Belgacom, having stepped up its network monitoring, announces that a change to router software has prompted it to investigate another possible intrusion. The Belgian telecom is an attractive target because of the large volume of Middle Eastern traffic its cables carry.
Apple iMessage protocols are found vulnerable to man-in-the-middle attacks. A researcher identifies several issues with Bugzilla that could be exploited in cross-site request forgery and cross-site scripting attacks. Tenda's routers are found to contain a backdoor.
FireEye describes how ASLR bypass techniques are becoming a routine feature of sophisticated malware. Naked Security pulls apart the CryptoLocker ransomware.
Last week an unnamed "trading platform" suffered a sustained—150-hour—and determined denial-of-service attack. (The attackers are unidentified but their motives are said to have been "competitive"). Incapsula reports the attack was unusual in using "headless browsers"—versions of Phantom JS.
South African authorities struggle to contain and mitigate the Dexter Trojan, which has been stealing bankcard data from fast-food outlets. (Dexter has been found on the same servers as Alina and Citadel.) Elsewhere in the cyber underworld, a Pinterest scam may herald the return of the RU:8080 gang.
Research suggests that half the US Federal Government breaches are traceable to user noncompliance with security measures. There's a dilemma here: the more thorough security policies become, the more burdensome (and hence self-defeating) they tend to be.
Lenovo may buy part of BlackBerry. Huawei denies receiving government data requests.
Observers see an anti-surveillance bandwagon in the US Congress.
Snowden explains why he leaked.