Cyber hotspots in the Russian near abroad and the Levant remain relatively quiet at week's end. In East Asia investigations into attacks on Vietnam's Ministry of Natural Resources and Environment and a denial-of-service campaign aimed at disrupting unofficial voting in Hong Kong: suspicions in both cases focus on the Chinese government.
IDG chalks up its ability to parry recent attacks by the Syrian Electronic Army to good security awareness. They expected an SEA attack (because of presentations they'd given that showed insufficient enthusiasm for Bashir Assad) and alerted users to the likelihood of phishing (this being the SEA's principal attack technique). A good case study in using actionable intelligence: how could the lessons be extended to other threats?
The proof-of-concept vulnerability Duo Security demonstrated in PayPal's Security Key mechanism doesn't (says PayPal) endanger customer accounts.
IBM researchers release details of an Android vulnerability — patched back in November, but still threatening users. If you're an Android user, look to your patches, especially if you're dependent on a carrier to push them to you.
Criminals or security services may be able to exploit the Pangu iOS jailbreaking tool.
Ransomware and scareware have proliferated this year. Krebs describes extortionists' increasingly brazen operations (almost as if they were legitimate businesses) and Kaspersky offers insights into the criminal economy that enables extortion to pay.
McAfee warns of "Advanced Evasion Techniques" (AET). Dell warns that Windows servers require continuous monitoring.
An APT campaign hit US airports last year. The oil and gas sector forms an ISAC.