As Ukraine girds for more Russian hacking, Wired offers a summary of everything known about that country's power grid disruption.
University College London researcher Steven Murdoch reports that the UK's implementation of the MIKEY-SAKKE (Multimedia Internet KEYing-Sakai-KasaharaKey Encryption) protocol would have service providers hold a master decryption key. HM Government doesn't call it "key escrow," but Murdoch thinks that's what it amounts to. The Home Office continues to disavow any intention of weakening encryption, instead representing the key escrow approach as serving both privacy and investigative needs (subject to warrants, appropriate oversight, etc.).
No major cyber policy moves in the US, but the Congressional Research Service has advised legislators to require more reporting on cyber security from executive agencies.
IBM's Force-X notes an evolution in the long-familiar Dridex banking Trojan: it's now using DNS cache poisoning to direct traffic to clones of some thirteen British banks' sites.
Perception Point describes a serious Linux kernel bug (appearing in version 3.8) that could allow remote unauthenticated users root access to affected devices. Patches are coming this week. Personal computers, servers, and Android devices are all at risk.
LastPass, Apple (iOS, OS X El Capitan, and Safari), Oracle, Yahoo Mail, and BIND issue significant patches.
The cyber security of acquisition targets bulks larger in M&A due diligence. Actuaries and accountants play a larger role in such scrutiny.
IronScales and ThreatQuotient announce new rounds of venture funding.
Reports surface of highly classified information found in former US Secretary of State Clinton's private email server.