Chinese cyber espionage seems strongly drawn to theft of drone technology, mainly from the US. (But Sino-American tensions fail to disentangle their tech trade: ZTE plans a major US smartphone launch next year, and is even becoming an NBA sponsor; Alibaba will hold its IPO on NASDAQ or the NYSE, not a Chinese exchange.)
That dodgy Android iMessage app proves indeed a threat, and is pulled from Google Play.
ESET discerns a spike in Filecoder ransomware that encrypts victims' files until they pay up, then (maybe) releases them.
Krebs finds that major data brokers have been hacked by a criminal identity theft service that's now selling birthdays, SSANs, and other sensitive personal information. The data are sold by subscription on the black market using unregulated currencies like Bitcoin and WebMoney.
The researcher who found SIM card encryption flaws early this summer sees little sign that telecommunications companies are addressing them.
The US Army's troubled DCGS intelligence platform is again in trouble—the Army's been told to fix it for Afghanistan in 60 days or replace it with something else (Palantir?)
F-Secure claims Britain's GCHQ and America's NSA are outsourcing significant security functions. Belgium formally asks GCHQ for an explanation of the Belgacom hack, and India expresses concerns over NSA diplomatic surveillance. These controversies find their way to the UN, where Estonia (which always cyber-punches above its weight) presents the body with a dilemma: either extend Westphalian sovereignty to the Internet, or completely overhaul the Westphalian system in the real world.