The conflict around Gaza spawns many anti-Israeli denial-of-service campaigns. Some of these appear to derive from an Iranian controlled botnet, but whether the action is primarily state-directed or self-organized hacktivist cyber-rioting remains unclear.
CyberVor's big sweep of credentials remains the big story in cyber. The consensus is that the crooks certainly got something, and that they're using it to spam. How they got it and what the theft's further implications might be remain unclear. Many observers offer sound (if familiar) password hygiene advice. Several analysts call the event the password's death-knell.
Background-checking firm USIS has suffered a hack, which it says bears the hallmarks of a "state-sponsored" operation. The US Office of Personnel Management and Department of Homeland Security, both major USIS customers, temporarily suspend some use of the company's services.
Lawful intercept vendor Gamma International (makers of FinFisher) has also been hacked (and spoofed). FinFisher details as well as customer information have leaked.
FireEye finds an APT campaign, "Poisoned Hurricane," active against US and Asian targets. The APT conceals its operations with hijacked domains.
Facebook buys security start-up PrivateCore.
FireEye and Fox-IT offer free CrytoLocker recovery support.
Black Hat USA is wrapping up, and accounts of some of its more interesting presentations are online. In-Q-Tel's CISO Geer delivered a provocative keynote. He advocates cornering the market on exploits (then disclosing them); he sees home routers as critical infrastructure, etc. Other symposiasts note that the line between legitimate vulnerability research and cyber crime can be murky: clarity would be welcome.