Late yesterday the Syrian Electronic Army (SEA) compromised the New York Times and Twitter. The attack, discovered when the SEA tweeted its success, was accomplished by taking over a reseller account at domain name provider Melbourne IT. Other outlets were also affected: the New York Times and Twitter are the two most prominent. This marks the second high-profile SEA hack of media outlets in less than a week.
Redirection and disruption aside, the attack is serious because of its potential for confidential source compromise (important to the Assad regime as it faces a pending UN Security Council resolution authorizing intervention in the Syrian Civil War) and man-in-the-middle exploitation. It's also worth remembering that an enterprise can be attacked through its web-hosting providers, domain name registrars, and DNS resolution providers.
G-20 participants are targeted for APT installation via a phishing campaign run by Calc Team and other groups associated with China's People's Liberation Army.
More malware evolution is seen as Drive, a version of the DirtJumper DDoS toolkit, gains capability to bypass mitigations. The mitigations are older and less capable, but the development is more evidence of a disturbing trend.
China slowly dribbles out information on its weekend DDoS incident. Nasdaq and NYSE blame each other for last week's flash freeze; the SEC investigates.
In industry news, IBM wins a contract to handle security data at Australian airports. Businesses look for confidential ways of sharing attack information.
LOVEINT abuse at NSA was apparently discovered largely through self-disclosure, not monitoring or auditing.