PNC suffers a denial-of-service attack, the second major bank to report disruptions caused in the latest campaign by the Izz ad-Din al-Qassam Cyber Fighters. Banks must also prepare for vorVzakone's "Project Blitzkrieg," which shows signs of launching this spring. Unlike the Izz ad-Din al-Qassam Cyber Fighters, who represent themselves as disinterested supporters of Iran, the Russian mob behind Project Blitzkrieg are simple bank robbers.
Symantec attributes recent exploitation of Internet Explorer zero-day vulnerabilities to the Elderwood Group, the skilled and well-funded organization responsible for last summer's attacks on US Defense contractors. Microsoft has issued a fix for Internet Explorer vulnerabilities, but for now has no plans to address them in next week's Patch Tuesday.
TURKTRUST Inc. issued a fraudulent certificate that's turned up in Google spoofing exploits. Browser vendors work to block it.
Malware ("SNEAK") posing as a Java Server page installs a backdoor on compromised servers. Pop-up windows inviting users to take a survey have been caught delivering malware. Compromised password reset services are found stealing credentials. China restricts use of virtual private networks, and this is seen as an opening gambit in a new economic espionage campaign. The restrictions appear as part of a larger program of Internet restriction; coincidentally or not Google has quietly dropped the censorship warning feature from its Chinese service.
The Department of Homeland Security will lead continuous monitoring for US Government unclassified networks. It expects to select five contractor teams for the $6B work before October. The program may eventually encompass power grids.