WikiLeaks has released a manual for "HighRise" (a.k.a. "TideCheck") allegedly a CIA app that enabled interception of SMS messages in earlier versions of Android. The Vault7 leak is dated December 2013; it purports to describe a tool effective against Android versions 4.0 through 4.3 (Ice Cream Sandwich and Jelly Bean).
Now that consensus has come to regard NotPetya as almost surely a Russian operation, observers repeat the conventional Clausewitzian wisdom that warfare is politics by other means, and so cyberattacks track geopolitical interests. In the case of Russia those interests often involve fostering chaos and degrading trust, from which one may infer that Russian cyber operations will cast a wide net. (See NotPetya.)
They also have financial consequences. French company Saint-Gobain, a NotPetya victim, probably lost $230 million in sales due the attack.
After the Verizon-Nice Systems breach, experts advise Verizon customers to change PINs. Experts also advise everyone to pay more attention to how their AWS S3 buckets are configured.
London-based Bupa, the healthcare firm that disclosed a data breach Wednesday, says it wasn't hacked—a rogue insider, now fired, exposed the information.
In the UK, GCHQ has established a second security accelerator. The US Defense Department seeks to streamline cyber acquisition, and the US Army considers direct commissions to Cyber Branch.
AlphaBay, Silk Road's successor as market leader in the dark web contraband souk, now really is gone, taken down by Canadian, US, and Thai authorities. Its alleged proprietor is dead, an apparent suicide in a Thai jail.