Recorded Future thinks it discerns synchronization of Russian offensive cyber operations with Ukraine's debt service schedule, which would augment pressure exerted through Ukrainian natural gas imports. The 2008 Georgian incursion, combining as it did both cyber and "kinetic" operations, continues to serve as a template for analysts watching Russian involvement in the increasingly lethal Ukrainian crisis. (And Latvian officials seem to fear their country is next—watch for cyber rioting as battlespace preparation.)
The VRT Blog's Snorters offer a useful overview of CVE 2014-1776 Internet Explorer exploits.
OAuth and OpenID, shown susceptible to redirection late last week, should be approached with caution, particularly in social media. Observers dispute whether "Covert Redirect" actually counts as a vulnerability—many analysts are calling it a "weakness"—and it seems clear that it's not in the same class as Heartbleed. (The discovery of Covert Redirect also occasions some useful discussion of where responsibility for security properly lies.)
Accelerometers are found easily susceptible to device fingerprinting, which reveals the possibility of a new covert tracking modality.
An overview of the "darknet" offers a glimpse into the black market's R&D infrastructure.
OpenDNS Security Labs thinks generic Top-Level Domains are inherently vulnerable to exploitation, largely because of their relative novelty.
Fresh reports of maritime vulnerability to cyber attack appear.
A CSO piece announces a deathwatch for encryption. It's overstated, but the "algorithm arms race" discussion is interesting.
Target's CEO falls to Target's data breach. Symantec announces a shift away from antivirus to attack mitigation solutions. Huawei wants to be "European."