An XData ransomware decryptor is out (bravo, Kaspersky), as is one for AES_NI ransomware (bravo, Avast).
Netcraft says hackers romped freely in a Stanford University website for months, with phishing, defacement, etc. enabled through a PHP webshell in a top-level directory. All's now said to be cleaned up.
UpGuard researchers found sensitive information from the US National Geospatial Agency (NGA) in a publicly accessible data cache on Amazon Web Services' S3 storage service. The data, initially but erroneously reported as containing highly classified information, were inadvertently exposed by NGA contractor Booz Allen. The information was sensitive but unclassified; NGA cut access to the cache within minutes of notification. There was no connection to classified accounts, but there were concerns that exposed credentials could be used to access more sensitive data.
Appthority warns that a newly discovered vulnerability, "Hospital Gown," opens over a thousand mobile apps to backend exposure (as of course it would). The researchers say the vulnerable apps whose backend services are flapping in the breeze can be found in both Apple's App Store and Google Play, both notified.
IBM and Cisco announced expanded collaboration across services, products, and threat intelligence.
A Czech court approved extradition of accused hacker Yevgeny Nikulin, but didn't specify whither: he's wanted in the US for hacking LinkedIn, but also in Russia for a WebMoney heist.
NATO made it clear in Tallinn this week: a sufficiently severe cyberattack on infrastructure would trigger Article 5 (collective defense). The Atlantic Alliance is also beefing up cyberdeterrence.