The Chinese campaign against international supply chains discovered this week appears to have used contaminated firmware in commonly used industrial barcode scanners to gain access to shipping and logistical networks. Coincidentally the US Government Accountability Office (GAO) releases a report excoriating the Department of Homeland Security (and subordinate agencies FEMA and the Coast Guard) for inattention to port and maritime cyber security.
South Asian cyber-rioting returns with Indonesian hackers defacing more than 2000 Indian websites. But a more consequential problem for India remains the digital certificate breach found this week. Both Google and Microsoft hustle to mitigate the problem: the effects of the breach are unknown, but are surely international and larger than one initially hoped.
IBM discovers two new variants of the Boleto malware. Gameover Zeus returns, as expected. The Blackshades RAT remains popular despite the attentions of international law enforcement.
The denial-of-service campaign suffered by Norwegian banks, airlines, telecom companies, and insurers earlier this week is resolved with the arrest of a teenaged script kiddie who exploited WordPress's pingback feature in the hack.
SANS expert Pescatore describes tension between compliance and security (and says he'd take security every time).
A Ponemon study finding power utilities poorly prepared to withstand cyber attacks prompts concerned punditry from the Economist and others.
The US investigates supply chain and OPM network hacking, and objects to Chinese espionage. Germany expels the CIA's Berlin station chief and objects to US espionage.
International police work hits Shylock and Blackshades. Seleznev fils faces a RICO rap.