LifeLock, an Arizona company promising customers protection from identity theft, has agreed to pay $12 million to settle charges that the company overstated its benefits and used "scare tactics" to gain subscribers. Read the full article. [Computerworld]

PayPal is asking UK customers to download software to help identify genuine e-mails sent by the eBay unit and weed out phishing messages. Read the full article. [finextra.com]

Organized cyber criminals stole more than $25 million from small to mid-sized businesses in brazen e-banking heists in the 3rd quarter of 2009 alone, federal regulators said last week. Read the full article. [KrebsonSecurity]

The Anti-Phishing Working Group (APWG) released its Q4, 2009 Phishing Activity Trends Report, which reveals that eCrime syndicates are expanding the base of brands they exploit for online fraud far beyond major financial institutions and online merchants, with the number of hijacked brands reaching a record 356 in October, up nearly 4.4 percent from the previous record of 341 in August 2009. Read the full article. [Help Net Security]

Congress and other government agencies are under a cyber attack an average of 1.8 billion times a month, a number that has been growing exponentially since President Barack Obama took office. In 2008, security events caused by vectors including worms, Trojan horses and spybots averaged 8 million hits per month. That number skyrocketed to 1.6 billion in 2009 and climbed to 1.8 billion this year, according to Senate Sergeant-at-Arms Terrance Gainer. Read the full article. [Politico]

A Thai court has approved the extradition to the U.S. of a Malaysian man allegedly involved in hacking credit card information, causing massive losses for victims in the U.S. Read the full article. [Computerworld]

A pair of researchers has amassed nearly 8,000 iPhones and Android smartphones in an experimental mobile botnet that demonstrates the ease of spreading potentially malicious applications on these devices. Read the full article. [Dark Reading]

Like the sequel to a successful movie, the botnet behind the distributed denial of service attacks that hit the country of Georgia during its conflict with Russia in 2008 has been updated. This time though, the idea isn’t hacktivism—it’s stealing financial data and, unlike in the case of other Russian botnets, the targets are the operators’ own countrymen. Read the full article. [eWEEK]

The new class of threat represented by today's banking malware like ZeuS can defeat much of the technology out there to combat it, admitted RSA bank-security panelists. Read the full article. [Tech Target]

More details follow the news of the Spanish botnet Mariposa and its owners being caught. The Mariposa Working Group infiltrated the command-and-control structure of Mariposa to monitor the communication channels that relayed information from compromised systems back to the hackers who run the botnet. Read the full article. [The Register]