Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research.

Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran’s nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

To remain stealthy, the malware is organized into five stages, each of which is encrypted except for the first one. Executing the first stage triggers a domino chain in which the second stage is decrypted and executed, and that in turn decrypts the third stage, and so on. Analyzing and understanding the malware requires researchers to acquire all five stages. Regin contains dozens of payloads, including code for capturing screenshots, seizing control of an infected computer’s mouse, stealing passwords, monitoring network traffic, and recovering deleted files. Other modules appear to be tailored to specific targets. One such payload included code for monitoring the traffic of a Microsoft IIS server. Another sniffed the traffic of mobile telephone base station controllers.

Days after a BuzzFeed journalist revealed that an Uber executive floated the idea of using its “God mode” ability to snoop on journalists who write about the ridesharing service, rival firm Lyft has changed its policy to prevent most employees from doing something similar.

Erin Simpson, a Lyft spokeswoman, told Ars in a statement by e-mail that the company’s “longstanding policy prohibits employees or contractors from accessing any user personal information except to the extent such use is necessary to do their job.”

As of Thursday, the company has “proactively made additional updates to further safeguard our community members’ privacy, including the development of tiered access controls that further limit access to user data to a smaller subset of employees and contractors. Ride location data is restricted to an even smaller subset of people.”

“The European parliament is poised to call for a break-up of Google” in a vote next week, the Financial Times reported today. The resolution would be nonbinding, because any final action would have to be taken by the European Commission, the executive branch of the European Union.

“A draft motion seen by the Financial Times says that ‘unbundling [of] search engines from other commercial services’ should be considered as a potential solution to Google’s dominance,” the paper wrote. “It has the backing of the parliament’s two main political blocs, the European People’s Party and the Socialists.”

While the parliament itself “has no formal power to split up companies,” it does have “increasing influence on the [European] Commission, which initiates all EU legislation,” the report said. “The commission has been investigating concerns over Google’s dominance of online search for five years, with critics arguing that the company’s rankings favor its own services, hitting its rivals’ profits.”

It won’t be a surprise if the Federal Communications Commission gets sued when it issues net neutrality rules. In fact, FCC Chairman Tom Wheeler expects it.

Since November 10, when President Obama called on the FCC to reclassify Internet service as a utility and impose strict net neutrality rules, the FCC has been urged to act quickly. But it appears the commission won’t issue final rules before the end of 2014. When reporters today asked Wheeler when he’ll act, he said he’s taking his time because he wants to make sure the commission’s net neutrality rules aren’t overturned in court.

“We are going to be sued,” he said in a Q&A after the FCC’s monthly meeting. “That’s the history. Every time in this whole discussion any time the commission has moved to do something, one of the big dogs has gone to sue… We don’t want to ignore history. We want to come out with good rules that accomplish what we need to accomplish, an open Internet, no blocking, no throttling, no fast lanes, no discrimination, and we want those rules to be in place after a court decision. So we want to be sure we’re thoughtful in the way in which we structure them and we’re thoughtful in the way we present what will ultimately be presented to a court.”

Target’s massive data breach, in which criminals were able to drop malware onto point-of-sale systems and compromise at least 40 million credit and debit cards, is now the subject of a federal lawsuit by banks who issued those cards. And Target is arguing in court today that those claims should be thrown out, Bloomberg reports—because the company claims it had no obligation to protect the banks from damages.

The suit has been brought by five banks—First Federal Savings, Village Bank, Umpqua Bank, Mutual Bank, and Louisiana’s CSE Federal Credit Union. As a group, the banks are claiming losses because the breach exceeded $5 million. The lawsuit is playing out as representatives from financial organizations, including the US’ two major credit union industry associations, are pressing Congress to take action to hold retailers more accountable for payment data breaches and to bring them under the same privacy standards as financial institutions with regard to financial data.

Major retailer data breaches over the past year, including the ones at Target and Home Depot, have caused banks and credit unions to have to reissue hundreds of millions of payment cards. The Home Depot breach, first reported in September, was revealed last week to have exposed 53 million customer e-mail addresses, as well as 56 million payment cards.