Mandiant reports that a previously unknown Iranian group is conducting cyber attacks on US domestic companies. It's unclear whether the group is a state agency, state-directed, or simply a patriotic hacking crew. Iran's government denies the group's existence.
Moxie Marlinspike blogs about a Saudi telecom's offer to hire him to work on Twitter interception, and thinks the (legitimate? corporate? governmental?) market for exploits has become unhealthy. Reuters and CSO have similar, unrelated observations about the US Government's role in that market.
FireEye discovers a fresh campaign against Chinese "political rights activists." The US National Vulnerability Database reports a Linux privilege escalation vulnerability. Dorkbot continues to chew its way through Facebook, and a bogus "free media player" ad distributes malware to the unwary. The implausibly handled "Mr. TruthizSexy" makes an unconfirmed boast of compromising Stanford's networks. More healthcare providers suffer data breaches.
Surprisingly, "tech support" phone scams still work: please don't give a caller remote access to your systems.
Mozilla releases eight security advisories and three critical patches.
China's Huawei dismisses US cyber security concerns as a fig leaf for protectionism. The US Defense Department's admission of Apple and Samsung mobile devices to unclassified networks will be, says network security firm Ixia "a debacle, a disaster waiting to happen."
North Carolina State University researchers announce development of an algorithm for peer-level SCADA security.
The International Telecommunications Union reconvenes to discuss (among other matters) Internet governance.
India intensifies investigation of recent ATM cybertheft. Russia declares a gmailing US diplomat persona non grata.