The Sochi Olympics (opening on February 7) continue to attract the attention of hacktivists, cybercriminals, and the security organs that work against them. Private security firms are heavily involved in preparations.
The Target data breach, for all of the ingenuity and effectiveness with which it was executed, appears to have employed what Forbes calls "bargain-basement malware": the BlackPOS exploit kit, available on the black market for $1800. BlackPOS is generally thought to be of Russian origin, but given its widespread availability this provenance is of limited use in attribution. The mechanism of infection also remains unclear.
Target's payment processing contractors probably face fines.
Neiman Marcus, the other known victim, is now the subject of a class-action lawsuit. Banks are seeing patterns of fraudulent card use that strongly suggest other compromised retailers.
Cisco patches three vulnerabilities in its Secure Access Control System.
Security worries slow enterprise cloud migration, but malware distributors show little compunction, increasingly hosting their wares in public clouds (especially Amazon and GoDaddy).
Recent data breaches have spurred business purchases of cyber insurance. Analysts differ over the effect of a recent US net neutrality court decision. Google buys security start-up Impermium. Google's recent purchase of Nest may be more about the consumer data Nest collects than about home automation. Privacy concerns have helped search engine DuckDuckGo gain users.
NIST will release its cyber security framework in the US next month; close scrutiny is expected.
Few observers expect US President Obama to announce significant surveillance policy changes in tomorrow's speech.