For the second time in less than six months, visitors to the Drudge Report say they got malware in addition to the Web site's usual sensational headlines. Matt Drudge denied that his site was infecting visitors, however it's likely that the malware is coming from ads delivered by a third-party ad network and not the site itself. Read the full article. [CNet]

LifeLock, an Arizona company promising customers protection from identity theft, has agreed to pay $12 million to settle charges that the company overstated its benefits and used "scare tactics" to gain subscribers. Read the full article. [Computerworld]

After a busy February with 13 security bulletins, Microsoft is easing off the patching throttle a bit this month. 

Microsoft released two new security bulletins addressing 8 vulnerabilities, all not publically known at this time. 

A zero-day (unpatched) vulnerability in Microsoft’s Internet Explorer is being exploited in the wild, the company warned in an advisory issued today.

On the same day it issued software fixes as part of its Patch Tuesday schedule, Microsoft released a pre-patch advisory to warn of the risk of remote code execution attacks against users of IE 6 and IE 7.

PayPal is asking UK customers to download software to help identify genuine e-mails sent by the eBay unit and weed out phishing messages. Read the full article. [finextra.com]

North Carolina state researchers have modified existing speech authentication computer models and have streamlined the process so that it operates more efficiently. Read the full article. [ScienceDaily]

Security researchers have found the Mariposa bot client pre-installed on a mobile phone handset distributed in Europe, and say that the malware looks to have been installed on the phone's memory card.

Organized cyber criminals stole more than $25 million from small to mid-sized businesses in brazen e-banking heists in the 3rd quarter of 2009 alone, federal regulators said last week. Read the full article. [KrebsonSecurity]

Apache's HTTP web server has a flaw that enables remote server access and total control of a database, according to a security researcher. Read the full article. [ZDNet Australia]

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt said. “I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.” Read the full article. [Wired]