The US Department of Energy sustains a "sophisticated" cyber attack. Just how the attackers got into the Department's servers is unclear, but an official letter admonishes employees and contractors to encrypt files and emails that contain personally identifiable information. Some officials are quoted on background as blaming Chinese espionage services, but no firm attribution has been made. (See also the stories below on the US Administration's views concerning cyber conflict with China, and on its reservation of a right to preemptive cyber attack.)
Several retail exploits are circulating. Anonymous exposes 4000 bankers' personal information (logins, passwords, phone numbers), bogus income tax emails carry a malware payload, a "Lucky Thirteen" exploit recovers plaintext of authentication cookies.
Further investigation of attacks on US newspapers suggests that the perpetrators were politically motivated. A lesson is drawn from the Red October campaign: monitor data, not just endpoints and perimeters. And we might draw some encouragement from Lockheed Martin's successful parry of 2011's RSA hack: the company's security team concludes that it's more important (and affordable) to keep intruders from getting anything of value than it is to keep them out.
Oracle patches fifty Java bugs, and Apple restores patched Java to OS X.
In industry news, Dell's board votes to take the company private. Microsoft and Huawei launch a joint venture to sell smartphones in Africa. Startup Silent Circle offers an advanced peer-to-peer encryption app designed to enable secure ("silent") file sharing. Sophos observes Safe Internet Day by offering tips on protecting children online.