The Republic of Korea issues another complaint about North Korean cyber operations: an attempt to access South Korean railroad workers' email, apparently in an effort to compromise transportation control systems.
FireEye thinks that governments with advanced cyber capabilities have already built latent vulnerabilities into industrial control systems with a view to holding them in reserve for future exploitation. This is, it seems, a matter of a priori possibility as opposed to a conclusion based on specific evidence.
ISIS success at information operations seems strongly connected to close control of messaging and its reiterated claims to be in control of territory.
A Damballa study describes how cyber criminals are evading legacy detection techniques by adopting an agile approach to their infrastructure. The company's eight-month study of Pony Loader revealed that the malware's controllers "281 domains and more than 120 IPs spread across 100 different ISPs."
In the US, phishing of companies for employee tax records continues as we approach the April 15th tax-filing deadline. The Internal Revenue Service, which sustained a major breach last year, has been forced to take its online PIN service offline—the remedial service has itself been compromised.
This week sees patches from Microsoft, Google, Adobe, Mozilla, Facebook, and SAP.
The Apple-FBI dispute in US courts continues, spooking the Silicon Valley companies the Defense Department hopes to win over with support for encryption (echoed by the UK's GCHQ).