Turla (a.k.a. Snake, a.k.a. Orobouros) seems to be slithering these days through the former Soviet republics and Warsaw Pact alumni of the Near Abroad. MIT Technology Review (reporting FireEye research) notes spikes in relevant malware command-and-control traffic immediately preceding Russia's incursion into Ukraine and Israel's operations against Hamas in Gaza. (While duly noting the (real but easily exaggerated) difficulty of distinguishing hacktivism from state-conducted cyber ops, one discerns a useful new entry into the catalogue of indications and warnings.) Belgium's Foreign Ministry says it's recovering nicely from its own earlier Snake infestation.
Bitdefender finds two new GameoverZeus variants active in the wild. The criminal botmasters, interestingly, appear to be upping their quality-control game.
The niche in the cybercriminal ecosystem formerly occupied by Blackhole is, Trustwave reports, being filled by the Magnitude exploit kit, which is largely devoted to spreading CrytoWall ransomware.
F-Secure finds that smartphone vendor Xiaomi's products have been quietly reporting user data back to its servers in China. Xiaomi apologizes and pushes an update to its customers.
US financial sector watchdogs and associations warn consumers against a too carefree adoption of virtual currencies.
Microsoft will patch two critical vulnerabilities later today, one affecting IE versions 6 to 11, the other in professional and business versions of Windows 7, 8, and 8.1.
Cyber value-at-risk remains difficult to estimate, as a study suggests executives routinely underestimate the costs data loss imposes on their companies.
NATO prepares for its September summit. Observers urge the alliance to clarify Article 5 for cyberspace.