Reports on Iranian hacktivist (probably government sockpuppet) attacks against scholars and members of the Iranian diaspora continue to emerge. The threat actors have a name: "Rocket Kitten."
G DATA researchers warn of threats to the Android supply chain: they're finding pre-installed malware in some devices produced in or transiting China. Another Android issue is reported by Beyond Security's CTO: encryption and lock mechanism vulnerabilities in AppLock, a popular Play Store download.
Quick Heal says it's found a malware sample that evades sandbox-based gateways.
Carnegie Mellon's Software Engineering Institute details "Filet-of-Firewall" vulnerabilities in home routers (UpnP is the service typically at risk).
Japanese banks suffer an infestation of a new Trojan, "Shifu," which blends the functionality of at least seven known, proven Trojans.
Sensecy describes ORX-Locker, a new Darknet ransomware-as-a-service platform.
Intel Security thinks fears of stealthy GPU-based malware are overblown (especially the stealth).
OS X may suffer a new keychain vulnerability, according to MyKi. If exploited, it could compromise stored credentials.
Google updates Chrome. Microsoft is reconsidering its plans to withhold Windows 10 patch details from enterprise users. Google, Mozilla, and Microsoft will stop supporting RC4 encryption in 2016.
McAfee Labs offers an interesting retrospective on predictions, reviewing what 2015 looked like from 2010. (The zero-day price list is worth a look.)
A survey suggests corporate boards don't really care as much about cyber security as one might think.
In the US, the NTIA works to build a community of trust for vulnerability disclosures. Lawyers work through FTC cyber authority.