A U.S. District Court judge on Monday ordered the assets frozen for a Russian man, his company BroCo Investments and his co-conspirators. The defendants are accused of using stolen credentials to access online brokerage accounts to boost the share prices of thinly traded stocks, according to a U.S. Securities and Exchange Commission complaint. The 36-year-old ringleader, Valery Maltsev, and his cohorts purchased unauthorized stock orders on behalf of the victims, a move that inflated the share prices. Then, the defendants, who personally owned the same stocks, sold their positions at "artificially inflated prices." The scam resulted in $255,532 in ill-gotten gains and was a violation of federal laws, according to the SEC. — DK

Microsoft is now offering an automated workaround to mitigate the Internet Explorer (IE) vulnerability it announced last week. The "Fix It" solution mitigates the bug "by disabling the peer factory class through the modification of a registry key," according to a Friday blog post. The flaw currently is being exploited in targeted attacks, the company said. The issue does not affect Microsoft's newest browser, IE 8. Even with the new workaround, Microsoft may release an out-of-band patch because its next scheduled security update is not due until April 13. — DK

IT security professionals often have high career goals but, to their detriment, fail to adequately plan their careers, according to a survey released on Monday by IT security career consultancy website Information Security Leaders. The survey of nearly 1,000 practitioners found that 65 percent were "more than confident" that they will reach their ultimate career goal. A majority aspire to be a CSO, CISO, consultant or to start their own company. But 83 percent of respondents did not have a written career plan. Those with a defined plan earned "significantly more" money and than those without one, the survey also found. — AM

A former U.S. Transportation Security Administration (TSA) employee was indicted Wednesday for planting malicious code on a government server, which contained data about suspected terrorists that was used to screen airport workers, federal authorities said. Douglas James Duchak, 46, of Colorado Springs, Colo. was a data analyst at the TSA from 2004 to 2009. He carried out the scheme, which caused at least $5,000 in damages, after learning his employment would be terminated. If convicted, he faces up to 10 years in federal prison and a fine of up to $500,000. — AM

While hacker Albert Gonzalez awaits his sentencing date, scheduled for later this month, one of his co-conspirators in the TJX, BJ's Wholesale Club and Sports Authority hacks was sentenced Thursday in federal court in Boston to 46 months in prison and fined $75,000. Prosecutors said Humza Zaman, formerly a programmer at Barclays bank, laundered $600,000 to $800,000 in identity theft proceeds for Gonzalez. Zaman received a 10 percent cut for his work. — AM

The number of command-and-control (C&C) servers sending commands to Koobface-infected computers doubled in a recent 48-hour period, according to Kaspersky Lab. On Monday, the number of C&C servers was at 71, down from 107 on Feb. 25, but quickly rose to 142 by Wednesday. Stefan Tanase, Kaspersky's senior anti-virus researcher, said the gang behind Koobface is "prepared with dozens of new servers" when too many are shut down. The Koobface worm typically spreads through social networking sites, such as Facebook and Twitter, and there have been hundreds of variants since it first appeared in 2008. — DK

Three California men each are facing two dozen charges for running a sophisticated identity theft ring which netted them nearly $2 million, the Los Angeles County district attorney's office announced Monday. Albert Jose Gonzalez, 39, of Lancaster, Josue Gustavo Albizuras, 42, of Los Angeles and Cesar Vasquez Echeverria, 28, of Santa Clarita installed skimmer devices on computerized pay pumps at gas stations to steal customers' credit and debit card information. The men, who have pleaded innocent, were arrested Feb. 25 after a three-year investigation by members of the Los Angeles Sheriff's Department and the FBI. — AM

The number of unique phishing reports received by the Anti-Phishing Working Group (APWG) decreased 29 percent during the fourth quarter of 2009, dropping from the all-time high of 40,621 reports in August to 28,897 in December, according to a report released Saturday by the nonprofit. While the number of unique phishes dropped, there was a significant rise in incidents focused on high-value targets, such as individuals with corporate bank account authority. — AM

Salaries rose in 2009 for more than half of some 3,000 security professionals polled by nonprofit certification provider (ISC)2, the organization announced Thursday. The "2010 Career Impact Survey" found that 52.8 percent of respondents received raises last year, while 11 percent saw their paychecks and/or benefits slashed. Just under 5 percent of respondents were laid off. (ISC)2 attributed the results to increasing corporate and government dependence on information security. — DK

Microsoft on Tuesday resumed shipping a recent patch, MS10-015, through Windows Update. The fix was sidelined after Microsoft determined that it resulted in a denial-of-service condition when installed by users whose machines are infected with a rootkit known as Alureon. The revamped bulletin now contains "detection logic" to find the Alureon rookit. If it does, the computer does not load the patch. -- DK