The Sony data loss has spread (reports say) to Deloitte, as a spreadsheet containing some of the accounting firm's sensitive salary information has been found among data dumped to the Internet. (The Deloitte spreadsheet has been traced to a Sony employee — there's no suggestion Deloitte itself was hacked.)
Attribution remains contentious. North Korea has finally said it had nothing to do with the attack. While such denial is in itself not particularly persuasive, some observers think the nature of the attack may argue that the "Guardians of Peace" may have been (or at least employed) one or more disgruntled insiders. More analysts, however, see enough similarities between this incident and 2012's Shamoon attack on Saudi Aramco or 2013's WhoIs hit on South Korean banks to perceive a common playbook (perhaps a common toolkit).
The air travel sector remains concerned about Operation Cleaver, as do media in the United Arab Emirates.
The Regin cyber espionage campaign returns to the headlines with concerns that it augurs a new phase of cyber threat, with exploits even more readily commodified and traded than they currently are.
Preloaded mobile malware was discovered earlier this week. Lookout has found one of them, the Trojan "DeathRing," out and active in the wild.
Reports claim that a T-Mobile update for Samsung Galaxy Note 4 contains malicious code.
Apple patches Safari; IBM fixes a vulnerability in Endpoint Manager for mobile devices. VMWare kills a cross-site-scripting bug. Microsoft plans seven fixes for Patch Tuesday. Adobe will update Reader and Acrobat.