SWIFT, the Society for Worldwide Interbank Financial Telecommunication, the financial sector's international funds transfer network, has again warned its members of more fraudulent money transfers. The scope of the latest attacks is unknown, but SWIFT has given its members an ultimatum: update to the latest version of SWIFT software by November 19 or be reported to regulatory authorities and banking partners. Reuters reports that weak local security was exploited to compromise local networks and then send bogus messages requesting money transfers. Some of those requests were apparently filled.
Fund transfer fraud is also committed by the familiar business email compromise. In mid-August German wire manufacturer Leoni AG lost €40 million ($44.6 million) when personnel followed instructions in a spoofed email to transfer money to accounts in the Czech Republic.
US states continue to worry about and possibly improve voting security. Vermont thinks it's covered, North Carolina wants Federal help, and many worry about the implications of Federalizing elections. Russia continues to play an information operations long game with respect to US and other Western elections. The New York Times observes that, independent as WikiLeaks may be, objectively (as the old Pravda might have put it) Assange's operation is nicely aligned with Russian interests.
Microsoft warns attackers are exploiting Word vulnerabilities. Weaponized documents are now spreading Cerber ransomware and password-stealing Trojans through Betabot.
Several interesting proof-of-concept attacks indicate a shift toward physical exploitation of hardware.
PoodleCorp skids continue their ars-gratia-artis DDoS against online games, including World of Warcraft and Battlefield 1.