A hacker working on #OpHongKong claims he's counted coup against Hong Kong officialdom by compromising nineteen HostGator servers and downloading their content, which he says he'll release on November 5 (Guy Fawkes Day, of course). He promises "something big"; we shall see. Apple responds to Chinese government man-in-the-middle attacks on iOS users with warnings to its customers.
ISIS continues its sub-barbarian, deplorably successful propaganda of the deed as it posts videos of stonings-to-death (of women, for adultery) in rural areas outside Hama. The Islamic State has issued an opsec manual so those inspired by ruthless inhumanity may tweet without fear of geolocation.
Cyber attacks on news sites accompany elections in Mozambique.
Microsoft warns of a zero-day affecting all versions of Windows except Windows Server 2003. The vulnerability is being exploited in the wild, most commonly with infected PowerPoint files as the infection vector.
Patches inevitably expose vulnerabilities, and criminals work assiduously to reverse engineer and weaponize patched bugs as soon as those are publicly known. Here's a current example of the problem: Adobe patched Flash last week, and unpatched systems are already being targeted in wide-scale attacks as the vulnerability appears in the Fiesta drive-by exploit kit.
The Staples breach (under investigation) leads Check Point to observe that the attack was directed at point-of-sale systems, not Staples, and to urge not more shaming, but more sharing. New York financial regulators urge the sector they oversee to share more threat information as a way of performing due diligence on third parties.