Both FireEye and Eugene Kaspersky downplay cyber war between Ukraine and Russia. FireEye thinks the level of cyber activity in the region is at the background-noise level. Kaspersky sees conflict, but regards it as hacktivism rather than state-directed activity—thus, a cyber riot, not a cyber war. We're not seeing the widespread, disruptive cyber attacks that characterized earlier Russian operations against Estonia and Georgia (FireEye suggests this shows the Russian organs' increased PR savvy). The early stages of the conflict did, however, see cyber tools used for battlespace isolation. The Snake cyber espionage framework also appears active against Ukrainian targets. (There's no credible attribution of Snake, yet, to anyone other than the Russian government.)
DoubleThink reports finding a WhatsApp for Android vulnerability that exposes chat conversations.
Sucuri traces a very large denial-of-service attack to exploitation of WordPress's Pingback feature. The application layer exploit hijacked some 162,000 legitimate WordPress sites into a DDoS-capable botnet.
Observers see Target's lack of a CSO as contributing to the retailer's data breach. US consumers and payment providers continue to hash out preventive measures; Europe, perhaps lulled by widespread chip-and-pin technology, remains blasé.
The Internet turns 25, and Tim Berners-Lee calls for a Web user bill of rights.
In the US, Senator Feinstein (D-California, and lead intelligence watchdog) accuses the CIA of illegal intrusion into Senate networks. It's simplistic to dismiss her concerns as the "Merkel Effect": such (alleged) intrusion undermines oversight of the Intelligence Community, which Feinstein has cited as an adequate safeguard against surveillance overreach.