Kaspersky finds two APT groups, "Naikon" and "Hellsing," targeting one another. Both have been unusually active in South and East Asia (and as usual Kaspersky is coy about attribution). The conflict is particularly interesting insofar as the mutual targeting appears intentional.
Palo Alto Networks observes a phishing campaign (most targets are Japanese). The "DragonOK" group was active between January and March of this year.
Verizon's Annual Breach Investigation Report, out today, notes among its findings the speed with which successful phishing attacks can compromise a network: about a minute twenty seconds from a user's swallowing the hook until data exfiltration begins.
TeaMp0isoN embarrasses various universities by exposing their network weaknesses.
This week's patches will keep sys admins busy. Microsoft issues eleven updates, Adobe fixes twenty-two Flash bugs, and Oracle addresses fifteen Java flaws. Apple's fixes (out last week) address Safari vulnerabilities.
In industry news, Palo Alto Networks buys Cyvera, Marlin Equity Partners buys Fidelis from General Dynamics, Symantec shops Veritas (the better to position itself in the security space), and — the big M&A story — Nokia buys Alcatel-Lucent for $16.6B.
Government and industry continue to compete for scarce and pricey cyber talent. The US Department of Defense announces that personnel shortages will delay fielding of cyber defense capabilities. In the UK, GCHQ continues to seed the kind of security vendor ecosystem in Gloucestershire that the US's NSA has fostered in Maryland.
The European Union formally charges Google with anti-trust violations, and opens a new inquiry into Android's position in the marketplace.