Privateers, useful idiots, or intelligence services — take your pick, but F-Secure and others are attributing the BlackEnergy attacks on Ukraine to a Russian operation.
Chinese security services, facing widespread discontent and civil disobedience (particularly in Hong Kong) is using iFrame-based redirection attacks to install remote-access Trojans into the networks of not-for-profits and NGOs active in or around China. (FireEye devotes its customary attention to Chinese cyber ops.) The government is also cracking down on social media in Hong Kong; activists there work to evade censorship and monitoring.
Over the weekend the SANS Internet Storm Center raised its "InfoCon" to "Yellow" in response to the proliferation of Shellshock-exploiting worms and botnets across the Internet. Vendors and hackers are currently engaged in a race to control the holes Shellshock opened, and observers expect this to continue for the foreseeable future. Much advice on mitigating Shellshock risk is on offer, starting with ways of determining how vulnerable your systems may be.
Apple security receives scrutiny, some but not all of it Shellshock-related. The brand is heavily phished, and its latest iOS anti-phone-tracking feature may not work quite as expected.
Trendy social medium Ello sustains a successful denial-of-service attack.
A third-party point-of-sale vendor may be implicated in the recent Jimmy John's breach. Observers advise the vendor's other customers to look to their security.
The US financial sector announces a new collaborative approach to developing threat intelligence product.
Law firms in the UK consider their cyber vulnerability, and also their more general "duty to inform."