a malicious firmware update and upload it to a printer to make it stop working, spy on print jobs, or maybe even set the printer on fire by overworking the printer’s fuser — the part of the printer that dries ink on the paper.

HP says that it’s never heard of its printers being hacked by criminals and that its printers have “thermal breakers” that would prevent this kind of hacker inferno. But the company has acknowledged the underlying problem in a security alert.

The lawsuit seeks unspecified damages to be paid out to HP LaserJet customers (InkJet printers can’t do the remote firmware upgrade).

But how could HP have known about the defects, which were discovered by researchers at Columbia University and publicized late last month in an MSNBC story? That’s where things get a little fuzzy. Goldblatt’s attorneys cite a 2010 report commissioned by HP and written by analyst firm Quocirca, that describes some high-level security risks to printers, without spelling out specific attacks.

Read the full Wired story here.

Symantec just uncovered a string of these types of attacks in a new campaign called “Nitro.” According to PC Magazine, the hackers are targeting Fortune 100 companies focused on chemical R&D, companies that develop advanced materials for military vehicles, and those that produce manufacturing infrastructure for the chemical and advanced materials industries.

And how are these hackers obtaining this vital information? It seems that good-old-fashioned email spoofing has been the key. Attackers simply send a bogus email and meeting invites with malware attached to people inside the company.

According to Symantec, Nitro traced back to a virtual private server (VPS) in the U.S. However, and no surprise here, the perpetrator is a man from the Hebei region of China.

Cyber wars are fought in a realm that nobody every really sees and tipping off the enemy about proposed attacks and defenses will only make us more vulnerable.  That is why when the U.S. State Department issued a statement last week that dismissed the likelihood that we are engaged in a cyber war with China, it made us scratch our heads.

It is no secret that China is a U.S. major adversary in the cyber department.  This year alone, the Chinese government launched cyber attacks against the U.S. with allegations of Chinese intrusions of the web sites of U.S. military contractors.  And let’s not forget that the allegations that China illegal penetrated the Google e-mail accounts of several high-level U.S. officials.   And to top it off, we all know that China uses its cyber-savvy to steal intellectual property from many U.S. companies.

And, as we highlighted last week, Keith B. Alexander, Commander, U.S. Cyber Command, Director, National Security Agency/Central Security Service, recently spoke at a conference and highlighted the urgent need to defend against nation’s like China.  You can check out that video again below.

So, as we stated in the headline of this post:  would we actually ‘declare’ a cyber war with China?  Probably not.  Are we enged in a cyber war with China?  We say most likely “yes.”

Seventy Percent of Identity Theft Victims Helped by ITAC Report They Do Not Know the Source of the Crime
Nearly 70 percent of the 2,695 victims who used ITAC Victim Assistance in 2011 do not know the source of the crime, according to a survey by ITAC, the Identity Theft Assistance Center. Of the victims who did know the source of the crime, more than a quarter said it was computer related (hacker/virus/phishing). Read the full press release here.

Stupid Hacker Tricks: Exploits Gone Bad
If the Internet is the new Wild West, then hackers are the wanted outlaws of our time. And like the gun-slinging bad boys before them, all it takes is one wrong move to land them in jail. Whether they are out to steal money or merely wreak havoc, the consequences of an exploit gone bad can be harsh. And these days, the margin for error can be measured in bits. After all, thanks to the Internet’s international nature, cyber outlaws have an awful lot of sheriffs sniffing out their online footsteps. Check out the full InfoWorld article here.

Data Breach More Stressful Than Divorce, Say IT Managers
IT managers feel that getting a divorce or losing their job is less stressful than looking after company confidential data. New research by Websense, a content security and data theft protection company, has found that for IT managers the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident. Websense commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the US, UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs). The research revealed that IR managers are feeling the pressure and saying that data loss incidents put their jobs on the line. The study also highlighted that serious data breaches have occurred compromising CEO and other executives’ data, confidential customer data, and data necessary for regulatory compliance. Read the full CBR article here.

Chinese Officials Jailed for Leaking Economic Data
Two Chinese officials have been jailed for leaking key economic data that can move global financial markets, in a breach that triggered a government crackdown to tighten secrecy, officials said Monday. The leaks were an embarrassment for Beijing, which treats an unusually wide array of economic data as secret and is struggling to prevent official misuse of it amid intense interest in the world’s second-largest economy. Businesspeople and others have been jailed under state secrets laws for obtaining or disclosing commercial information that is considered public or only trade secrets elsewhere. Read the full AP story here.

