Two new Chinese APT units, "Moafree" (operating from Guandong) and "DragonOK" (based in Jiangsu), are looking for intellectual property, mostly in Japan and Taiwan. FireEye's discovery prompts observation that cyber attacks can now be "mass produced," and cyber campaigns "franchised." (Threatpost close reads the reports and concludes oil and gas exploitation in the South China Sea would be China's goal.)
The Gmail credential...well, leak? publication? still seems nothing that can't be dealt with by even a modicum of Internet hygiene, and Google's no-worries-here take on the episode appears confirmed.
Researchers from nuix and CBTS see enough significant differences between the malware used against Target and that found in the Home Depot hack to conclude that BlackPOS wasn't after all used in the more recent attack. (Their discussion of malware classification is interesting.)
Trend watchers think Apple Pay may disrupt — in a security-positive way — the pay card industry. Widespread consumer adoption will, they think, be key.
All industrial sectors seem broadly to agree that threat intelligence sharing is vital to security, but such cooperation is proving difficult to achieve, especially without supporting legislation. The usual concerns — litigation, reputational damage, etc. — inhibit collective defense. (Big data's glare-of-war challenges also remain to be overcome.)
Schneier points to studies of password managers: their security merits scrutiny.
The US lines up regional intelligence support against ISIS. The European Union and the US announce fresh sanctions against Russia over its Ukrainian incursions. Russia promises "asymmetric" retaliation: watch for cyber campaigns. The reconnaissance has already been done.