North Korea's got a lot of coal it can't sell. Anyone whose got anything worth stealing online should look to their defenses. Pyongyang's especially interested in cryptocurrency wallets these days.
Deloitte continues to deal with the consequences of its recently disclosed breach. Many of those consequences are foreseeable piling on, as lawyers see, with some justification, regulatory gaps exposed by the incident, and as security researchers put the Big Four consultancy under the microscope and find all sorts of places where the company hasn't following its own advice. These include proxy login credentials out on Google+ (they've now been taken down), VPN credentials on Github, thousands of hosts exposed on the Internet (as seen via Shodan searches), etc. Such results are practically inevitable for an organization as big as Deloitte, which may or may not be comforting. There's no further word on whether the breach is more damaging than Deloitte's initial minimalist characterization makes it out to be.
Turning to the other two high-profile breaches, the Equifax incident produces fresh waves of hand-wringing and learned helplessness over the use of Social Security Accounts Numbers as elements of identity management approaches. It's also prompted what Palo Alto Networks deplores as "ambulance chasing." The US Senate, after giving the Securities and Exchange Commission a wire-brushing over the EDGAR breach, has told the SEC to go out and regulate harder.
McAfee reports an uptick in Faceliker malware, malicious code that gooses Facebook "likes."
Bloggers and others note: WordPress has a new patch out.