Shamoon, the drive-wiping malware that hit Saudi Aramco and other energy firms hard in 2012, is back, with infections reported in Saudi government systems. Saudi investigators say their forensic investigation leads them to attribute the attack to an Iranian source. The new strain of Shamoon is also being called "Disstrack," and it appears to be purely disruptive in operation, with no reports of data exfiltration.
Investigation into the Tesco Bank breach suggests to some observers that the bank's connection to its parent supermarket may have afforded the attackers their way in.
The World Anti-Doping Agency is again under cyberattack, and it's either Fancy Bear or someone masquerading as Fancy.
Palo Alto Networks' Unit 42 reports on a new Google Android Trojan, “PluginPhantom," that abuses the DroidPlugin framework. PluginPhantom, which includes a keylogger, extracts a wide range of user and device information.
Facebook is calling hogwash on Check Point Software's report of Locky ransomware being spread by images in Facebook Messenger.
Firefox has patched a zero-day that could be exploited to de-anonymize Tor users.
Germany's Interior Ministry has proposed legislation that would limit the transparency of online surveillance. Interception of jailed ISIS terrorists' communications suggests planning for unusually repellent attacks targeting children. Investigation into the alleged ISIS mole in the BfV continues; the Telegraph argues any security service might overlook red flags when recruiting for scarce language skills.
A US Defense Department report accuses Chinese security firm Boyusec of working with the PLA to embed espionage tools in its security products.