For unclear (but probably nefarious) reasons, sockpuppets posing as recruiters on LinkedIn appear to be mapping infosec professionals' networks. Fox-IT raised the warning; F-Secure offers some analysis.
Malvertising on the British branch of Match.com is serving ransomware to the unwary.
An Android ransomware strain is now communicating over XMPP.
Bitdefender finds a cross-site-scripting vulnerability in PayPal.
ATM skimming hardware has become smaller, thinner, and harder to spot.
The trend among criminals to exploit compromised credentials and "live off the land" in enterprise networks accelerates.
Cisco patches a file overwrite issue in UCS Director and IMC Supervisor.
Richard Bejtlich reflects on Black Hat and discerns a new cyber security maxim: "If you can't protect it, don't collect it."
A Ponemon study looks at insider cyber risk and concludes that multitasking, long hours, and fatigue cause unintentional employee "negligence." (It seems, however, unfair to characterize a mistake made when worked to exhaustion as "negligence.")
Wassenaar, much execrated by the security industry, inflicts collateral damage even before delayed but long-feared US implementation takes effect: HP pulls its sponsorship from Pwn2Own for fear of crossing arms controllers. (Wassenaar's unpopular in India, too. Some think Canada got implementation about right.)
Security start-ups notice a new trend among venture capitalists: the VCs are asking about profits.
Among security start-ups themselves deception (of attackers, not VCs) is also trending.
The US prepares anti-hacking sanctions against Chinese companies, hoping attendant rancor dies down before the Obama-Xi summit.
Edward Snowden says Hillary Clinton's homebrew server damaged US national security.