FireEye (in a coyly indirect and slantindicular fashion, leaving its audience to connect the dots) attributes exploitation of the recently reported Adobe zero day to Chinese espionage organizations. They're calling the campaign "Operation GreedyWonk," and its targets have so far been foreign policy institutes and think tanks. The New York Post grumps that this is all Edward Snowden's fault: he's sapped "the political will" necessary to effective cyber defense. This surely goes too far: aren't Western intelligence services made of sterner stuff?
Facebook's acquisition of WhatsApp last week for a reported $19B ("jaw-dropping," as headline writers call the price tag) brings with it some security scrutiny: apparently the highly valued platform contains some serious SSL weaknesses. A German privacy commissioner has gone so far as to advise users to avoid WhatsApp entirely.
Leaked source code for the Android iBanking bot has appeared on the black market. RSA researchers warn publication foreshadows more attacks using the mobile malware.
Late last week domain registrar and web-hosting service Namecheap sustained a distributed denial-of-service attack. Namecheap says it was able to mitigate the effects in about three hours, but they also say the DDoS attack was of a "new type"—what type remains unclear.
Apple patches an iOS flaw that rendered devices vulnerable to man-in-the-middle attacks. The problem seems to extend also to MacOS; users should browse with caution.
Lookingglass releases a study highlighting third-party risk. (Security approaches that minimize third-party involvement will be interesting.)
Google buys anti-fraud startup Spider.io. Akamai closes on Prolexic.