Details of how hackers allegedly got into the control system of that dam in Rye, New York, emerge from the US Justice Department's indictment of seven Iranians. They're said to have found the dam's vulnerable systems by Google-dorking, and then worked their way in through there.
ISIS is said to respond to reverses on the ground by, first, conducting increasingly violent propaganda-of-the-deed outside its core territory (which it then celebrates online) and, second, within territory still under ISIS control, employing closely controlled legacy media and harshly repressive censorship. It's apparently not particularly active on the dark web, which is, as Defense One points out, "too slow and annoying for terrorists." Good for black markets, but not for information ops.
Trustwave researchers describe a cross-site scripting vulnerability in the widely used open source online shopping cart app Zen Cart.
Stolen code-signing certificates are finding their way into crimeware toolkits as criminals adapt to SHA-2, Symantec finds.
Researchers at Carbon Black are warning of a new ransomware strain, "PowerWare," which is fileless and written in the Windows PowerShell scripting language. Word documents crafted to induce victims to disable the Word preview sandbox and execute malicious macros are the vectors. Hospitals are particularly affected.
In industry news, cyber insurance underwriters continue to worry about the paucity of actuarial data.
Apple is apparently familiar with Cellebrite, engaged by the FBI in the San Bernardino jihad case. Observers think the Bureau will eventually have to disclose how they got into that iPhone (assuming it succeeds).