Notes on Chinese intelligence surveillance of US "senior trade and security officials'" personal email accounts. The campaign is being called "Dancing Panda," and has been in progress since 2010 (and known to US security agencies for some time).
Android security sustains another unpleasant wave of vulnerability discoveries, beyond Stagefright. IBM describes a serialization vulnerability that gives unprivileged applications "super" privileges, and also exposes several third-party software development kits designed to give attackers control over apps. G Data reports that Android malware instances observed in the wild have soared to record levels.
Researchers demonstrate a mobile point-of-sale exploit: Square is said to be vulnerable.
The Darkhotel cyber espionage group is said to have sharpened its game with the help of leaked Hacking Team exploits.
Seculert reports botnet-for-hire DGA.Changer, used mainly in clickfraud scams, has deployed a way of escaping sandboxes by, essentially, depositing a dummy version of itself, then quietly departing.
Recorded Future, while a conceptual fan of blacklisting malicious sites, looks at traditional blacklists and finds them wanting: hidden link analysis suggests that some 92% of suspect sites actually escape most blacklisting.
More automotive hacks are demonstrated, included a wireless hack of keyless entry and a way of tampering with a Corvette's brakes.
Scarcity of cyber talent remains the sector's principal concern: artificial intelligence offers at best a partial amelioration.
Symantec sells Veritas to Carlyle for $8 billion.
US Cyber Command prepares a $460 million IDIQ RFP.
MobileIron faces a shareholder class action suit alleging failure to disclose a breach.