Bloomberg says unnamed sources claim that the Clinton Foundation was breached by Russian attackers, presumably the same actors who hit the Democratic National Committee.
That DNC hack still looks like the work of Russian intelligence services. Fidelis, one of the companies brought in to investigate the matter, says the attack code was too sophisticated to be the work of a “script kiddie,” and that it has the appearance of a nation-state operation. Thus it would appear that lone hacker Guccifer 2.0, who claimed the attack as his work, is either 1) a hoaxer, 2) a disinformation operation by Russian intelligence services, or 3) an actual hacker who rioted in coincidentally alongside the FSB and GRU. The third possibility can’t be dismissed out of hand; it’s happened before.
Industrial control system manufacturers and their customers are increasingly worried about their growing attack surface. Speculation about whether grids around the world are vulnerable to the sort of attack that hit Ukraine last December reaches a wishy-washy consensus of well, possibly.
Several Android exploits are circulating. Malwarebytes is tracking “Pawost” (which phones home to China). Trend Micro reports on “Godless” (rooting phones in South Asia).
Trend Micro also describes "Mangit," a commodity banking-Trojan-as-a-service from the Brazilian mob).
Data lost in the LinkedIn breach are being linked to secondary breaches at other services.
In industry news, analysts assess the needs of the cyber insurance market and the prospects of bellwether publicly-traded security companies. Behavioral analytics shop LightCyber gets $20 million in Series B funding.
A note to our readers: today we're in Laurel, Maryland, covering the Cyber 7.0 conference. We'll be tweeting throughout the day; watch #HoCoCyber7. And we'll have a report on the event in tomorrow's issue.