RedHack leftists claim they've compromised Turkey's civil service salary system, but the Turkish Finance Ministry denies any exploit.
The very successful Eurograbber banking Trojan continues to circulate through Android and BlackBerry devices. So far confined to Europe, the malware's ability to defeat two-factor authentication renders it unusually dangerous. SecureState demonstrates a Python-based accounting software hack that facilitates sophisticated financial fraud. Other researchers develop a fast, cloud-based approach to password cracking—it doesn't work on live systems, but it's very good at attacking leaked passwords.
"Carefully crafted" spam successfully passes state-of-the-art filters. Denial-of-service attacks are now available (as a service) on the black market. Ransomware is becoming more common, and the New York Times has a useful primer on this form of cyber crime.
Next week's Patch Tuesday will feature five serious and two critical Microsoft bulletins.
Privacy tools like Tor and Darknet are "dual-use," serving legitimate (even heroic) dissent, but also crime and terrorism. Reaction to this week's breaches at Nationwide and Allied already suggests that civil litigation is beginning to drive more effective security. The US health care industry has made little information security progress, a HITRUST study says. The cloud sector continues its expansion despite CIO ambivalence about security.
SecurityInfoWatch provides an overview of video system vulnerabilities. WatchGuard doubts that the current vogue for striking back will do much to improve security.
The US Intelligence Community's comprehensive cyber report to Congress nears completion. The International Telecommunications Union has yet to decide what will count as a "covered entity."