As the Russian government asserts a right to military intervention in Ukraine, unidentified hackers bring down the Russian President's and Central Bank's websites. Speculation turns to Anonymous Caucasus as possibly responsible, although there's no shortage of other internal opposition to the regime, either, as recent official blocking of dissident sites suggests. Accusations of Ukrainian involvement are curiously absent from Russian statements. In the US, Director NSA nominee Rogers tells the Senate that Ukraine is under cyber attack, but primly declines to say by whom while speaking in an unclassified session.
Target says it received warning of its data breach during the event's early stages, but decided not to take action. This is not evidence, by itself, of irresponsibility. The problem is a common one: too many security warnings—with a high incidence of false positives, an absence of well-structured assessments of relative risk, and dependence upon human watchstanders—create a glare that can obscure significant threats. (Globalization note: a security team in Bangalore passed the warning in question to Target headquarters in Minneapolis.)
Dr. Web identifies a Trojan, "Rbrute," that infects Wi-Fi routers to spread Sality malware.
Adobe, Ubuntu, RedHat, and Google issue various patches or security upgrades.
Industry analysts find Pwn2Own usefully disillusions those who think their software invulnerable. Blackstone acquires Accuvant. (ISC) ² advises addressing security workforce shortages by creating entry-level positions and building a pipeline to fill them.
The crisis in Ukraine snarls US-Russian cyber security talks. The EU enacts new data protection rules.
The CIA-Senate dispute proves legally murky.