Adobe confirms it suffered a password disclosure breach via SQL injection attack. Skype disables password reset to fix account hijacking vulnerabilities. Symantec warns that Instagram exposes users to phishing. Symantec also checks Windows 8 and finds it vulnerable to Trojan.Ransomlock.U, a piece of ransomware designed for older versions of Windows. The Home button on the iPhone and iPad can leak data.
Two US Government agencies have a rough week. NASA warns employees that it lost a laptop on Halloween. The space agency is now rushing to full-disk laptop encryption. Department of Energy unclassified networks are found vulnerable to exploitation. (One Energy unit, Iowa National Laboratory, positions itself as a national SCADA security leader.)
Identity fraud rings grow in profitability, and cyber organized crime generally continues to spread internationally. One piece of good news on cyber crime: the Russian vorVzakone mob has called off its announced campaign against US banks. Too risky, too much publicity.
US power utility analysts warn that a successful attack on the power grid could cause "thousands of deaths," and other policy mavens continue to warn darkly of the dangers of cyber war. (For a contrary view, see Bruce Schneier's continuing efforts to convince people that cyber fears are mostly hype.) In any case, US state regulators take an increasingly activist role in utility cyber security.
South Carolina's Governor Haley orders sharply increased information security measures following that state's major data breach. US President Obama signed, last month, a secret executive order authorizing retaliation against cyber attacks.