US officials report that Chinese cyber espionage operators have shifted their targets toward smaller, less prominent US agencies, like the Government Printing Office.
Aorato reports a flaw in Microsoft's widely used Active Directory. Microsoft says it's old news, and other observers think the vulnerability easily mitigated.
Not that you would do this, but Graham Cluley advises against spending time on naughty Japanese sites before banking online: NSFW sites in that country are distributing banking malware.
Gameover Zeus isn't quite back yet, but it can be expected to return once criminals reestablish the infrastructure to spread and control the malware.
Industrial espionage isn't confined to intelligence agencies. One group of cybermercenaries, PittyTiger (specializing in remote-access Trojans), hires itself out to ethically challenged companies interested in illicitly damaging their competitors.
Flash, Java, and LibreSSL are patched. Observers regard the Java patches as particularly important.
Government and private studies independently point out the vulnerability of the electrical power grid (the US grid, but the lessons are broadly applicable). The coming smart meters and grid are also expected to increase the system's attack surface before they increase its security.
Corporate general counsels place cyber risks among their top worries. The insurance industry continues to mature its assessment of cyber risk and its approach to covering it.
India begins a cyber security audit of its IT infrastructure. Russian intelligence services appear ready to swagger back into their long-shuttered Cuban SIGINT base. GCHQ's information operations attract more attention than the UK electronic intelligence agency would wish.