Kaspersky discusses an activity cluster they're calling "MysterySnail," and which they connect to the "Chinese-speaking APT" IronHusky. MysterySnail exploits a Windows zero-day to install a remote-access Trojan.
With all the attention last year's SolarWinds exploitation received, one would think that users would have applied the appropriate patches and mitigations. But Randori's 2021 Attack Surface Report finds that one in fifteen organizational users are still running a version that's either undergoing active exploitation or is at least "highly tempting" to attackers.
The promised high-level conference on ransomware kicked off today. Special sessions, the Washington Post reports, will address "resilience, virtual currencies, law enforcement disruptions and diplomacy." The US engaged some thirty countries who'll be attending the two days of meetings. TheHill and others note that Russia wasn't invited, because the current ransomware surge is generally regarded as driven by Russian-inspired or the very least Russian-tolerated gangs ("privateers," as Cisco's Talos Group aptly called them back in May). We observe that, while the Five Eyes, several NATO members, and other close US allies are taking part, China, North Korea, and Iran aren't on the guest list, either.
Police in the US state of Florida have taken a woman into custody on charges of accessing a flight training school's system to alter information on twelve aircraft, WESH reports. The most disturbing change was to alter the status of some planes that required maintenance to "airworthy."
Yesterday was October's Patch Tuesday, and the Zero Day Initiative summarizes six Adobe and seventy-one Microsoft security updates.