Heartbleed patching continues as exploits circulate. The vulnerability raises questions about OpenSSL's long-term viability, even among some OpenSSL longtime creators and collaborators.
Users of Microsoft OneDrive for Business (née SkyDrive) may face a data integrity issue: OneDrive for Business appears to alter some files when it syncs.
A bogus Facebook app carries a malware payload that enables Android spying and financial account pilferage.
The Cydia Substrate (née MobileSubstrate) add-on "Unflod" continues to threaten jailbroken iOS devices. (Best defense? Don't jailbreak them in the first place.) Some analysts have tentatively attributed Unflod to Chinese operators, but this remains speculation.
The Snorters at VRT Blog publish an update on the Snake (a.k.a. Turla, a.k.a. Uroburos) rootkit.
More Internet-of-things concerns surface. Ars Technica reports that anesthesia devices can become cyber-virus ridden should smartphones be connected to their USB ports, then wonders, first, why anyone would connect a phone to a medical device (lazy charging?) and second, why anesthesia devices have USB ports in the first place (easier patching?). Bloomberg worries that widespread wireless connectivity has increased the ease with which criminals can extract money from ATM skimmers. And Wired says a couple of guys have built "Conversnitch," a device that impersonates a light bulb, but which actually eavesdrops and livetweets conversations in its vicinity.
In industry news, more talk of cyber insurance. QinetiQ continues to pursue focus through disassembly of North American operations.
Australia, India, and Brazil moot new cyber laws.
An FTC lawsuit is expected to clarify what counts as "reasonable protection."