The US Federal Reserve still has little to say about the attack it sustained over the weekend. ZDNet reports that the attackers gained access to the St. Louis Fed's Emergency Communications System, and it quotes a security specialist familiar with the system who charges that, contrary to Fed denials, the data exposed are "absolutely rife with account details." CSO says that the Fed is, at the very least, off-message in resisting attack disclosure.
A new exploit kit, "Whitehole," is out on the black market. It packages five Java Runtime Environment exploits. D-Link routers are alleged to suffer from plaintext credential and unauthenticated OS command injection vulnerabilities. A new mobile phone number harvester is implicated in SMS spam.
In what we may read as a sign of the financial sector's security success against advanced threats, banking malware appears to be trending back to older, relatively primitive phishing techniques.
China's Xinhua news agency reacts to international suspicion of Chinese activities in cyberspace by claiming, plausibly but ultimately unpersuasively, that, hey, we're the real victims here.
PostureSQL fixes a vulnerability to denial-of-service attacks. Adobe patches Flash to close a hole that's being exploited in the wild. Microsoft previews patch Tuesday, announcing it will close fifty-seven vulnerabilities.
CSO offers breezy reviews of leading security companies with quick thumbs-up-or-down profiles. CSC reveals more of its M&A strategy: the firm intends to beef up its cyber and big data capabilities through acquisition.
Dark Reading discerns a cloud-driven security trend: identity access management is replacing perimeter security.