In the UK, post mortems of the ISIS hack of certain Cabinet emails continue, with the emerging consensus being that the incident was "avoidable."
Russian authorities report, without attribution or further characterization, that the President's website came under a "massive cyber attack" on election day, which Russian defenses successfully parried.
FireEye discloses (evidently with Cisco's approval) that a novel attack, "SYNful Knock," has succeeded in taking control of Cisco-manufactured routers in at least four countries — India, Mexico, the Philippines, and Ukraine. Cisco informed customers of the attack in August and provided mitigation for the malicious implants.
Bitdefender reports that about a third of business and government enterprises in Hungary, Romania, and Ukraine are still running the outdated and notoriously vulnerable Windows XP.
Neustar again warns that denial-of-service campaigns are increasingly likely to serve as misdirection for more serious, sophisticated attacks.
Tor is getting its own top-level domain: [dot]onion.
More evidence appears that insurance markets are increasingly looked to — by both boards and regulators — as the coming source of cyber standards of care.
In industry news, Cisco, Symantec, and GE adjust their cyber market positions. Onapsis and IronNet each attract significant new venture capital. Flexera acquires Secunia. AVG issues a one-page privacy policy, and challenges its peers to be similarly terse.
US President Obama has apparently decided against sanctioning China for cyber espionage. Observers perceive an uncertainty in the Administration over how to deal with this complex issue.
US companies read OMB's proposed cyber guidance; they don't like what they see.