TalkTalk announces lower numbers of affected customers than initially feared when its recent breach was disclosed. British police have arrested a second teenager in connection with the hack, but their motives remain obscure. Naked Security observes that it's tempting in cases like this to jump to the conclusion that the kids did it for the lulz, but there's been enough precocious financial crime to give one pause.
More details emerge in the 000webhost, Mark and Spencer, and Optimal Payment breaches.
A well-crafted, convincing spam campaign is trolling for domain name owners, seeking (as usual) to get them click malicious links. The spam is personalized and warns of imminent suspension.
Adult content continues to be the biggest vector for mobile malware.
CyberX finds a zero-day in Rockwell industrial control products.
Proofs-of-concept demonstrate vulnerabilities in iris-recognition biometric scanners and in browser histories (the latter has been named "Sniffly").
Dridex infections spread as the botnet returns to life.
Researchers publish details of CryptoWall ransomware. Revenue from CryptoWall appears to investigators to be flowing into a single criminal group: the latest version may have netted the crooks some $325 million.
Google demands redress from Symantec over allegedly improperly issued certificates.
Xen patches an old VM escape hypervisor vulnerability.
US CISA legislation continues to draw varying reviews. New surveillance policies are enacted in the UK and EU. (Some of the new European policies seem fairly aggressive.) US NSA Director Rogers calls for more industry cooperation in cyber security, but would rule our privateering in cyberspace.