Security-camera-driven DDoS attacks have intermittently hit major Russian banks since November 8. The attacks appear criminal as opposed to state-sponsored; the botnet was assembled from devices in at least thirty countries, mostly the US, India, and Israel.
Security analysts continue to mull Fancy Bear's post-election, post-Microsoft-patch phishing romp through US think tanks and other policy wonk targets. Some see it as a victory lap, but most see opportunistic targeting of weaknesses before they're closed. ESET has a study of Fancy Bear's operations—ESET calls them Sednit, one of the at least seven names this (GRU) threat actor has acquired.
Researchers describe BlackNurse, a low-and-slow yet effective DDoS technique that exploits firewall vulnerabilities.
Many worries emerge over mobile devices and applications—WiFi hijacking, WiFi password discovery, OAuth 2.0 exploitation, Svpeng Android vulnerabilities, and QRLjacking.
The number of customers affected by the Tesco Bank fraud has been revised downward from 20,000 to 9,000, but the incident continues to trouble bankers in the UK, Ireland and (to a lesser but still significant extent) elsewhere. Investigation suggests weak security controls were at the heart of the problem.
Not that you'd be directly affected, but there are credible reports of a breach at adult friend site
In the US, NIST releases maritime and small-business addenda to its cybersecurity framework.
Kaspersky files antitrust claims against Microsoft in a Moscow court, alleging anti-competitive biases in Windows 10's security bundle. (Did Senator Sherman have a seat in the Duma?)
LabMD scores an appellate court win versus the FTC.