Recent intrusions into the Joint Staff's networks, US officials think, were the work of Russian actors.
In other news of Russian espionage operations, few will be surprised to learn that (alleged) cyber mob boss "Slavik" Bogachev (allegedly) made his services available to the Russian organs. Bogachev, (alleged) kingpin of GameoverZEUS capers, is thought to have facilitated collection against Georgia, Turkey, and Ukraine.
Researchers disclose several new vulnerabilities. Check Point discovers an exploitable "Certifi-Gate" bug in Android devices manufactured by LG, Samsung, HTC and ZTE. Context Information Security shows how malicious insiders can exploit Windows Server Update Services. Battelle shows how design flaws in x86 processor architecture render devices vulnerable to firmware rootkits. Ben-Gurion University describes GSMem malware's threat to some air-gapped devices.
FireEye reiterates warnings that even non-jailbroken iOS devices are vulnerable to exploits that escaped into the wild after the Hacking Team breach. Other FireEye researchers show how Android users could have their fingerprints (the prints, of course, not the actual whorls on their actual fingers) stolen without noticing.
Symantec looks at the Internet-of-things and glumly sees it as the next big field for ransomware. (TrendLabs finds ransoms rising and deadlines closely enforced.)
OPM get the Pwnie at Black Hat amid growing realization that effects of its breach are probably worse than suspected.
Tesla Motors gets good reviews for swift patching.
Sounding like Jack Daniel (the whiskey manufacturer, not the security guru) circa 1919, many Black Hat symposiasts see (now pulled) Wassenaar implementation as a harbinger of cyber prohibition.