Top 10 Stories

Threatpost: Code Spaces, a code-hosting and software collaboration platform, has been put out of business by an attacker who deleted the company’s data and backups. Officials wrote a lengthy explanation and apology on the company’s website, promising to spend its current resources helping customers recover whatever data may be left.  

Reuters: Japan's leading Liberal Democratic Party said it decided against regulating bitcoin for the time being, after the collapse of Tokyo-based bitcoin exchange Mt. Gox prompted them to consider more scrutiny of the virtual currency.  

Tweaktown: Sir Iain Lobban, the chief of British spy agency GCHQ, has publicly attacked the Guardian over its role in publishing information leaked by ex-NSA agent Edward Snowden. He asserted that GCHQ and its sister agencies in British intelligence are protecting the UK "despite the best efforts of some of the media."   According to the Telegraph, Lobban said at the IA14 cyber security conference: "GCHQ has some world-class intellectual property but you'll understand that...

Krebs on Security: The recently-announced credit card breach at P.F. Chang’s Chinese Bistro appears to have gone on for at least nine months.   New information indicates that the breach at the nationwide restaurant chain began on or around Sept. 18, 2013, and didn’t end until June 11, one day after KrebsOnSecurity.com broke the news about the break-in.  

Arstechnica: AT&T has begun mailing out letters to customers affected by a data breach that allowed employees of a “service provider” to access customer account information, including customers’ dates of birth and Social Security numbers. The data was exposed in April through a system used to obtain unlocking codes for used AT&T phones for resale, according to the letter, which has been posted by California’s Office of the Attorney General.  

The Guardian: As the US continues to take a hard line with China over alleged criminal hacking of American companies, UK cyber investigators have quietly forged relationships with their counterparts in China, the Guardian has learned. Over the past six months, at least two meetings between the UK National Crime Agency (NCA) and Chinese law enforcement have taken place, while “24/7 contact points” have been established to help fight cybercrime taking place between the two...

Arstechnica: A code-hosting service that boasted having a full recovery plan has abruptly closed after someone gained unauthorized access to its Amazon Web Service account and deleted most of the customer data there. Wednesday's demise of Code Spaces is a cautionary tale, not just for services in the business of storing sensitive data, but also for end users who entrust their most valuable assets to such services. Within the span of 12 hours, the service...

PC World: CloudFlare has acquired CryptoSeal, a provider of VPN (virtual-private-network) services for businesses, in a deal it says will extend its security services to Web users. Terms of the deal were not disclosed. CloudFlare began to shut down CryptoSeal’s service last week after the acquisition was finalized, and the service will be fully retired by June 30, wrote Matthew Prince, CloudFlare’s CEO.  

The Register: It's the app developer's equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys. That's a more serious issue than the old “don't re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they're not visible to an end user, were OAuth tokens valid on other sites

Softpedia: When it comes to enterprise security, oftentimes the platform used behind the company's network is rarely a compelling argument, a report from a security company shows. From a regular user’s standpoint, iOS offers more security thanks to Apple's controlled app distribution and limitations imposed to the operating system.