The ISP hosting the SEA-themed (but SEA-denied) Mac malware campaign shuts it down.
This week's Apple IOS7 update received so much interest that downloads mimicked denial-of-service conditions. Microsoft is working to patch an IE zero-day vulnerability, and observers expect a wave of attacks as hackers try to exploit it before it's closed.
"Shylock" (a.k.a. "Caphaw") again hits twenty-four large banks, harvesting login credentials at some twenty-four institutions. The financial sector has seen a good recent return on cyber security investment, but tighter security has been expensive and will get pricier, more than smaller banks can sustain. The sector as a whole would benefit from less-labor-intensive security solutions.
Bkav researchers discover a novel malware self-defense technique: freeze the infected hard disk while the malware "respawns." Cisco continues to track watering-hole attacks on the energy sector.
Petty cyber crime presents an unusually sordid display today. One new ransomware wrinkle involves Bitcoin mining—crooks profit whether you pay up or not. And the black market again imitates the legitimate one as hackers offer online training for cyber criminals.
NSA describes where Snowden accessed the files he leaked—on a filesharing system established post-9/11 to improve analysis. How he exfiltrated the data remains under investigation.
Cisco, Django, and Firefox security upgrades are now available.
Macy's denies snooping on customers' phones (and suggests inter alia that competitors do—they should beware expansive wiretap-law interpretation). VUPEN cheekily invites journalists to FOIA its competition.
Brazil-US relations remain frosty over surveillance, which continues to attract unfavorable domestic attention.