The Red October espionage campaign has affected at least sixty countries, and its targets include governments, embassies, research institutions, "trade and commerce," energy (including both nuclear research laboratories and fossil fuel companies), military organizations, and aerospace companies. In operation for five years, Red October has stolen, Kaspersky estimates, terabytes of information.
Oracle patched Java over the weekend but vulnerabilities persist. The US Department of Homeland Security repeats its recommendation to disable Java. Microsoft's Internet Explorer patch seems to be faring better, but a few new telecommunications, manufacturing, and human rights sites were victimized before the patch could be applied.
Linksys routers are found vulnerable to remote root access. US banks continue to prepare defenses against denial-of-service attacks. Two US power companies find malware in their industrial control systems; in both cases the vector was a USB drive used for software updates.
AV Test reports the effectiveness of antivirus products is declining as this form of defense lags rapidly improving malware.
In industry news, Dell appears to be considering a leverage buyout to go private. Online universities continue to pressure the higher education business model.
Wired argues the FBI is too fixated on backdoors: it needs qualified "hackers" instead. Australia's security services get more legal authority for cyber monitoring. Slate, echoing vulnerability-hunter Netagard, calls for regulation of the vulnerability research market. Aaron Schwartz's death may take the open-access movement mainstream. (Charges against him are posthumously dropped.)
Cyber gumshoes were inevitable. Now they're here, and unlike Philip Marlowe, they do divorce work.