Distributed denial-of-service (DDOS) attacks affected about two-thirds of banks worldwide last year, a Ponemon study finds, with nearly half of them getting hit more than once. The banks find diminished employee productivity the attacks' worst consequence. Poor Internet hygiene is part of the problem: outdated and vulnerable Web apps, old content management systems, and poor security practices (like using "admin" as an administrative password) all enable DDOS campaigns.
Reporters Without Borders is the latest waterholing victim of Internet Explorer and Java vulnerabilities. (Waterholing is to cyber attack what affinity fraud is to financial scamming.)
We see more reports of increasingly powerful password-cracking tools. The US Department of Homeland Security's Industrial Control Systems-CERT warns that a brute-force tool effective against Siemens S7 programmable logic controllers had been demonstrated. Researchers embarrass Kim Dotcom's new venture, Mega, by using cracking tools against confirmation emails.
A Twitter flaw gives third-party applications access to users' direct messages. Skype is exploited to spread the Shylock banking Trojan. Patient records are again exposed to compromise by physical loss of a device, this time at Stanford University.
Cisco confirms a Linksys router vulnerability; they're working on a fix.
China may lead the world in cyber attack traffic, but Russia is the place to go for exploit kits. Microsoft R&D forsakes Korea for China. Huawei continues to work on its image.
After Dawson College expels a student white hat for exposing Omnivox vulnerabilities, Dawson and three other Quebec CEGEPs drop off the Internet internationally (but not in Canada).