Investigation into what many consider a Russian campaign against Western (especially US) utilities continues. Reports suggest that the US Department of Homeland Security is quietly consulting with the energy sector concerning the campaign — whatever else may be happening, US-CERT did issue clear and direct warnings concerning BlackEnergy malware. Some observers see (slightly implausibly) wheels within wheels and speculate that the recent compromise of White House networks may have been misdirection for the energy sector campaign. Others content themselves with noting, again, how difficult attribution of cyber attacks can be.
The Dyre/Dyreza banking Trojan's successes are giving it a strong tailwind in the criminal economy. Swiss bank accounts are being targeted, and reports from Pittsburgh suggest that US infestations are cropping up in Western Pennsylvania.
Fortinet reports a new version — stealthier and more resistant to analysis — of the Backoff point-of-sale malware (its internal name is "ROM;" no researcher-assigned label yet).
Krebs warns that rewards programs are increasingly under attack, and illustrates the trend with an account of fraud against Hilton Honors loyalty accounts.
A researcher with Truesec claims he's discovered a serious privilege-escalation vulnerability in OS X Yosemite.
Sony PlayStation user data may be at risk of compromise through an SQL injection flaw.
Dr. Web says it's found an Android dialer that's both insidious and resistant to removal.
Researchers at Ben Gurion University demonstrate "AirHopper," an exploit that compromises air-gapped systems.
Retrospectives look at Stuxnet and the vulnerabilities that lent themselves to its dissemination.
Swatting is back, apparently for the lulz.