Social media posed enough operational security problems for Russian forces operating against Ukraine that the Russian Army cracked down on their soldiers' online presence. It's a general problem: a NATO red team reports that military personnel put enough personal information online to render them vulnerable to influence and social engineering. Troops also discuss matters better left undiscussed.
Deep Instinct reports observing new instances of Separ credential-stealing malware. A maliciously crafted Adobe file is the typical infection vector. Once installed in a victim system, Separ lives off the land by abusing legitimate files and tools. The attack is simple but effective; the malicious script is short and easily overlooked.
A Vkontakte hack suggests where the limits of responsible disclosure may lie, and as Naked Security suggests, the line should probably be drawn on this side of spamming thousands of people to make a point. App developer Bagosi found an issue with Vkontakte, then decided to turn it loose in what the developer claimed was a harmless caper when Bagosi judged that Vkontakte wasn't paying sufficient attention. ZDNet says Vkontakte was not amused.
NCSC's dance with Huawei continues. On the one hand the company presents a risk to UK networks, but on the other it believes the risk may be manageable, and in any case, as Bloomberg reports, NCSC hasn't reached a decision yet. Its full report on telecoms security is due out in March. In the meantime, City A.M. says, NCSC boss Martin tells British telcos to up their security game.