Zscaler has discovered a password stealer spreading through a compromised website. The malware is delivered by VBScript, which after downloading the malicious payload, downloads a decoy document, terminates Microsoft Word processes, installs the payload through PowerShell, and removes document recovery entries of Microsoft Word.
Indian authorities seek to reassure people that their Aadhaar identity data are secure.
In the US, the NFL Players Association inadvertently exposed the personal information of about 1200 players and agents in an unsecured Elastisearch database. (Kromtech found the leak.)
Of the twenty-two million comments received by the US Federal Communications Commission on net neutrality, only 17.4% appear to be genuine, according to data analytics firm Gravwell. The rest? Bots.
In the US, the Department of Homeland Security decries a growing public learned helplessness over cyberattacks and data breaches.
The investigation into the Las Vegas massacre continues, with the shooter's motive still a mystery. But the FBI and local law enforcement say they're looking into the possibility that the killer could have had accomplices. His online activities are drawing predictable attention from investigators.
ICANN has decided to delay a planned DNSSEC master key change to avoid risking disruption of Internet traffic.
Cisco has patched its Firepower Detection Engine. A flaw in SSL decryption could produce a denial-of-service condition.
In industry news, ForeScout has filed for a $100 million IPO, and root9B has resumed trading.
Google's DeepMind is assembling an "ethics" panel of presumed experts to help designers, researchers, and engineers avoid creating disastrously anti-human artificial intelligence.