Red October spread by a Java exploit as well as by infected Microsoft documents attached to emails. Its code has significant Russian language traces, but it also used many exploits developed in China for attacking Tibetan activists.
Incapsula publishes its analysis of the Izz ad-Din al-Qassam denial-of-service attack on US banks. Those banks have asked for US Government help, but security analysts doubt help will be forthcoming.
Another Java zero-day is out and selling for $5000 on the black market. North Korea continues its cyber harassment of the South with attacks on newspapers and political teams, and (dangerously) GPS jamming.
More analysis of bouncer list phishing appears. Verizon shares a cautionary tale of truly black-belt slacking: its log audits revealed that a model IT employee with six-figure compensation had in fact outsourced his job to Chinese developers.
Those of you who listened to sports talk radio on your morning commute heard that Notre Dame linebacker Manti Te'o may have been the victim of a catfish—a completely fictitious person with an online identity. It's worth reviewing ways in which Facebook and Twitter can be used by catfish, and also worth reviewing 2009's Robin Sage episode, the biggest catfish of them all.
Researchers find common bugs in SCADA and medical systems.
Industry news includes several executive moves. BlackBerry 10 gets positive advance word-of-mouth. IT staffs worry about "rogue clouds," clouds managers sign up for on their own hook. An Ubuntu Linux version designed for smart phones may challenge iOS and Android.