NetBlocks confirms that Internet service has been disrupted in Sudan. A military coup has taken place, and fighting continues in many parts of the country. The US embassy in Khartoum has advised American citizens in Sudan to shelter in place.
According to the Washington Post and others, subsidized fuel sales at Iranian gas stations were disrupted yesterday in what the government in Tehran describes as a cyberattack. Investigation is in progress, and the incident isn't yet attributed to any particular threat actor. Observers compare the attack, if such it proves to be, with the disruption of rail service messaging earlier this summer, generally thought to have been the work of Iranian dissident hacktivists.
ESET announced this morning its discovery of a hitherto unknown malware loader, "Wslink," that runs as a server and executes Windows binaries in memory. Who's operating Wslink and what exactly it's used for remain unknown.
An international dragnet made one-hundred-fifty arrests taking down a darkweb contraband market. "Operation Dark HunTor" also seized, the Wall Street Journal reports, "234 kilograms of drugs, 45 guns and more than $31.6 million in cash and virtual currencies."
The Record interviews a representative of the LockBit ransomware gang, formerly a bit player, now risen to prominence. LockBit thinks REvil's disappearance may have been an exit scam.
The Wall Street Journal reported this morning that the US Federal Trade Commission had opened an investigation into whether Facebook's internal research indicates that the company violated its 2019 settlement of privacy concerns with the FTC.