More than a year old, but still being exploited: Microsoft Word vulnerability CVE-2014-1761 is used against Taiwanese targets.
The dreary tale of South Asian cyber rioting resumes, as Pakistan's MadLeets hacks an Indian Ministry of Railroads server.
Fallout from email hacking complicates Colombian FARC peace talks (and Colombian elections).
Many Heartbleed fixes are found to be "not totally working." Hasty fixes have jumbled certificates and patches, compromised keys are being reused, and governmental "red tape" has impeded stanching. Still, says CSO, it could've been worse: Heartbleed has proven more headache than disaster.
Tomorrow's Patch Tuesday, barring unforeseen backsliding by Microsoft, will be the first to exclude Windows XP. This greatly increases the risk of attacks on XP users. The software's retired but remains widely used, and hackers will reverse-engineer vulnerabilities addressed tomorrow, hoping to uncover similar unpatched holes in XP.
The market for cyber liability insurance continues to grow, driven to a great extent by fears of reputational damage. Insurers and their clients look for reliable ways of assessing and mitigating risk.
In industry news, GE buys Wurldtech in a SCADA play. Investment analysts take another look at FireEye's acquisition of nPulse and see a disciplined approach to closing corporate capability gaps.
In the US, the House Intelligence and Judiciary Committees have both approved pending legislation governing bulk data collection. Observers from Hayden to Greenwald weigh in.
The US Justice Department urges more cyber threat information sharing.
A UK court finds cyber export control issues in HM Revenue and Customs.