Symantec researchers warn that the "Dragonfly" threat group has been actively pursuing, and has to some measure achieved, access to US and European power grid operational networks. This means, Symantec says, that Dragonfly has no further hurdles to clear were it to decide to disrupt power distribution. The effects would be similar to those Sandworm had on Ukraine's power grid, but differences in approach suggest that Sandworm and Dragonfly are distinct actors. There's no attribution yet—both Russian and French text appears in the code, but that's consistent with false-flagging.
Researchers have found a serious vulnerability in Estonian national identification cards.
GlobeImposter, SynAck, Princess, and Locky ransomware continue to surge in the wild. Other DDoS-based extortion campaigns are hitting some online gambling sites, which of course are highly sensitive to service disruption.
Latin American social media service Taringa (described as "Reddit-like") has sustained a major breach. Twenty-eight million accounts have been compromised.
KrebsOnSecurity has a long profile of Marcus Hutchins, the white hat hacker the FBI arrested in Las Vegas. Mr. Hutchins is, according to the profile, a complex man with a complicated history.
China has banned VPNs, and a man already convicted under the ban faces nine months in prison.
China has also banned initial coin offerings.
Russian Communications Minister Nikiforov has called for an indigenous cryptocurrency. Bitcoin and Ethereum are based on "foreign cryptography," and thus undesirable. (Russia's already got Voppercoin. Mr. Nikoforov can stroll to the Burger King in the Arbat and supersize himself to financial security.)