Kaspersky reports detection of a cyber espionage campaign that's been quietly active for five years. "Rocra" (alternatively "Red October") infected systems in Eastern Europe and Central Asia, with a smaller number of attacks in Western Europe and North America. There's no attribution yet, but Rocra's Chinese and Russian malware and its diplomatic and research institute targets suggest state sponsorship.
Some security analysts see a distinction without a difference between state-sponsored and state-inspired attacks (a bit like thinking "officers" versus "agents" significant with respect to attribution). This of course refers to Izz ad-Din al-Qassam, whose denial-of-service attacks continue to dog US banks. The banks are asking US National Security Agency for help.
Oracle patched Java over the weekend as attacks targeting its vulnerabilities spread rapidly through exploit kits. (US-CERT was unusually quick and direct last week in its advice to disable Java immediately.) Firefox's Foxit PDF apparently has some security holes; a workaround is now available.
Sybase patched its Adaptive Server Enterprise product over the weekend. Microsoft announces it will issue an out-of-band patch for Internet Explorer later today.
Ireland is ambivalent about Huawei's new research center near Dublin: the jobs are welcome, the security reputation not so much. Malware's fast evolutionary cycles cause analysts to doubt the future value of signature-based defenses.
Australia, India, the Philippines, and Singapore tighten cyber crime prevention measures.
Reddit co-founder Aaron Schwartz's sad suicide Friday (he was facing US federal criminal charges for unauthorized downloading of JSTOR articles) has many calling him a free-speech martyr.