Symantec discovers a new wave of reconnaissance malware targeting the energy sector (specifically, oil, gas, and helium). Affected firms are mainly in the Middle East, but North American and European targets are also hit. The tool used in the Trojan-based campaign is called "Laziok," and the attackers' objectives appear to be data relevant to oil and gas extraction technologies and techniques. (Attribution will probably focus on countries currently experiencing difficulties with extraction.)
Volatile Cedar, whose discovery Check Point disclosed earlier this week, is also largely active in the Middle East. Most of its targets appear to be Lebanese (not, as earlier reported, Israeli, although Israel seems to be running a close second), which suggests to observers that one of the campaign's purposes is "intrastate espionage." Security organizations have been working to sinkhole the attack.
The GitHub denial-of-service campaign looks more like a Chinese government operation. (While such may not be true of this episode, DDoS attacks are increasingly used as misdirection for theft, espionage, or malware distribution.)
A phishing campaign spoofing Virgin Media and PayPal is underway, and may have already yielded pay card information used in retail fraud. (Retailers generally face a tough dilemma. On the one hand they have a positive obligation to fight fraud. On the other, they don't want to treat customers as potential criminals.)
US President Obama declares cyber attacks a "national emergency," and signs an Executive Order imposing sanctions on those (mostly states) found responsible.
Premera faces data-breach lawsuits. Feds subpoena Reddit's darkweb data.