Bit9, a security firm specializing in whitelisting and other forms of trust-based security, has been hacked. Attackers used Bit9's trusted digital certificates to preauthorize malware for uploading onto customer networks. Bit9 has acknowledged the breach and is working to repair the damage.
Open-source toolkit cURL suffers an authentication bug. Google Play hosts some malicious Android apps masquerading as cleaning utilities. Twitter suffers a typo-squatting phishing campaign.
Four dissident or journalistic groups are hacked or otherwise restricted in Russia, Burma, Bulgaria, and Iran.
AVG notices an odd trend: more tweens are writing malware, mostly to access or succeed in online games.
Google Chrome now aggressively flags sites when it suspects malware infection. VMWare patches a privilege-escalation vulnerability. Windows and iOS users are strongly urged to patch Flash.
The US Secret Service investigates last week's doxing of former US president G.H.W. Bush and journalism critics note that apparently the rules have changed: illegally obtained private correspondence is evidently fair game for publication.
The US National Intelligence Estimate identifies China as a major cyber threat, highlighting its direct threat to US businesses.
Two product notes are particularly interesting, involving as they do fear-uncertainty-and-dread: the Shodan search engine (which specializes in finding Internet-connected devices), and Raytheon's social media monitoring tool (spookily "predictive," say British journalists).
Wired makes an obvious but worth-pondering point about big data: the more data, the more false data.
The Department of Homeland Security decides that "suspicionless" seizure of electronic devices "along" the US borders raises no difficult civil liberties issues.