Attribution of responsibility for recent exchanges of cyber attacks in the Middle East remains difficult and controversial. The Aramco attack remains under investigation, and Israeli police reveal that they took their systems offline last week because of a RAT infestation ("Iranian coordinated" hacktivists are suspected).
South Carolina's governor defends the state's unencrypted tax database as consistent with common banking practice, but security analysts aren't buying that as an acceptable government standard.
Last week's DKIM security issue resurfaces: those who moved to a stronger key remain vulnerable if they use a third-party e-mailer with a weak one. Kaspersky warns that many new viruses are VM-aware: they can determine whether they're running on a virtual machine. Ubuntu appears vulnerable to privacy leaks. Poor monitoring in clouds exposes them to exploitation as botnets.
Yesterday central bankers complained about Bitcoin; today the ZeroAccess botnet is reported to be cashing in on click-fraud and Bitcoin-mining. Several other reports detail the burgeoning global malware and cyber crime black markets. PC Advisor offers obligatory Halloween "terrifying but true" cyber scare stories. Hacker chatter shows that CSOs aren't focusing on the most popular attack techniques (like SQL injection).
Analysts think Sino-American squabbling over industrial espionage unlikely to have more than a short-term effect on Huawei and other Chinese firms. The US Department of Homeland Security prepares a cyber tool solicitation. Government and industry face a cyber labor force issue: the talent is hard to vet, both for security and formal credentials. Georgia's police hack back at Russian hackers.