Sudan's Internet is back up. Hacktivists with Palestinian sympathies threaten to attack Israeli networks over the weekend, and an Iranian hacker for some reason defaces the website of New York University's Asian/Pacific/American Institute.
Icefog's "mercenaries" prompt concern about more smash-and-grab APTs.
As September's IE zero-day continues to be exploited, Kaspersky reports this obvious-but-important fact: vulnerabilities left unpatched will not be left unattacked.
Trojans remain more prevalent than other forms of malware.
Last month's big DDoS attack on China's DNS may have been the inadvertent work of a guy from Qingdao.
CAPTCHA-solving tools are noticed on the black market, and security researchers realize the commodity's been there for four years.
SSNDOB's infiltration of data brokers shakes knowledge-based authentication, which is quickly achieving a password-like obsolescence (as it retains a similar faute-de-mieux utility). This and other episodes also prompt a hard look at breach disclosure (Silent Circle, for one, claims most big organizations are seriously remiss here) and threat information sharing (most enterprises would like it, but few see any obvious way of doing it).
The US Senate questioned Intelligence Community leaders yesterday, and testimony by Messrs. Clapper, Alexander, and Cole is linked below. Legislation overhauling surveillance is under development, and however the final outcome for intelligence turns out, it's unlikely to restore the status quo ante.
Some Australian experts say hacking back is legal down under (but caveat lector, Oz.)