An internecine Islamist information war brews in the subcontinent: al Qaeda launches an Indian branch in a bid to recover leadership from its more radical competitor ISIS.
JPMorgan internal investigations find the bank's stolen data were exfiltrated to servers in Russia. Investment analysts worry that reputational damage will spread beyond JPMorgan Chase to financial ETFs.
The officially still-potential Home Depot breach moves so close to confirmed actuality as to make no difference. The retailer's hired Symantec to mitigate whatever's potentially gone on; it's also offered customers credit protection services. Observers suspect Backoff point-of-sale malware behind the incident.
Goodwill, the eleemosynary used-article retailer, seems to have been the victim of Rawpos, a less-capable Backoff competitor.
Apple, reeling from the iCloud selfie leak, announces steps to improve its cloud's security. The unidentified hacker skates on thin ice, anonymously crowing about the months (and skillz) needed to pull off the theft — once identified, he/she/they will receive lots of police attention. Elcomsoft acknowledges that pirate versions of its password-cracking forensic tool, widely suspected in the iCloud hack, circulate in criminal markets.
In the US, Healthcare.gov acknowledges a successful hack, but says no data were lost. Observers see a configuration error at the root of the incident; some say malware was installed.
FireEye discovers an OSX version of APT backdoor XSLCmd (the work of "GREF"). Netresec finds a man-in-the-middle campaign running between Chinese universities and Google.
Congratulations to the National Cyber Security Hall of Fame class of 2014: Mssrs. Bellovin, Cerf, Kocher, Clarke, and Zimmermann.