Fortinet warns of an Android banking Trojan. It's mostly affecting German users' devices.
Facebook Messenger is being used as a vector for ransomware. Criminals are distributing Locky in malicious images shared over the service. The Nemucod downloader is bypassing Facebook's whitelisting protections by arriving in the form of an SVG file, so treat images you receive with circumspection.
GeekedIn, a tech job recruiting site, scraped (not clearly legitimately) 8 million GitHub profiles, but then left them exposed in an unsecured database. GeekedIn regrets the misstep, and says it's correcting it. Those with GitHub profiles should take steps to secure themselves.
Investigators continue to look into the upgrade fraud at Three. Some observers think on-boarding and off-boarding practices may have contributed to compromising the credentials used in the scam.
In industry news, Symantec indeed is ready to acquire LifeLock for $2.3 billion, and Optiv is filing for an IPO.
The holiday shopping season begins more-or-less officially this Friday, and there's much advice out on how to buy safely online. RiskIQ this morning released a white paper on the topic. They draw particular attention to the risks apps pose during the season (and suggest specific points of skepticism), and they emphasize the importance of knowing you're on the site where you intend to shop, not on a spoofed page.
In US news, President Obama says he "can't" (meaning "won't") pardon Snowden. Rumors in Washington suggest DNI Clapper and Secretary of Defense Carter want NSA Director Rogers removed; Congress disagrees, and threatens hearings.