NCC Group describes an extortion operation that skips the customary ransomware stage of the process. "SnapMC," which NCC Group says it's been unable to link to any other known actor, is simply moving directly to data theft, with no encryption of the victims' data. This probably represents a trend, as more gangs can be expected to engage in "data breach extortion." This kind of attack requires even less technical capability than the already highly commodified ransomware attacks need.
Verizon recommended yesterday that users of its Visible wireless service should change any Visible usernames and passwords they may have used to access other sites or services. "Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services." The Record says Verizon denied any compromise of its backend infrastructure.
Field Effect claims to have identified a cluster of seven Windows zero-days the security firm refers to, collectively, as Blackswan. Six represent a privilege escalation risk; the seventh the researchers characterize as an information leak vulnerability.
The Necro botnet (a Python bot) is actively installing a Monero cryptojacker in vulnerable Visual Tools DVR VX16 220.127.116.11 instances, Juniper Networks reports.
From Cyberscoop's account, it appears that the theme of the US-convened conference on ransomware is that the threat is transnational, and therefore demands an international response.