The US Government officially stated yesterday what everyone has unofficially believed for about a month and a half: the power grid in Western Ukraine was, indeed, taken down by a December cyber attack. The Government's recommendations to the electrical power industry, however, are more pointed. For example, "Organizations should isolate [industrial control system] networks from any untrusted networks, especially the Internet." The precise role BlackEnergy malware played in the attack remains unknown.
ISIS notices that Twitter and Facebook have responded to requests from Washington to do something about extremist messaging in social media. ISIS promises retaliation, specifically pledging to take down ten accounts for every account the companies disrupt.
High-Tech Bridge studies virtual private network security with passive scans, and reports that 90% of SSL VPNs are insecure.
Ransomware continues to establish itself as a widespread form of cyber larceny. Availability of anonymous networks and cryptocurrencies has made it easier to get away with the crime, the growing Internet-of-things has expanded the available attack surface, and many newly networked devices are neither designed for nor installed with security in mind. And this larceny can be grand or petty, with recent targets ranging from a major medical center to a Lutheran parish in Iowa.
Cyber risk management concerns filter up to corporate boards and C-suites. Much risk remains poorly understood—witness Independent Security Evaluators' healthcare study—even, according to Swiss Re, by the insurance industry.
Apple tells the court exactly what would be involved in creating "Government OS" for the FBI.