Reports indicate the FBI has warned US companies privately that a "highly skilled" Chinese hacking group is targeting them. (A coalition of security companies has been responding to this threat; they promise a full report by month's end.) China's People's Liberation Army officially replies (seeming to protest too much) with a more-than-tu-quoque — the US, it says, is the real cyber villain here.
The Chinese government continues to deploy RATs against Hong Kong pro-democracy groups. The Washington Times says a US interagency security group has said Huawei attempted to penetrate NSA systems by hacking an unnamed contractor's network (which Huawei of course denies, albeit in a subjunctive mood).
Poodle is now generally regarded as a pest that must be dealt with as opposed to a catastrophic threat. Most observers think Poodle augurs the end of SSLv3; browser vendors will hasten that end.
Some familiar threats remain with us. Shellshock's effects linger in affected systems, patched or not. CryptoWall 2.0 ransomware is spotted in Tor. Java Reflection API problems have resurfaced. Cyber criminals continue to pluck low-hanging fruit from Windows XP.
The cyber criminal black market remains lucrative, with Group 1-B saying Russian hackers raked in some $2.5B over the past twelve months. Sale of card data rather than direct fraud is where the money's made, and carding shops transpose legitimate business practices into the underworld.
Threat intelligence remains a hot commodity. The cyber insurance market also expands, but value-at-risk remains hard to quantify.
South Korea will overhaul its national ID system.