Trend Micro warns of a new phishing campaign targeting online shoppers. (They're calling it "Operation Huyao," and trace it to actors in China, but without further attribution.) Unlike traditional phishing, Huyao doesn't depend upon creating a plausible simulacrum of a legitimate site. Instead of creating and posting a bogus copy of site, the campaign uses proxies as relays to legitimate sites, modifying pages only when (and as long as) information theft is required.
Other developments in the criminal cyber market include the effective recycling of well-known techniques and exploits (highlighting the importance of not forgetting old lessons learned the hard way), and the very rapid and inexpensive trade in attack code — the collision attack against the MD5 algorithm, for example, was on the market within ten hours of the relevant Windows update, and it cost just 65 cents. Other corners of the black market are making it easier for semi-skilled skids to deploy and profit from ransomware.
Apple continues to deal with customer dissatisfaction over their Macs' insouciant way of sending sensitive documents to iCloud without so much as a by-your-leave (other than whatever might be implied by a EULA).
The Hacking Team defends its lawful intercept products and its customers' need for them.
The US elections prompt many to worry about the security of electronic voting devices. This election's results were probably unaffected, but clearly this will be a research topic.
Calling for a modus vivendi, Microsoft's general counsel deplores the "privacy arms race" between governments and IT companies.