Sony's CEO speaks publicly about the hack his Hollywood unit sustained. (Risk Based Security is keeping a running timeline of the entire episode.) Some observers see the US response, which appears to target North Korea's arms trade as opposed to its cyber activities (well, fair enough — sanctions needn't be directly tailored to a specific capability), as showing limitations of current cyber doctrine.
Morgan Stanley fires an employee who improperly accessed and posted information on some 900 of the firm's wealth management clients.
Reports indicate a group of hackers ("H4LT") have accessed Xbox One's software development kit.
Indonesian hackers of "Gantengers Crew" deface more EC-Council sites — they appear interested merely in counting coup against security advocates.
Google's decision to release information on an unpatched zero-day vulnerability in Microsoft Windows 8.1 receives decidedly mixed reviews.
Carnegie Mellon's CERT/CC warns of vulnerabilities in the UEFI systems and BIOS of some Intel chipsets.
Personalized card company Moonpig pulls its API after reports that vulnerabilities therein left customers exposed for seventeen months.
iCloud's vulnerability to brute-forcing is patched.
Trend watchers predict a surge in cyber-reconnaissance during 2015. Others note the reuse of familiar exploits and attack tactics, and remind all that recognizing a risk doesn't mean you've dealt with it.
Cyber labor shortages are seen driving a "spooks-as-a-service" market.
An alumnus of Russian information operations describes those operations from the inside. (Cyber conflict is both intensional and extensional.) Intel shutters its Russian developers forum.
Lawyers wonder: are the Feds really serious about prosecuting "hacking back?"