The University of Toronto’s Citizen Lab reports that some state security and intelligence services—apparently including the United Arab Emirates—are running cyber espionage campaigns under journalistic cover.
A Windows zero-day (a purported zero-day: Microsoft points out that the vulnerability has yet to be verified) is for sale on the black market. The vendors claim that it grants admin privileges on any machine running any version of Windows from Windows 2000 through a fully up-to-date Windows 10. The asking price is $90,000. Whether the hackers’ claims are legitimate or not, this is interesting for at least two reasons. First, whoever discovered the flaw apparently thought they could make more money hawking it in a crimeware souk than by either using it themselves or selling it quietly to big buyers. Second, zero-days may be on their way to the sort of commodification long seen in the data theft racket. After all, $90,000 isn’t that much—just a bit more than a sandwich shop franchise would run.
That stolen data have become inexpensive commodities may be seen in the continuing story of the MySpace breach. Granted, the credentials are old, but to offer almost half a billion of them for about $2800 suggests it’s a buyer’s black market. MySpace has invalidated the affected passwords.
University of Michigan researchers demonstrate a microscopic hardware backdoor-on-a-chip proof-of-concept.
Wassenaar implementation may have slowed, but cyber export controls remain under consideration worldwide.
Ramadan, which begins with this Sunday’s new moon, is expected to bring heightened ISIS activity.