Australia's Bureau of Statistics remains convinced its online census platform was taken down by distributed denial-of-service attacks. No attribution, and the motive is thought to be the obvious one: disrupting the census.
Vietnam continues to sustain a wave of spyware infestations originating, apparently, with China. Other Chinese actors (deniable patriotic hacktivists) defaced Vietnamese airport sites in July; there are similarities between their code and that used by the spyware actors.
In the US, the FBI is expanding its investigation into the hack of the Democratic Party. It's now believed more than a hundred groups and party officials were compromised. Investigators speaking on background to the media no longer bother to be coy about attribution—they call the actors "the Russians."
Microsoft has inadvertently leaked its Secure Boot "golden key," effectively a backdoor that bypasses protections and enables the possessor to unlock any device protected by Secure Boot. Observers see this as a cautionary tale for policymakers.
A Linux TCP flaw, apparently in place since 2012, exposes Internet users to off-path exploitation. Researchers from the University of California at Riverside and the US Army Research Laboratory demonstrated a proof-of-concept exploit yesterday at USENIX.
Another car hack demo shows how criminals can gain access to several Volkswagen models.
Samsung acknowledges there's a token skimming issue in Samsung Pay, but says exploitation is too far-fetched to worry about.
Tripwire reports on R980 ransomware—a lot of familiar functionality, but which abuses Mailinator the better to coerce its victims.
Twitter's cleared of supporting ISIS.