HackRead reports that a number of apps devoted to Biblical or Quranic study or devotion are infested with malware. Their story suggests the perpetrators are probably criminals engaged in a post-modern version of affinity scamming.
CloudSek finds an interesting wrinkle in the criminal markets. An "unnamed South Asian company" seems to be not only selling legitimate security products and services (employee monitoring software among them), but malware with data exfiltration capabilities as well. CloudSek calls the outfit in its malicious aspect "Santa APT," since much of its crimeware is Christmas-themed.
Last Christmas, you may recall, LizardSquad skidded into the holiday by DDoSing Xbox Live and Playstation Network. This week PhantomSqaud [sic] makes the naughty list with a similar threat. For the children's sake, let Microsoft and Sony look to their networks.
Damballa and Proofpoint offer accounts of, respectively, Pony and Angler. Damballa outlines in considerable detail Pony's evolution, and Proofpoint explains how domain shadowing is being used to facilitate the Angler exploit kit's dissemination.
Linux administrators take note: researchers at Universitat Politècnica de València have demonstrated a technique that bypasses password protection on the Grub2 bootloader. The method (which involves backspacing 28 times) seems depressingly simple.
The National Science Foundation has released a "roadmap" for experimental cyber security research.
Reaction to pending US cyber legislation continues to pour in. Opinions are divided between those who applaud it for promoting information sharing, and those who warn of incipient threats to privacy.
Governments from Brazil to China move to restrict social media.