Analysts continue to puzzle over the amount of Internet traffic recently routed, without apparent good reason, through odd nodes, mostly in Iceland and Belarus. The eccentric routing may have been part of a man-in-the-middle attack campaign.
The Internet Explorer reflective cross-site scripting filter in use since IE 8 could be exploited for malicious code execution. The issue is complicated, and arguably not a "vulnerability" in the narrow sense of the term since the bypass method is an accepted part of HTML standard. Microsoft doesn't plan a fix, and so researchers consider alternative mitigations.
A management application for compromised commercial Windows Web shells is out in the wild.
JPMorgan warns nearly 500M customers that hacked pre-paid cash cards have exposed personal information. The Royal Bank of Scotland puts recent outages down to "decades" of IT underinvestment.
Bogus MasterCard and Amazon communications spread malware. A large point-of-sale cybercrime campaign is stealing card data using Dexter and Project Hook malware.
A UK delivery business provides a cautionary tale of small-business vulnerability to cyber crime. (This tale has a happy ending.)
Huawei continues to cozy up to the British market. US tech firms grow increasingly vocal in their criticism of US electronic surveillance policy.
International scrutiny of that policy continues as allegations surface of Swedish surveillance of Russian targets on behalf of the US.
As cyber "weaponization" advances, governments are negotiating an update to the Wassenaar Agreement on arms export control that will extend to such dual-use areas as networking and deep-packet inspection technology.