The innocently named but criminally famous Russian Business Network appears to be up and operating in Sochi, reports Lookingglass.
Kaspersky has discovered and (along with others) analyzed a major cyber espionage campaign, "the Mask," or "Careto." The Mask targets sensitive data including "encryption and SSH keys and wiping and deleting other data on targeted machines." The Mask is unusual in several respects. It appears state-sponsored, possibly by the government of a Spanish-speaking nation. (But such linguistic clues must be treated as indicators, not decisive evidence.) It employs a remote-access Trojan distributed by infected email attachments. Its suite of tools includes Backdoor.WeevilB, a modular cyberespionage tool with multiple possible configurations. This prompts comparison to Duqu and Flame, but there's little to suggest the same actors are behind it. The Mask has operated against government, diplomatic, activist, private equity, and energy sector targets since 2007. Kaspersky believes the Mask has claimed at least 380 unique victims in 31 countries; it ceased operation recently, perhaps because its operators realized they'd been discovered.
Comcast has quietly advised customers to change passwords post-NullCrew hack.
Flappy Birds may be gone from legitimate sites—"too addictive," thought its creator—but addicts beware: Trojanized knock-offs remain freely available.
Microsoft's Patch Tuesday features two more fixes than expected: there are seven, not five. The Tor Project releases an updated browser.
The European Union releases a feasibility study for a proposed cyber Early Warning and Response System (EWRS). The US DNI releases a list of permissible uses of signals intelligence.