Yahoo! (its deal with Verizon still probable but now in doubt) attributed losing half-billion users' credentials to a "state-sponsored actor," but skeptical industry observers think PII inherently less interesting to states than intellectual property. That may be true, but one notes China's apparent interest in PII held by the US Office of Personnel Management (OPM) and Russia's apparent interest in White House and DNC email credentials. It's fair to say that, while blaming a nation-state for a hack is hardly an admission against interest, it's also entirely possible that US law enforcement agencies may have asked that Yahoo! refrain from saying too much about an ongoing investigation.
Venafi and others call the quality of Yahoo! encryption into question. Several class action suits are in progress, and many observers still have questions about the breach timeline—some think suspicion about a large breach may antedate "Peace's" dark net chatter about Yahoo! credentials for sale. The US Senate has invited the Securities and Exchange Commission to investigate.
Fancy Bear is poking at Western aerospace industry targets with a new Mac Trojan, "Komplex."
The FBI is investigating the exposure of apparent NSA tools released by the Shadow Brokers.
Netskope researchers warn against a new strain of Virlock ransomware. Virlock is now polymorphic—it both encrypts and infects—and it's particularly troublesome in a cloud, where it can spread through syncing and filesharing.
Users didn't much like Facebook's inspection of WhatsApp user data; now a German commissioner finds Facebook in violation of privacy laws.