All quiet on the cyber front (apparently) between Russia and Ukraine as Vladimir Putin digests Crimea, but some useful overviews of recent activity and the provenance of Turla/Snake appear.
Linux server campaigns prove difficult to eradicate.
Mozilla patches Firefox vulnerabilities exposed in Pwn2Own. Java 8 is out.
The hacking of Flight 370 is a matter of speculative, a priori possibility without positive evidence, but a consideration of cyber risks facing commercial aviation remains instructive. Israeli Defense offers a rundown of coverage that includes comparison with 2008's Spanair flight 5022 crash, an accident in which malware was implicated.
Less speculative, however, are analyses that point to the glare-of-war in which too much information blinds watchstanders. Tripwire notes that, whatever happened aboard Flight 370, glare hindering responders and security officers is one feature the disappearance shares with the Target breach. Many companies offer palliatives for glare, but any comprehensive solution would seem to require machine-learning and automated reverse engineering. (Which would also help keep pace with swiftly evolving malware: ZBOT, for example, has just acquired aggressive clickbot functionality.)
Many call for more effective risk-based security approaches (on the sensible grounds that they who defend everything probably defend nothing). Such approaches require, as lawyers and insurers note, a rigorous way of determining value-at-risk.
NSA Director Alexander calls for more threat information sharing. It's a tough problem: privacy, anonymity (especially), and regulation are all in tension with collaborative security, even among Federal agencies.
Surveillance surprises Google; NSA counsel says companies knew all about it.