Chinese hackers, probably under PLA direction, exploit an Adobe Reader zero-day to spearphish Tibetan and Uyghur activists. CyberSquared also charges Chinese groups with using advanced persistent threats (APTs) against the Western medical industry. Quartz notes that Chinese cyber strategy dates at least to Major General Wang's 1995 analysis of US information operations.
A University of Illinois cryptographer demonstrates a TLS/RC4 attack. Sophos advises a look at your corporate Websites: Seagate's blog has been compromised to infect visitors with malware. An NCC Group pen-tester reports that a disconcertingly large number of security appliances are themselves riddled with vulnerabilities.
GFI Software says many organizations DOS themselves, as employees consume resources listening to the radio, watching videos, etc. (For at least a partial remedy, see the techniques for log monitoring discussed below.)
Patching alone won't close Industrial control system (ICS) vulnerabilities, and industry casts about for a better model. (Trend Micro claims success in drawing ICS hackers to honeypots.)
Bruce Shneier and others point out the growing dispersion of attack tools and suggest reasons to regard the attackers' advantage as an enduring one. With this, and with new advice on risk analysis, it's striking to see that cyber insurance purchases jumped 33% last year. This means not only that the boardroom recognizes the risk, but, more interestingly, that insurance companies believe they can assess and monetize it. (They wouldn't offer the insurance otherwise.)
Reuter's deputy social media editor was indicted yesterday for alleged complicity in an Anonymous attack on the Los Angeles Times.