Another reminder to patch wisely and systematically: the IE flaw exposed in the Aurora attacks is still being actively exploited in the wild.
Shortly after the US Government shutdown in October, the Federal Election Commission allegedly sustained an aggressive and successful cyber attack.
Updates appear on FireEye's discovery of MisoSMS, the cybercrime SMS mobile botnet. CERT Poland finds a botnet targeting Windows and Linux devices.
Seculert describes the PHP.net attacks' malware. It employed DGA Changer, which has the ability to change the domain generation algorithm (DGA) on the fly. The fact that DGA Changer infections seem not to have downloaded, well, anything, suggests we may be seeing the preparatory stages of an extensive and sophisticated cyber campaign.
The cyber black market shows signs of oversupply-driven price-suppression.
Hacktivists have been snapping at national oil producers in Angola, Kenya, and Mexico.
Security analysts call hogwash on 60 Minutes' story about Chinese capability to "take down" the US economy. On the other hand, Reuters offers a good rundown of Chinese espionage against the US defense industry.
For discussion: should the cyber industry compete with the criminal market for malware, or would that simply drive a bandit economy? And should bug bounties become mandatory?
In industry news, Blue Coat buys Norman Shark, and Datacard Group will acquire Entrust.
US tech executives are meeting with President Obama to seek restraint on NSA surveillance. It's increasingly clear that litigation will decisively shape surveillance policy.