It's a quiet news day for hacktivism and state-sponsored cyber attacks, but cyber criminals remain busy. eSecurity Planet has a useful compendium of cyber crime trend studies.
Gameover Zeus resumes its spearphishing campaign against US banking customers. A remote authentication bypass exploit affects Tectia SSH server, Free FTPD, and FreeSSHD for Windows. Last week's DNS poisoning of .ro domains is traced to RoTDL, which is now investigating the cause of the breach. Twitter users remain exposed to SMS spoofing; a Twitter patch helps only a subset of them. Windows AutoRun malware detected last week continues to spread.
Japanese attempts to shut down Android malware developers haven't been particularly successful, and Android devices in the US are now more attacked than PCs. Exploit kits continue to infest US networks, and Sophos finds that the malicious apps they package were, without exception, developed by white hat researchers, then copied and integrated by criminals operating in the black market. Children are becoming the chief targets of identity thieves: that poor children are more commonly exploited renders this trend especially loathsome.
The US Senate passes a Defense authorization bill more suggestive of policy direction than actual spending, but major cuts seem increasingly likely. SAIC announces 700 layoffs. BAE-Detica continues to position itself in the Australian market.
International Telecommunications Union (ITU) meetings in Dubai continue to provoke privacy and censorship concerns. Yesterday the ITU endorsed (over objections of Germany and some other members) a deep-packet inspection standard that would effectively mandate inspection of encrypted traffic.