Java's recent patches have been breached: new security settings are readily bypassed. Oracle resolves to "fix Java," but observers doubt this remains possible.
Distributed denial-of-service attacks continue, and their victims find traditional criminals behind them about as often as hacktivists.
Sophos finds a variant of the Citadel kit infecting point-of-sale devices and banks. Symantec identifies a new Trojan—"Spachanel"—that exploits the Sender Policy Framework (SPF) to cloak communication with command-and-control servers.
Networked devices are again found open to exploitation: printers and security cameras (and by extension other networked cameras) offer ways into enterprise infrastructure. Exploited cameras also enable serious privacy breaches.
Apple updates iOS, addressing twenty-seven vulnerabilities and the TURKTRUST revocation. WordPress 3.5.1 closes thirty-seven bugs in previous versions of the product.
Mid-sized businesses are said to fall into a "security no-man's land," big enough to attract attacks but too small to afford effective security. Lost paper and portable storage devices account for most data breaches. CIO's breathless "All-Out Cyber War" headline opens a useful summary of cyber conflict between the US and Iran. (In a related story, the FBI has reopened its investigation into Stuxnet leakers.)
The US Department of Defense intends, budget and labor market permitting, a great expansion of its cyber forces. VMWare reorganizes to shed 900 jobs. AV-Test releases test results for nine security products.
China makes a rare acknowledgement of the People's Liberation Army's cyber capabilities. Tim Berners-Lee thinks government monitoring of citizens' online activities will backfire by creating a large, soft, espionage target.