The PlugX remote access Trojan, a Chinese espionage tool, has found its way into criminal hands and is being used for embezzlement. US authorities have fingered Iran's government as the controlling force behind the Izz ad-Din al-Qassam Cyber Fighters' campaign against Western banks, but the Cyber Fighters deny it—they're purely Islamic hacktivists.
Samsung printers are found to contain a hardcoded backdoor. A new Java zero-day exploit is for sale on the black market. Symantec releases more on the Narilam database annihilation malware. Popular (and free) web server analytics system Piwik has been trojanized to create a backdoor in users' systems.
Stuxnet may have resurfaced in French industrial gas company Air Liquide. Speculation continues about alleged US cyber operations against France.
A fired University of Arkansas medical resident apparently retaliates by releasing patient records. GoDaddy attributes recent DNS record hijacking to phishing. A decommissioned International Atomic Energy Commission server was hacked, revealing agency emails.
Last week the Nassau County Police had opsec issues; this week it's Belgium's intelligence services: officers are "oversharing" on social media.
Google repairs a high-risk Chrome flaw, and Skype says it has a handle on scam calls. CSO disputes a study released this week that concluded antivirus software was a waste of money.
Southhampton hopes to become England's Tulsa. US companies engaged in international trade should take due diligence seriously in their risk management. China prepares to crack down on VPNs (and in the US the ACLU thinks VPN users expose themselves to warrantless NSA monitoring).