Some high-profile sites have been hit by an Angler-driven malvertising campaign. Among businesses infected are the New York Times, BBC, The Hill, Newsweek, AOL, and MSN. Trend Micro, Trustwave, and Malwarebytes noticed increased malicious traffic over the weekend, much of it serving ransomware. Users in the US are the principal targets.
Iran, which detained a US riverine command boat on January 12, says it extracted data from devices the US sailors carried. Iran characterizes the information as "thirteen thousand pages" and says it's putting it to good intelligence use.
No word, yet, on the widely anticipated US indictment of Iranian hackers for the Bowman Avenue Dam incident.
FireEye warns that attackers use Citrix products to access corporate networks.
The Office of Inadequate Security publishes a long, interesting interview with Ghostshell, as the onetime hacktivist star continues his repentance and expiation tour. He expresses guilt over having enriched security companies with the FUD he provided.
The attempt on the Bangladesh Central Bank should prompt enterprise introspection over authorization and security controls. (Reflect as well on the current popularity of business email compromise fraud as an attack vector.)
In the US, NIST issues draft data security guidelines for BYOD and telework.
An Indian government biometric identity program aims to help the poor, but also raises privacy concerns. The snoopers' charter debate in the UK and the crypto wars in the US arouse similar disputes.
Apple hits back at the Justice Department in its last filings before the iPhone case goes to court.