Finland investigates apparent Russian GPS jamming during NATO exercises (Deutsche Welle).
Jihadist groups, pushed by social media into temporary online occultation, counsel members to spread malign inspiration through hijacked accounts (Naked Security).
RiskIQ and Flashpoint this morning issued a joint report on Magecart, the family of carding campaigns against e-commerce sites. The researchers identify six criminal groups as responsible for Magecart activity, and they trace the threat from its modest origins as the Cart32 online shopping cart backdoor (discovered in 2000) to the present threat responsible for large-scale attacks on large enterprises including Ticketmaster and British Airways. Magecart proper emerged in 2015. The criminals monetize their theft of paycard data either by selling it to other, pettier crooks in carding fora, or by enlisting mostly unwitting mules to buy goods and ship them to the gang.
Cathay Pacific has told Hong Kong's Legislative Council data regulators that the breach it sustained was sophisticated and lasted for several months as the airline sought with difficulty to parry the attacks (Bloomberg Quint). The attacks were discovered in March; the airline struggled (at considerable effort and expense) with containment until August, at which time it began to be able to assess the extent of customer data loss: "far worse than thought" (Star). Cathay Pacific has established a site that worried customers may consult if they're concerned for their data's security.
Asked if there will be another Cambridge Analytica scandal, UK Information Commissioner Denham bets on form and says, "I suspect there will" (Telegraph).