The recurring phenomenon of Middle Eastern hacktivism striking poorly protected targets continues: yesterday Alabama, today Sri Lanka. (Different hacktivists, same questionable aim.)
Ransomware piggybacks on widespread interest in Windows 10: CTB-Locker is being distributed through socially engineered attacks on those curious about the new version's features. Android mediaserver bugs also show some potential for ransom attacks.
Denial-of-service extortion (which IBM calls "ransomware's older cousin") revives as a threat: the US FBI warns financial institutions that they're targets.
Hackers exploit the well-known BIND vulnerability against DNS servers.
Black Hat is on, and with it the customary wave of product launches and vulnerability demonstrations. Among the latter is an account of the relative ease of attacking SDN switches.
Car hacking continues to capture the general media imagination. Consider it a special case of Internet-of-things vulnerability (and less-than-secure design).
WordPress is patched, and users are advised to update.
TruSTAR and Bugcrowd independently offer perspectives on information sharing and vulnerability disclosure.
Board members and other corporate leaders, strongly aware of cyber risk, are regarded as out-of-touch with respect to their businesses' security posture. More companies use crisis communication for reputation management (as stonewalling loses popularity). Interest in retaining counsel to handle cyber issues intensifies.
Working toward a bigger presence in the cyber security market, Accenture acquired FusionX. Forbes describes how big defense corporations position themselves in that market (often by exiting it).
China tightens Internet controls by embedding police in online firms.
The Council on Foreign Relations offers a Panglossian view of cyber deterrence.