Hackers Likely Stole Military, Nuclear Power Data in Japan Attack
A cyber attack on Japan’s biggest defense contractor likely netted military data on warplanes and information on nuclear power plants, the Asahi newspaper reported Monday, as pressure mounts on Japan to bolster cyber security after the attack came to light in August. It remains unclear whether the military data from Mitsubishi Heavy Industries Ltd, including information on warplanes, helicopters and other equipment ordered by Japan’s Defense Ministry, is deemed sensitive defense information, the Asahi said, citing a source close to the matter. Read the full MSNBC article here.

Anonymous Hacktivists Target Child Pornography Sites
Hidden from search engines and most of the world is a parallel Internet, the so-called “dark net”, where there is no authority. Set up to protect critics of oppressive regimes it has also become an online marketplace for trading in all sorts of illegal items from drugs to child pornography. Now Anonymous, a loose-knit group of “hacktivists”, has taken it upon itself to attack the secret websites it says are being used to trade child pornography and to name some of their alleged customers. Read the full WSJ post here.

Hackers Sabotage Microsoft’s YouTube Channel
Microsoft has confirmed its channel on YouTube has been hacked by someone who has removed all the software giant’s videos and is soliciting subscribers for sponsorships, Cnet has reported. The channel’s archived videos have been removed and replaced with short clips titled “We are sponsoring!” “We have regained control of the Microsoft channel on YouTube, and we are working to restore all of the original content,” Microsoft said. “We will continue to work with YouTube to ensure safeguards are in place for the future.” Read the full AME post here.

Verizon Business just issued the results of its 2011 Payment Card Industry Compliance Report and it found that more than three-quarters of enterprises audited in the past two years for compliance with PCI DSS failed to pass their initial evaluation.  Today we are speaking with Jen Mack, Director of Verizon’s Global PCI Consulting Services, about the findings of this new report and much more.

For those of us who cover cyber security issues on a regular basis, October is a pretty special month.  The National Cyber Security Alliance (NCSA) is hosting the 8th annual National Cyber Security Awareness Month to be held throughout the month of  October.   In case you weren’t ware of it, National Cyber Security Awareness Month is a coordinated national effort focusing on the need for improved online safety and security for all Americans. This year’s theme, “Our Shared Responsibility,” emphasizes that everyone has a role in securing their part of cyberspace, including the myriad of devices, such as smart phones and tablets, and the networks they use.

NCSA, along with the U.S. Department of Homeland Security and the Multi-State Information Sharing and Analysis Center, are the key sponsors National Cyber Security Awareness Month every October since its founding in 2003. Together, these three organizations strive to empower consumers, schools, businesses and government agencies to stay safe online, devoting the full month of October to public awareness and education.

The month-long calendar features a diverse array of NCSA sponsored flagship events as well as other events throughout the nation, beginning October 7th in Ypsilanti, Michigan with Governor Rick Snyder, leaders from the U.S. Department of Homeland Security and other officials. This official launch event for the month will take place during the Michigan Cyber Summit and will draw highly regarded cyber security experts from around the world. NCSA will also share findings from its annual national survey on the state of security and online safety.

Click here to learn more about National Cyber Security Awareness Month, and stay tuned for more podcasts and updates.

That finding comes from the Financial Services Information Sharing and Analysis Center, an organization dedicated to fighting cybercrime whose members include thousands of banks, credit unions, insurance companies and payment processors.

“Statistics indicate financial institutions are doing a better job of stopping fraudulent transactions from being created and from funds leaving the financial institution,” William Nelson, the organization’s president, said in written testimony.

In 2009, 63% of reported takeovers of commercial accounts resulted in funds being sent out of the financial institution, according to survey data cited in Nelson’s testimony. In the first six months of 2010, that number fell to 36%.

Likewise, the percentage of cases where monetary transactions were created but the funds were stopped before they left the financial institution rose from 20% to 36% during the same time period.

Notwithstanding the progress, witnesses at Wednesday’s hearing will testify about the need for greater vigilance and better collaboration between government and private industry.

Check out the full American Banker article here.

A group of hackers affiliated with Anonymous called Hollywood Leaks has set its targets on Hollywood power and they are already inflicting some major damage. The group leaked the script for Rock of Ages, a film by Tom Cruise. They also exposed the phone numbers of Miley Cyrus, Ashley Greene (of Twilight) and many others.

Yes, it’s very easy to not like all the shenanigans going on in Hollywood. While much of the content that comes out of that town is pure cultural waste, there’s still some great art being produced. But then again, perhaps Hollywood Leaks knows this and is only targeting the purveyors of culturally lowbrow content?

Watch out Kardasians, Lindsey Lohan, Kate Gosselin, all of the Real Housewives, the Jersey Shore cast and many others. Hollywood Leaks could be one click away….