Microsoft warned yesterday that "targeted attacks" are exploiting a vulnerability in MSHTML by using malicious ActiveX controls in Word documents for remote code execution. There is no patch, yet, but Redmond is working on it. In the meantime Microsoft has made some mitigations and workarounds available (notably disabling ActiveX), and CISA "encourages users and organizations to review" them. There's no attribution of the attacks yet, but SecurityWeek thinks that the wording of Microsoft's disclosure strongly hints that a nation-state is behind them.
ESET is tracking BladeHawk, a mobile, Android-based cyberespionage campaign targeting ethnic Kurds. There's no attribution, but Kurds have been perennial objects of suspicion on the part of the three governments that control traditional Kurdistan: Turkey, Iraq, and Iran.
So it turns out that Labor Day weekend was more a day off than a doorbuster for ransomware gangs, but now that the holiday's passed, the hoods have returned to business as usual. The Washington Post is prepared to call the quiet holiday an "anomaly." CISA, the FBI, and the White House had all warned organizations to be on the alert, sound advice on form, but the expected wave of attacks didn't materialize.
REvil may be among the ransomware gangs that's resurfacing. BleepingComputer reports that, after an absence of almost two months, the group's dark web servers have reappeared. Emsisoft and Recorded Future report that among the restored presence is the gang's Happy Blog, albeit with essentially the same content it showed at the time of its July 13th disappearance.