The Microsoft Office zero-day, reported and hastily mitigated with workarounds this week, is exploited in the wild, both in Citadel campaigns and targeted attacks.
Google's webcrawler, innocent in itself, is linked to SQL injection attempts. Rapid7 reports seven Super Micro IPMI firmware zero-day vulnerabilities. Cyber criminals embed malware in RTF files distributed as attachments to emails with spoofed sender addresses.
In the US, a denial-of-service tool targeting Healthcare.gov is found. In the UK, National Health Service systems suffered significant outages from "misfiring" anti-virus software.
Forbes notes the a priori dangers involved in USB charging.
Cisco patches telepresence product vulnerabilities. Twitter closes account-hijacking holes.
The airline industry undertakes steps to secure itself from cyber attack as reservation and boarding systems, with related airport infrastructure, become popular targets.
Gulf States foresee surging attacks on oil and gas companies.
Two broad cyber trends may be summed up: (1) lack of anonymized reporting inhibits intelligence sharing, and (2) reverse-engineering depends on expensive labor; a strategic shift toward automation is needed.
In industry news, CyberPoint announces an agreement to acquire high-end engineering firm Bitmonix. Barracuda's shares surge in their IPO.
BeehiveID promises an end to sockpuppetry. Thales and IBM partner on BYOK (bring-your-own-key).
Estonia's experience in the first cyber war holds lessons for the future. MI-5, MI-6, and GCHQ chiefs answer Parliamentary questions on surveillance. Naming and shaming of Chinese cyber operators seems not to inhibit the PLA. Emerging consensus: NSA didn't evade oversight, but the nature and quality of that oversight may be problematic.