Proofpoint reports criminals are using lightweight downloaders for reconnaissance.
The British Airways data breach, by general consensus attributed to the Magecart gang, is thought likely to result in precedent-setting GDPR enforcement action.
445 million customer records belonging to Veeam were found exposed in a MongoDB database at the end of August. They've since been taken down.
In yesterday's Patch Tuesday Microsoft addressed sixty-one vulnerabilities, at least three of which are under active exploitation in the wild. Adobe also patched, issuing a new version of its Flash Player. SAP has also fixed fourteen bugs in its products.
The European Union passed its long-debated and widely feared copyright law, which incorporates what's been called a "link tax." There are some exemptions for smaller organizations and not-for-profits, but in general the law is very good news for rent-seeking big media companies and moderately bad news for everyone else, where the law is widely seen as opening up considerable possibilities for censorship. At a minimum, the measure seems likely to force YouTube-like content moderation on much of the Internet.
Russia's President Putin says they now know who the two men are the British fingered for the Salisbury nerve agent attacks. He says they're just regular Joes, civilians, and neither criminals nor GRU hoods. (Presumably they got their Novichok, which in the Russian view they of course didn't have, off of their spice rack in the kitchen. Isn't that where you keep yours?) Mr. Putin says he "hopes" the two will tell their story "soon."