Symantec continues to track the activities of cyber espionage group Tick against Japanese targets. Noted for delivering Gofarer malware in drive-bys, whence the group installs the Daserf backdoor on victim systems, Tick has shown particular interest in companies engaged in ocean engineering, broadcasting, and IT.
A parameter-tampering vulnerability renders Pwnedlist open to certain kinds of exploitation, KrebsOnSecurity reports. The InfoArmor service can apparently be induced to yield plaintext spreadsheets with usernames and credentials that don’t belong to the account holder requesting monitoring.
Microsoft swiftly patched a vulnerability in its widely used Office 365 product. The flaw lay in Microsoft’s implementation of the Security Authentication Markup Language (SAML) server. Exploitation could have enabled remote attackers to gain access to user files. The incident offers an encouraging example of responsible disclosure.
In patching news, Slack has closed a security hole some careless third-party developers tumbled into, and Valve has fixed a crypto flaw in Steam that exposed passwords (this latter is also an instance of responsible disclosure).
South Korea and the US announce a joint research program into security artificial intelligence. South Korea is also working on a GPS alternative to hedge against DPRK jamming of the navigation service.
Europol will soon receive expanded authority to fight ISIS online.
Craig Wright has again outed himself as Bitcoin creator Satoshi Nakamoto. The reporters who are buying his story note that the evidence Wright offers in support of his claim “sounds convincing” but is “hard to follow.” One is reluctantly moved to continuing skepticism.