Bitdefender finds a version of the MiniDuke espionage malware that began operating in June 2011. (Bitdefender regards this version's use of a US Navy embedded clock as mere misdirection—the company suggests a Chinese origin for the malware.)
Oracle has issued an emergency Java fix, and Apple follows by addressing its own products' vulnerability to Java problems. The exploit FireEye detected last week installed a remote access Trojan—"McRAT"—and Symantec thinks the campaign was linked to the breach of Bit9 (the malware was signed with stolen Bit9 certificates) and waterholing attacks staged through a Hong Kong Amnesty International site.
Trend Micro finds the Blackhole exploit kit updated to attack recently patched Java vulnerabilities. Sophos has discovered iFrame injections redirecting legitimate site visitors to Blackhole.
Norway joins the growing list of governments alleging Chinese cyber espionage, and the reported targets form a familiar list: defense, R&D, and energy.
Prices are falling sharply in the cyber black market: malware-as-a-service is quickly commodifying the bad actors' wares.
Alarmists see the Evernote breach as good reason to avoid the cloud altogether, but InformationWeek sensibly argues the alarmists have this one wrong. Evernote does, however, show the value of two-factor authentication, reduction of attack surface, and, above all, quick incident response.
The US Government grapples with budget sequestration, but curiously hasn't stopped hiring yet.
Online higher education expands in the UK. In the US, those interested in this phenomenon might look at how Stanford University (no one's idea of a down-market institution) approaches it.