Arbor Networks reports that denial-of-service attacks have risen in France, post-Charlie Hebdo. Pro-ISIS hackers haven't confined themselves to French targets, however, but continue their curious affinity for cybervandalism of US local governments.
China denounces GreatFire's allegations of responsibility for recent disruption of Microsoft Outlook as "slander." But fresh restriction of VPNs is China's avowed policy: "upgraded cyberspace sovereignty."
CryptoLocker's new variant finds its way into the United Arab Emirates.
Flash zero-days are actively exploited in the wild. Adobe issues one emergency patch, but holes remain, and a second patch is planned next week. Meanwhile, beware Flash exploitation.
Google's ProjectZero continues to crowd vendors — last week Microsoft, now Apple, as three OSX zero-days are disclosed. Faster patching seems in order: ninety days, Ars Technica observes, is an eternity in cyberspace.
Repurposed attack code and unpatched zero-days remain important reasons why attackers remain inside defenders' decision cycles, but the expense of maintaining human watchstanders (three FTEs per big enterprise, says a FireEye-commissioned study) on networks is another.
Such stories make symposiasts' flesh creep at Davos. IDF unit 8200 alumnus Nadav Zafrir warns them that "breakers are ahead of makers," and governments aren't exactly poised to ride to companies' rescue. He also urges executives to learn (from ISIS) the value of OSINT and loosely coupled networks. (US NGA Director Cardillo makes similar points at INSA, in a more positive way.)
IoT security remains a concern, both long-term and near-term (see stories of gas pump vulnerabilities).
Several court cases of cyber interest play out.