Deloitte continues to say little about its breach, maintaining its position that few clients were affected. Observers think the incident involved failure to use multifactor authentication on an admin account. (They also think early reports that Government organizations were affected seem to have been inaccurate.)
The US Securities and Exchange Commission told the Senate that, while it's "deeply concerned," no personal information was compromised. To most observers, that was never the concern—exposure of sensitive, material, corporate information was the issue.
IOActive took a look at the security of twenty-one popular mobile stock-trading apps and found them wanting: many didn't require two-factor authentication to access bank accounts, man-in-the-middle vulnerabilities were common, and some didn’t encrypt traffic.
The Dirty Cow Android vulnerability is being exploited in the wild.
Investigation of Russian influence operations in the US continues. The goal is by now clear: disruption, and erosion of such trust as sustains civil society. There are, Foreign Policy argues, signs that Russian information operations are shifting away from national targets and moving toward local governments, associations, religious groups, and "activists." This is nothing new, considered against the background of Russia's history with propaganda.
Retrospectives on WannaCry continue to attribute the ransomware or pseudoransomware to North Korean operators using tools allegedly stolen from NSA. In an information operational display, Sputnik News strongly connects those tools with the US agency, but passes over in silence how those tools were obtained and released. In influence operations, the important lies need a bodyguard of truth.