EADS and KruppThyssen disclose cyber attacks, and both are attributed to the Chinese government, indicating that concern over alleged PLA espionage has spread from North America to Europe. China continues to deny its involvement as it seeks a modus vivendi in cyber space with its most important trading partners. Al Jazeera and Anti-War do their best to make the Chinese foreign ministry's case, but recent attack attributions are holding up.
Trustwave warns customers not to be deceived by a phishing campaign. Duo Security finds a way around Google's two-step login verification. Jihadist chatter in cyberspace implausibly finds a US-Israeli-Iranian conspiracy to conquer Syria. Anonymous does some crowing about its ability to hack US Government sites.
The SANS Institute publishes two interesting accounts of threats: mass-customized spam and exploitation of vulnerable embedded devices. Lastline reports on evasive malware, and Sophos debunks Facebook rumors that the Talking Angela iPhone app targets children for exploitation: Angela appears entirely benign.
Two attack post-mortems are of interest. Bit9 tells how it opened itself to SQL-injection attack, and IEEE Spectrum describes Kaspersky's role in finding Stuxnet.
Private users may be better at browser hygiene than enterprises. SMS is replacing email spam. Apple and Facebook hacks are branding cautionary tales.
US budget sequestration will (probably) arrive Friday. Australia prepares to invest in security situational awareness. SAIC discloses more about its pending breakup, and HP reveals its big data security strategy.
The Japanese government establishes an APT database. Los Alamos researchers demonstrate quantum cryptography for power grid security.