The Red October espionage exploit (which analysts' speculation tends to attribute to Russian or Chinese intelligence services) is shown to have spread not only by Word and Excel files, but also through Web-based Java vectors.
A mobile botnet infests Chinese Android users. The oft-killed Kehilos botnet (a.k.a. Waledac) is back, rebuilt with Virut malware. Sites relying on captchas to exclude robots face a new threat, demonstrated in the form of an automated YouTube account generator.
Java's future in the enterprise is widely seen as bleak, given Oracle's inability to deliver an effective patch. Many techniques for dealing with Java vulnerabilities appear, most devoted to ways of weaning users from it.
RSA characterizes the most recent form of targeted phishing as a "bouncer list" attack: if you're not on the club's list, you don't get in.
Patch management is central to security, but patching SCADA systems may be even tougher than patching databases, and can cause more problems than it solves, argues Dark Reading.
In industry news, Palantir's co-founder says the company is worth $7-8B. Blue Coat receives more unwelcome scrutiny alleging complicity with censorship and repression. Dell may be considering a leveraged buyout to "clear the decks" for a PC-killing USB-stick computer. Facebook's Graph search launches, and some see it as potentially disrupting Google.
Stylometrics—identification of anonymous writers on the basis of verbal quirks—remains in the news. (Will it enter the mainstream, or become this century's version of phrenology?)
Aaron Swartz's suicide prompts reassessment of US anti-hacking law.