PNC warns customers of a possible cyber attack; observers generally attribute the attack to the Izz ad-Din al-Qassam Cyber Fighters.
Nullcrew hacktivists, quiet for some time, resurface with an intrusion into a US Department of Homeland Security website. The minor exploit (Sophos calls it an "intrusionette") marks Nullcrew's return. We've not followed the sad turns in John McAfee's life, but his latest deserves mention: elaborate (and far-fetched) claims of a malware campaign against Belize's government.
A Turkish government agency trying to spy on its employees caused last week's TURKTRUST certificate problems. Symantec's PGP Whole Disk Encryption has another zero-day vulnerability, the second in as many weeks.
Internet Explorer vulnerabilities linked to China's Elderwood gang won't be patched tomorrow, even though Microsoft's proffered interim workaround was defeated Friday. An interesting development in the crimeware economy: Blackhole's author is buying malware, apparently to package it into more powerful exploit kits.
Microsoft will issue seven patches tomorrow, two of which are rated critical. Samsung is pushing a fix for the Exynos vulnerability to its Galaxy phones. Adobe warns of ColdFusion vulnerabilities; it plans to issue patches on January 15.
The World Bank plans to open a cyber security center in the Republic of Korea. Congratulations to our colleagues at Northrop Grumman, who've won the US Digital Forensic Challenge. Google's visit to North Korea bears watching amid other signs that the world's most closed society may be opening (slightly and slowly). The US Defense bill signed last week aims to boost small business contracting.