Radio Free Europe and Radio Liberty again come under cyber attack — no attribution reported.
Kaspersky researchers puzzle over a 64-bit version of the Zeus banking Trojan they've found in the wild. It behaves about the way its 32-bit counterparts do, so either someone's selling sizzle on the black market (the 64-bit "wow factor") or they're positioning Zeus early for attacks on future systems.
Lookout finds a new version of MouaBad Android malware that makes phone calls without user intervention. Bitdefender reports an unrelated Android vulnerability present in Widdit, an app development framework used to build in advertising capabilities. Widdit requests (and gets) many permissions on its initial download.
Holiday-themed criminal phishing campaigns are in full swing. State intelligence services phish too: details of the G20 campaign emerge that show China used saucy pictures of then French first lady Bruni as phishbait (also Syrian insurrection news, for reeling in stodgier or more conscientious diplomats). Infected foreign ministries might have mitigated the attacks through more effective network segmentation.
Those bogus certificates Google and others revoked earlier this week were tied to a French government man-in-the-middle campaign apparently designed to keep tabs on its own workers. They're not the only ones concerned about insider threats: employers now worry about "jammers" used to hide jailbroken devices.
Anonymization remains a hard problem: Disqus is found vulnerable to deanomymization.
Blue Cross laptop theft and other organizations' equipment disposal issues highlight the hardware side of cyber risk.
Cyber labor shortages drive talent development and engineering automation.