MiniFlame is now reported to have spread beyond Lebanon, with reports of the espionage tool surfacing in Iran, Kuwait, and Qatar. Researchers haven't offered attribution yet, but various Middle Eastern news outlets blame the United States. (Infosec Island has a useful summary of what's known about miniFlame.)
The Izz ad-Din al-Qassam Cyber Fighters strike Capital One again, the second time the bank has been hit in the ongoing Islamist cyber campaign against US financial institutions. Santander UK says its storage of customer passwords in cookies presents no risk of compromise. Malware-bearing spam is spoofing British Airways e-tickets. Anyone wondering what an exploit can cost a local government might ask Naperville, Illinois: a recent hack is costing them $600k to fix.
Oracle has issued its expected patches. Three of them are rated critical, and warrant immediate action.
Internal fraud is rising globally, with Indonesia, Russia, and the US leading. Two reports independently suggest a significant lag in recognition and prevention of attacks: hackers on the average can exploit zero-day bugs for ten months; businesses normally don't detect a cyber intrusion for seven months.
Open-source intelligence tool Maltego tickles the dragon's tail by sweeping up tweets and other unprotected communications from the NSA's parking lot. A new "surveillance-resistant communications platform, Projecta, hits the market this week. Gartner's methods of determining its magic quadrants are released. Kaspersky confirms plans for a secure, Stuxnet-proof SCADA OS.
Those interested in active cyber defense should read the continuing exchange over its legality among Volokh Conspiracy blawgers.