Yesterday’s fresh terrorist horrors—the suicide bombings at Istanbul’s airport—are inducing security officials worldwide to look for better ways of collecting and developing intelligence. Much of that collection will be online.
The Kyiv ISACA branch reports that an unnamed Ukrainian bank has lost $10 million to SWIFT-enabled funds transfer fraud. ISACA’s statement (cagey, since investigation remains ongoing, and its early stages) suggests, as reported by the Kyiv Post, that “dozens of banks (mostly in Ukraine and Russia) have been compromised.” The methods appear similar to those used earlier this year to look the Bangladesh Bank.
The DarkOverlord’s purported healthcare records remain for sale in the Real Deal dark web souk, but so far there’s no consensus about the data’s provenance. Whatever they are, the asking price is steep.
A Google security researcher reports an array of bugs in Symantec and Norton anti-virus products. Symantec has patched the issues.
A smishing campaign in Europe spreads paycard-stealing malware posing as WhatsApp, Uber, or Google Play.
Lookout adds to warnings that “autorooting” malware is gurgling around in the walled-but-permeable Google PlayStore garden. OptioLabs says that another popular PlayStore denizen, Flash Keyboard (about 50 million downloads) is also exhibiting some dodgy behavior.
Locky ransomware, which vanished for a brief season, is back, and in a newly virulent form. CryptXXX also continues to hit victims. A study shows US enterprises wavering in their resolve not to pay ransom.
A petition to revoke Brexit through another referendum appears to have been signed mostly by bots.
A note to our readers: The CyberWire won't publish Monday as we observe Independence Day (commemorating the Amexit of 1776—you may have heard of it). We'll be back as usual on Tuesday, July 5, with both our daily news summary and our podcast.