Anonymous claims successful hacks of Chinese government Websites (defacements and data leaks) in solidarity with Hong Kong pro-democracy activists. Reports that Hong Kong authorities have arrested suspected members of Anonymous suggest the claims may be more than the collective's usual gasconade.
Sandworm, the Russian group that long exploited now-patched Windows vulnerability CVE-2014-4114, will continue to prey upon unpatched systems, then turn to fresh exploits. Attribution remains provisional, but few doubt that Sandworm's working for Russian security services.
A team of cyber security companies takes action against exploit kits used by the Hidden Lynx group (run by Chinese security organs). Symantec, one of the teammates, calls the action "creation of comprehensive, multi-vendor protection." See also Cisco's profile of "Group 72 for more insights into Chinese threat actors. CrowdStrike notes that another group, Hurricane Panda, has just had its favorite vulnerability (Windows CVE-2014-4113) patched.
The SSLv3 bug, long rumored and much tweeted over, is finally disclosed. The Google researchers who discovered it have given it the tortured acronym "POODLE" (Padding Oracle on Downgraded Legacy Encryption). Opinions about POODLE's severity differ sharply, but the SANS Internet Storm Center's advice is direct: "Disable SSLv3."
Dropbox continues to reassure users that it wasn't hacked, that the reported breach isn't real, and owes its appearance to third-party problems and poor password hygiene (basically, password reuse).
JPMorgan tells investors it sees no elevated fraud levels post hacking incident, which leaves the continuing puzzle: what were the attackers after?
Much industry talk of threat intelligence and its uses.