Cyber espionage campaign Careto (or the Mask) continues to impress security analysts, who stick with their comparisons to Duqu and Flame. No attribution yet.
A customer running on CloudFlare's platform was hit by a large distributed denial-of-service (DDoS) attack. European networks and some CloudFlare US infrastructure were disrupted, but only in minor ways. Given the size of the network-time-protocol enabled campaign, the relative ease with which it was shrugged off suggests that enterprises are getting better at handling DDoS threats. Still, Prolexic and others warn that such attacks can be expected to grow in both frequency and sophistication.
Interested in a case study of how big phish render themselves vulnerable to spearphishing? Take a look at the LinkedIn "LIONs," for whom networking trumps security.
Investigators are increasingly convinced that the Target hackers lurked inside the retailer's point-of-sale networks for months before they began stealing customer data.
Bitstamp joins Mt. Gox in suspending Bitcoin withdrawals. Bitcoin exchanges are reported to be under sustained attack, much in the form of "phantom trading."
Snapchat users beware—if someone sends you a photo of a tempting fruit smoothie, it's probably a malware vector. Don't go there.
Microsoft, Adobe, JomSocial, and Facebook have all issued security updates.
In industry news, Sapient buys OnPoint, and IAI enters the cyber market.
Wired discerns a design trend in social media: building privacy in from the start.
In the US, DARPA works on the next generation of deep web search.
US state legislatures indulge in quixotic pro-privacy, anti-NSA posturing.