Hacktivists hit Saudi government websites with familiar more-in-sorrow-doing-this-to-inspire-better-security vandalism.
Software vendors continue to mop up last week's various disclosed vulnerabilities: OS X zero-days, imperfectly patched Android bugs, Dropbox issues, and firmware/bloatware problems.
Onapsis reports vulnerabilities in SAP Mobile.
The gang thought responsible for the recent Yahoo! malvertising campaign resumes activities and targets AdSpirit, thereby infecting many much-visited sites (among them Drudge, Weather Underground, and NetZero). Claims that "another billion+ users" are being targeted are breathlessly made, but the malvertising is undeniably a nuisance.
Also a nuisance is evolved distributed denial-of-service technique. BitTorrent seems to empower lone-wolf DDoS perpetrators, and a decline in search-engine impersonation is apparently not the feel-good story one might think. Krebs has an interesting piece on active interference with the DDoS criminal market.
The value of stolen Uber credentials continues to fall on the criminal market: they're now said to be worth forty cents a pop. Fortune looks at how cyber criminals are paid (Fortune leads with the insight that hackers don't receive Forms 1099, which suggests the contrarian conclusion that Fortune sees commonalities between criminal and capital gains) and sums the problem up as essentially one of fencing stolen goods. That problem lends itself to a wide variety of solutions highly dependent on local conditions.
Businesses increasingly add cyber experts to their boards. In the US, NSA serves as a cyber business incubator.
"Disgruntled" former employees say Kaspersky duped rivals into higher false-positive rates. Kaspersky dismisses the accusations as misrepresentation of an innocent, fully disclosed, experiment.