German media report allegations that the country's Bundesnachrichtendienst (BND) collected information on European firms (to determine whether they were violating sanctions), the French government, and the European Commission. The collection was allegedly done in partnership with the US NSA. The Bundestag is investigating; the BND denies misleading the government about its activities.
CareerBuilder appears to have been used as a phishing platform. Employers rather than job-seekers seem to have been the target, with rootkits hidden within résumés.
High-Tech Bridge claims to have found a cross-site-scripting vulnerability in a widely used WordPress e-commerce plug-in.
Researchers find malware authors evading signature-based detection (popular in the cloud) by promulgating versions of malicious code with minor variations.
Several banks are reported still vulnerable to the long disclosed and widely discussed POODLE bug.
Human suffering — in this case that caused by earthquakes in Nepal — draws exploitation by the usual creeps, now phishing with bogus appeals for quake relief donations. Donate with caution and help the victims without enriching the crooks.
Worries about aviation cyber security and safety continue. A study of drone vulnerability to hacking holds lessons for avionics generally (as well as for the Internet-of-things), and a glitch in American Airlines pilots' iPads delayed a number of flights on Tuesday. Airlines of course also remain targets of conventional cyber crime: Ryanair's bank accounts were recently raided of some $5 million.
Denial-of-service trends show the increasing importance of networked IoT devices.
FireEye gets US SAFETY Act certification, a first for cyber products.
Egypt increases censorship.