US health insurance provider CareFirst discloses a major breach to its members. More than a million subscribers appear to have had their personal data — names, birth dates, email addresses, and subscriber identification numbers — compromised. Indicators of the attack were first detected on April 21 (CareFirst began close scrutiny of its own security shortly after the Anthem hack), but the attack itself seems to go back to June of 2014.
TrendLabs describes how East Asian servers were effectively targeted during a recent cyber campaign in the region — the attackers exploited "Auto-Start." TrendLabs also turns up another interesting bit of information in an unrelated matter: the command-and-control server for the Carbanak targeted attack campaign now resolves to an IP address associated with Russia's FSB. Whether this is a joke, blunder, or something else is unclear.
The University of London says its widely used Computer Centre was taken offline earlier this week by a "cyber attack" of unspecified nature. Service is now restored.
Dating site Adult FriendFinder has been breached, with users' personal information appearing for trade on the cyber black market.
A Google study finds that most security questions are easy to guess (and therefore not that useful).
The US indicates it will implement 2013's Wassenaar Arrangement governing trade in cyber tools. Effectively a cyber arms counter-proliferation measure, Wassenaar is making researchers nervous about legal liability.
Also in the US, the Patriot Act (which notably contains bulk collection authority) comes closer to its sunset.
The Five Eyes allegedly peered into Google Play.