Another US healthcare insurance provider, Excellus BlueCross BlueShield, has been breached. The compromise was detected on August 5 and disclosed yesterday, but the attack occurred on December 23, 2013. 10.5 million members' personal and financial information were exposed. Excellus says that, so far, there's no evidence of fraud.
USA TODAY looks into public records and concludes that the US Energy Department was successfully attacked some 150 times between 2010 and 2014. Attribution and other details were redacted from the records the paper obtained, but observers point with concern toward threats to the power grid.
Zimperium has released Stagefright exploit code for security testing purposes.
Palo Alto describes the long-running persistence of Gh0st malware in ongoing attack campaigns.
Manufacturers and shippers turn, increasingly, to the Internet-of-things, and implementation appears to be outrunning security.
SecureAuth's Cox looks at his industry and calls for a cyber version of the Hippocratic Oath.
In industry news, US companies are looking closely at a proposed Defense Federal Acquisition Regulation rule on commercial item acquisition (DFARS Case 2013-D034), which some fear will effectively block commercial cyber companies from Government business. (And Senator McCain thinks the rule will kill SecDef Carter's outreach to Silicon Valley.)
Palo Alto beats estimates. Ironnet raises $25 million in funding.
The UN clarifies application of the laws of armed conflict to cyberspace (and does so by extending traditional precepts into the new domain).
As debate in the US kicks up over whether ISIS intelligence was massaged, India grapples with its anti-ISIS info policy.