The US Government has "no doubt" that Iran's Izz ad-Din al-Qassam Cyber Fighters are responsible for the latest wave of denial-of-service attacks on banks. The attackers use curious mathematical (perhaps numerological) formulae in planning and executing their campaign. Affected banks meanwhile attempt simultaneous customer communication and risk mitigation.
Also in the US, Anonymous and Team Ghost Shell hit the FBI.gov domain, and NullCrew uses a directory transverse vulnerability to embarrass the Department of Homeland Security. Neither breach appears seriously damaging. In the UK a Parliamentary inquiry warns that the country's armed forces are so dependent on IT systems that determined cyber attackers could cripple operations.
Developers using Ruby on Rails are exposed to SQL injection attacks—patches are available. Microsoft issued its expected set of fixes yesterday (they did not include any for the recent Internet Explorer zero day vulnerability).
CSO offers a disturbing overview of trends in health care cyber exploits: widespread data breaches, more ransom scams, and, now, direct hacking of medical devices.
The FBI and Ernst and Young have developed a screen for words and phrases whose appearance in emails often flags insider fraud: "cover up," "write off," "illegal," "failed investment," and "nobody will find out."
The EU's European Cybercrime Center launches this week. Smart Grid Security offers a generally favorable appraisal of US Defense Department plans to help assure the security of electrical power distribution.
Last year's South Carolina data breach remains under investigation, with interesting "I-told-them-so" testimony from the Department of Revenue's former security chief.