Czech antivirus company Avast fingers Chinese security services in the recent series of waterholing attacks that exploited Java and Internet Explorer vulnerabilities. Their attribution is based mainly on the nature of the attacks' targets: most victims share an antipathy to the Chinese government. Defense IQ publishes an analysis (or "deconstruction") of last year's Shamoon attack on Aramco. The analyst claims that Saudi dissidents and not Iran were behind the campaign, but his argument seems speculative and circumstantial. (Note that both attributions rely more on inference of intent than on any technical features of the exploits.)
Barracuda products are found to contain a backdoor that opens users' networks to compromise. (Barracuda promptly issues firmware updates to remediate the vulnerability.)
In industry news, Belkin is acquiring Cisco's Home Networking Business Unit, Microsoft and Dell continue to talk about taking Dell private, and Lenovo considers making an offer for RIM. Concerns about SCADA vulnerabilities have security and industrial control firms looking for new ways to close them. One of the biggest players in the sector, Siemens, may begin offering bug bounties. Wired's piece on Twitter's plans to introduce six-second videos offers an interesting study in how constraint can foster creativity.
Australia's opposition decries what it sees as a lack of detail in the Prime Minister's Cyber Security Center plans. (In recent elections both major parties competed in their toughness on cyber security.) California releases its mobile app privacy guidelines.
US prosecutors advance their case against hackers allegedly behind the Gozi banking fraud malware.