The to-and-fro between Twitter's security team and the Syrian Electronic Army had a brief but significant effect on the stock market yesterday afternoon. The hacktivists briefly gained control of an Associated Press Twitter account and falsely tweeted that an explosion at the White House had injured US President Obama. Stock markets plunged briefly before the account was suspended and the report debunked, but the episode holds at least three lessons: securities markets are vulnerable to social media fraud, social media need better authentication and encryption, and hacktivist propaganda (in this case pro-Assad) can take surprising form with surprising effect.
Charles Schwab was also affected yesterday in an unrelated denial-of-service attack. Reddit discloses details of the DDoS attack it suffered earlier this month.
Another unpatched zero-day vulnerability appears in Java. Other known vulnerabilities turn up in exploit kits like CrimeBoss—users are again advised to patch Java. (Oracle is methodically working on a Java update it hopes will constitute a security renaissance for the product.)
The US Navy has discovered cyber vulnerabilities in the recently deployed Freedom-class Littoral Combat Ships.
Chinese cyber operations appear to be stirring again. FireEye discovers that Operation Beebus is still active and stealing drone technology, and that Gh0stRAT also remains in circulation. BAE reports that People's Liberation Army Unit 61398 has resumed cyber attacks. Whatever may be the case, Huawei has had enough of American official suspicion, and decides to exit the US market.
Microsoft reissues a fixed version of its flawed kernel-mode driver vulnerability patch.