The Guardian reports the Deloitte has been hacked. The firm was compromised through an admin account in October or November last year, and discovered the breach in March 2017. Investigation is "ongoing;" its Azure account is thought to have been compromised, but Deloitte is being tight-lipped, saying only that "few" clients' information (including emails) was exposed.
Avast thinks the backdoor insinuated into its CCleaner security software was probably put there by Chinese intelligence services. Kaspersky and other companies looking into the incident attribute the hack to APT17 (a.k.a. DeputyDog), and they also see a tie to the cyberespionage group Axiom. Novetta regards Axiom as an umbrella organization engaged in coordinating espionage on behalf of the the Chinese government.
ESET's look at the spread of FinFisher spyware has concluded that major Internet service providers in affected countries were "complicit" in spreading the lawful intercept product into targeted devices. ESET declines to name the countries where they observed this campaign, citing concerns for the safety as grounds for its reticence.
Another Amazon Web Services S3 bucket has been exposed to public access. This one was a fumble at Verizon; it left server configurations and other sensitive information hanging out on the Internet.
More cyber extortion waves continue. One of the more notable is a large spam campaign distributing Locky.
As observers goggle with continued astonishment at Equifax's handling of its breach, some look to Belgium for an alternative model of credit reporting that presumably handles consumer data in a more consumer-friendly fashion.