An Experian data breach compromises some 15 million T-Mobile customers.
Foreign exchange broker FXCM sustains and contains fraudulent wire transfers (always disconcerting).
Symantec notices that routers and IP cams are being infested with new malware of unclear provenance and unusual apparent purpose. "Linux.Wifatch" looks like "vigilante software" aiming to increase the security of the systems it infects. Few will be consoled by hints of benign intent — it's still malware.
Financial malware activity is up. Dridex is back, Shifu spreads from Japan to the UK, and mobile users in Germany are hit by malware that spoofs a PayPal app. The Nigerian Cuckoo Miner is taking over inboxes and targeting banks.
Zimperium warns of "Stagefright 2.0," which Help Net Security says in a screamer could compromise up to "a billion" Android devices. (Anyway, lots of devices.)
SANS sees a surge in Nuclear exploit kit traffic.
Investigation into former US Secretary of State Clinton's homebrew server raises eyebrows with evidence of malign Russian activity. Not good, but it's unclear how much was targeted, and how damaging it might have been.
VMWare, WordPress, and Cisco issue patches.
Risk managers and insurance companies continue to grapple with the paucity of well-understood actuarial data surrounding cyber losses. The Home Depot breach looks retrospectively scary, suggesting these may be higher than thought. The regulatory maze, a precursor to standards of care, isn't helping.
SINET has announced the SINET 16: emerging, innovative cyber stars.
Wassenaar gets European scrutiny. US security researchers complain of regulatory impediments to their work.