Researchers discuss the role Destover malware played in the Sony attack, noting that Destover shares some code with both Shamoon and Dark Seoul. The version used against Sony, Kaspersky reports, was compiled in July and signed on December 5. ESET notes the role certificates played in the attack, and Imperva describes Destover's potential backdoor functionality. Observers, hearing the FBI's sober assertion that the attack would have succeeded against a lot of US Federal organizations, reaffirm their resolve to respond to incidents with swift mitigation.
TIME claims Sony "didn't say anything" after an attack in 2013. Ars Technica reminds us that Iranian hackers used Visual Basic malware to wipe data at the Las Vegas Sands Corporation in retaliation for a casino bigwig's anti-Iranian statements.
Sudan may be seeing the early phases of a cyber-jihad.
Syrian hacktivists are reported to have hit another US bank's websites.
A number of old exploits resurface in new forms. They're frequently disseminated by phishing, which leads security experts to (again) urge enterprises to undertake user security awareness training.
Microsoft bangs into some problems with its December patches.
Google pulls engineers from Russia as Moscow tightens information controls. (Google's also feeling different pressures in the EU.)
We've recently seen litigation and regulatory trends shape emerging cyber security standards of care — insurance underwriters make their own contribution to this environment.
More M&A activity: Cisco will buy Neohapsis, and Vistronix finalizes acquisition of Objective Solutions Inc.
The US Department of Homeland Security issues small business cyber research pre-solicitations.