Chinese intelligence services remain prime suspects in the Australian Parliament hack, the Australian Broadcasting Corporation says.
At Blue Hat last week Microsoft's Security Response Center said that risks from delaying one of its patches by even thirty days are now lower than the risk of being hit by a zero-day, ComputerWorld reports. Zero-days are also now much more likely to be used in highly targeted attacks than they are in mass public campaigns. These developments reflect a shift in attacker culture, approach, and capability. Microsoft also credits its own improved product security with responsibility for the change: it's harder to weaponize a patched bug now than it used to be. Still, patch. Redmond said, as ZDNet observes, that you'll still get hit if you disregard patching for too long. Eventually the skids will get around to you.
Russia will proceed with a test of the autarkic Internet its proposed Digital Economy National Program mandates. ZDNet calls it a plan to "disconnect from the Internet," which in a way it is, but it's also a measure designed to give the country's online infrastructure the resilience to cope with full-on cyber warfare. No date has been announced, but the test is expected to be complete before April.
Fortune and others report that US President Trump may sign an Executive Order banning Chinese equipment from US mobile networks as early as this week.
US Federal prosecutors are looking into allegations the National Enquirer attempted to blackmail Amazon founder Jeff Bezos, the AP reports.