Researchers independently find significant zero-days in Kaspersky and FireEye products. Kaspersky is working on a patch; FireEye has contacted the researchers for information that might help it determine whether remediation is necessary. The two incidents raise interesting issues concerning responsible disclosure and the payment of bug bounties. All the parties involved say they're in favor of responsible disclosure, but FireEye and those who discovered its systems' issues differ, apparently, over bounties. (Comments to the linked articles are worth more attention than usual.)
Damballa notes the reappearance of the TVSPY threat actors, whose stock in trade is exploitation of vulnerabilities in the Teamviewer remote administrator tool.
Mozilla finds that a bad actor compromised Bugzilla and may have lurked there since 2013 with the apparent aim of obtaining information on Firefox vulnerabilities.
Android and iOS vulnerabilities continue to receive researchers' attention.
The campaign to map infosec professional networks on LinkedIn again shows the risk sockpuppets and catphish pose (and how difficult it can be to recognize bogus personae). Meanwhile TrendLabs takes a look at Ashley Madison and asks a good question: how did their honeypots wind up with adulterous dating accounts? TrendLabs is pretty sure their honeypots wouldn't have signed up on their own…
Microsoft and BlackBerry make security acquisitions.
China and Russia maintain and tighten their policy of close Internet control, with Chinese attention going to VPN restriction, Russian to general surveillance (Snowden notices, disapproves of the latter).
The US (or at least its State Department) gropes toward a cyber "playbook."