End of the year is quickly approaching, and a number of groups are starting predictions for the new year, including:

• Checkpoint has some cloud predictions including ransomware ending up in a data centre (vs user machines) and a major attack on a cloud provider.
• Ensilo has a number of predictions, many business related, but a few others including javascript replacing flash as the number one cause of browser exploits, security moving down the stack to have more protections at a hardware level, and ransomware moving to ‘spray and pray’ to more targeted attacks.
• Malwarebytes unsurprisingly predicts that Ransomware will continue to be king in 2017, with high risk items like digital wallets and password managers becoming targets.

Rapid 7 has an insightful (to me at least) article on Why Security Assessments are Often not a True Reflection of Reality, and how the scoping of security assessments can lead to a lot of caveats.

Checkpoint Labs put out their November Malware Most Wanted. Locky doesn’t quite top the list, but did manage to be the #1 malware family in 34 countries, while Conficker (still at the top) was only #1 in 28.

NakedSecurity has an end of year article around the number of records lost in breaches, totally 2.14 BILLION records, up from 480m records last year. Unfortunately, these numbers were reported before Yahoo indicated another breach of 1 billion records, a separate incident from the one reported this year.

Poor Yahoo, on top of all the bad news this year, they recently patched an XSS bug which would have allowed attackers the ability to read a user’s email.

BleepingComputer rounds up with Ransomware. Last week included: new variants, a botnet spreading ransomware that had a decryptor released in the summer (oops), a ransomware that will decrypt your files if you infect your friends (social!), and a new open source Ransomware that has already spawned at least 3 variants in the wild.