The Islamist DDoS campaign against US banks is crude and offers "nothing new," but it's surprisingly effective. Observers find it worrisome that large banks with sophisticated IT infrastructures are having such a hard time coping with it.
Energy infrastructure company Televent confirms that it's been hacked. Investigators blame China, and believe that the attack represents a SCADA threat even though its initial effects were theft of smart grid planning files. China also comes in for unusually blunt criticism from Cyber Command's Admiral Cox, who accuses that country of waging an ongoing cyber campaign against US Defense networks.
Adobe has been the victim of a certificate-signing APT attack. It's revoking the certificate immediately. URL shortening services are found to direct browsers to malware-infested sites. The remote wiping vulnerability discovered in some Samsung phones has been found to affect other Android devices as well, and a fix is available. Cisco releases security patches for nine products. Forrester finds that 75% of data breeches are inside jobs.
Budget sequestration (if it happens) won't affect Defense spending until January. OMB finds Federal agencies leery of Agile development but thinks they should work to overcome their fears. GovWin analyzes KEY-W's acquisition strategy as an example of how a small, "niche" company prepares to ride-out Federal budget austerity. Other analysts continue to track security industry consolidation.
In product news, Microsoft IE gets welcome good news: it's better at detecting malware than its competitors. Mozilla's password-free Persona login system is out in a beta version. Sim-card registration issues persist in the UAE.