The "Guardians of Peace" (whoever they are — investigators are getting close to attribution, but investigators aren't talking) invoke 9/11 and threaten Sony with physical attacks on theaters. The US Departments of State and Homeland Security say the threats aren't credible, but Sony cancels the New York premiere of "The Interview" anyway. (Graham Cluley notes that this is a pretty big result for an anonymous post on Pastebin to achieve.) Speculation about Chinese involvement in the attack seems based on thin and circumstantial evidence (and absence of any obvious motive, either political or criminal). Sony now faces two lawsuits: one alleging failure to safeguard employee data, the other alleging negligent disregard that "The Interview" would foreseeably place employee safety at risk.
ESET dissects TorrentLocker ransomware. Two Cisco security products are reported susceptible to POODLE attacks. Security Explorations says it's found vulnerabilities within Google's App Engine.
A Linux vulnerability, which Alert Logic seasonably names "Grinch," potentially provides attackers with root access to Linux systems. While there are no reports of exploitation in the wild, the vulnerability could affect the full range of Linux systems, including those running in the cloud.
Trend Micro assesses the Automatic Identification System (AIS), which since 2002 has provided vessel tracking and identification for the maritime domain. It's found some issues.
Dark Reading and InfoWorld look at the criminal cyber market, respectively describing the most lucrative exploit kits and the difficulties of monetizing stolen data.
Microsoft's fight to keep Feds out of overseas servers has significant privacy implications.