As the Red October network (apparently) rolls up its command-and-control infrastructure, researchers discuss details of the cyber espionage campaign's spearphishing tactics.
US banks continue to press for NSA help against Iranian-inspired (or directed) denial-of-service attacks. Asian financial analysts are prompted to despair: if US banks can't handle DDOS attacks, what hope is there for the rest of the world? (Meanwhile Russia's President Putin directs the FSB to provide cyber protection for Russian media organizations.)
Networked printers that use the industry-standard JetDirect Printer Job Language are found vulnerable to exploitation, a potentially serious matter since lowly printers can give an attacker access to their larger enterprise networks. Polish security researchers continue their dismantling of the Virut botnet. (Virut is an interesting black market case study—the botnet came with its own EULA.)
Facebook's Graph search and the social network's privacy policies generally continue to trouble security experts. Kim Dotcom's new Mega service is already shown to expose users to cyber risks. Huawei router vulnerabilities are demonstrated.
The US Department of Homeland Security reports that US critical infrastructure sustained nearly 200 attacks against industrial control systems in 2012. The New York Times reports that such SCADA exploits are likely to be initiated through spearphishing.
Tip-toeing around budget sequestration, the US Department of Defense is slow-rolling contract awards. Huawei fights espionage accusations as it enjoys profits and considers an IPO. RIM considers licensing its OS. Atari files for bankruptcy.
British universities prepare for a major cyber competition. India prepares a national cyber infrastructure.