Former US security officials (including Messrs. Panetta and Clarke) warn that the US risks Russian cyber retaliation for sanctions imposed during the Ukraine crisis. They point out the difficulties of detection and attribution (and the ease of plausible deniability).
Websense researchers believed they've isolated two VGX library components attackers are using to exploit the current Microsoft IE vulnerability. Microsoft has improved its mitigation suggestions and continues to work on a patch.
Observers wake up to industrial control system exposure to Heartbleed (but leading SCADA provider Siemens has been actively fixing its software for at least a week).
It's often noted that an efficient black market gives criminal hackers (and other attackers) what amounts to a sophisticated R&D base that enables their toolkits to evolve more rapidly than effective defenses can be put in place. Two examples surface today: the Samsapo Trojan is infesting Russian Android devices with a "worm-like" spread via SMS vectors, and the Sefnit/Mevade botnet is shifting from Tor to SSH. And some researchers think Microsoft Azure is going to become a major phishing platform.
Intelligent Content Protection concludes that 60% of pirate sites are serving malware or propagating scams.
Infosec 2014 symposiasts argue that threat intelligence is central to cyber defense. Sharing such intelligence may, in some form, become a matter of law should the US Congress pass some recognizable version of legislation proposed in the Senate.
Airbus announces a major SCADA security research program.
The FBI may enjoy law-enforcement exceptions to declared US vulnerability disclosure policy.