The Wall Street Journal reports that the thieves have returned almost all the $600-million-plus taken from Poly Network. Reuters confirms that Poly Network has offered the hackers a $500-thousand "bug bounty."
Check Point has more on the Indra Group, an Iranian opposition group it believes to have been responsible for recent cyberattacks affecting Iran's rail system. The New York Times thinks the incidents illustrate the growing capability of non-state actors.
Heimdal late last week described a new strain of ransomware, "DeepBlueMagic," that abuses a legitimate third-party disk encryption tool by initiating but not finishing the encryption process. DeepBlueMagic disables security software before beginning encryption, subsequently deleting its own executables, rendering it resistant to forensic analysis. Heimdal says that it's found a way of restoring affected systems.
Various ransomware gangs are actively exploiting the PrintNightmare Windows vulnerability, CyberScoop reports.
T-Mobile is investigating a criminal's claim to have breached a very large set of customer data (possibly 100-million fullz) held by the mobile company, Reuters reports.
The effective collapse of Afghanistan's government yesterday and the country's general fall to the Taliban represent a humanitarian disaster. From the US point-of-view, it seems to have been more policy failure than intelligence failure. The Taliban's ascendancy may also augur an increase in newly emboldened Islamist activity in cyberspace. Historically that had been largely concentrated on recruitment and operational planning (against both of which law enforcement and counter-terrorism authorities enjoyed some success), then on radicalization and inspiration (harder to restrain), and, of course, on website defacement.