Inquiries into the denial-of-service campaign sustained by sites catering to Hong Kong's pro-democracy dissidents increasingly (and unsurprisingly) unearth what seems a Chinese government operation. FireEye finds binaries that indicate either government sponsorship or attackers' reliance on some "common quartermaster" that also supplies the security organs.
BlackEnergy continues to evolve into more sophisticated and dangerous forms. Kaspersky finds the crimeware kit has extended its reach not only into Windows and Linux systems, but into Cisco routers as well. Infections have turned up in at least twenty countries, and BlackEnergy's capabilities now include spying (of course) and also sabotage (rendering systems unbootable). Most observers still link the Sandworm use of BlackEnergy to the Russian government.
Pay card security issues lead vendors to look for replacements of traditional magnetic strip cards, but new approaches are themselves showing some holes. Newcastle University researchers report flaws in Visa's contactless payment system. Criminals can bypass the PIN required for large transactions by simply changing the currency unit and applying some plausible geolocation tradecraft (hacking where a foreign currency transaction seems legitimate, like an international airport terminal).
More details emerge on the OS X "Rootpipe" vulnerability.
Syracuse University researchers warn that some HTML5 mobile apps are susceptible to code injection attacks.
Symantec sees a rise in Poweliks fileless Trojan infections.
SINET announces the SINET 16: its selection of the top emerging cyber security companies.
A McAfee-sponsored study finds many admins disable next-generation-firewall features to improve sluggish network performance.
The black market increasingly turns to Bitcoin alternative Darkcoin.