Shin Bet and IDF say they stopped a "massive" cyber campaign against Israel during Gaza fighting, which they again say was directed by Iran. Meanwhile Moroccan Hamas sympathizers deface the municipal website of DuBois, Pennsylvania, USA (population 7,794) with messages supporting Gaza (DuBois being a softer target than Tel Aviv).
Observers now generally attribute the JPMorgan cyber attack to Russia. Many security analysts (Ponemon, for one) describe it as unusually sophisticated, and aimed more at demonstrating a significant attack capability (in this case hitting the bank's network layer) than doing direct damage. KnowBe4 says the attack vector was an employee's computer connected to a VPN, but the investigation is ongoing and details are sparse.
Interestingly, FS-ISAC has declined to raise its alert level from "guarded," saying that, unfortunately, they don't see this attack as terribly out-of-the-ordinary.
The campaign against Norway's energy sector (which Statoil says it's recovered from) remains unattributed, but many suspicious eyes are looking toward Russia here as well. Reports say phishing emails led to keylogger installation.
Lizard Squad skids, apparently weary of supporting ISIS barbarians, again invite arrest by hitting Twitch.
Gameover Zeus runs wild in countries where Windows XP remains in widespread use, notably Turkey. Trend Micro says it's found a new BlackPOS malware variant. Mozilla discloses a user data leak from its Bugzilla vulnerability-reporting project.
Dairy Queen, tipped off by banks warning of card-fraud patterns, acknowledges a breach. Other point-of-sale malware investigations continue. Aorato believes it's found an Active Directory angle in the Target breach.