The Shadow Brokers still haven't found any takers for those Equation Group zero-days they say they have for sale, so hop to it, shoppers (we guess).
The Mirai botnet's code is out on the dark web in a bad-news/good-news-good-news story. The bad news is that the code is out, and thus available for more IoT-driven distributed denial-of-service. The good news is that the author may be sensing the law's approach, and the other good news is that inspection of the botnet and its code is yielding some useful lessons. The biggest lesson is the danger default passwords pose when they're left unchanged: Mirai used 61 default passwords to herd its bots into the biggest DDoS attack yet seen. Krebs has an account of the manufacturers whose devices were exploited.
Kaspersky has cracked the MarsJoke crypto ransomware and they have a tool available to help the afflicted.
Interactive, "real-time" phishing has emerged in Brazilian cybercrime campaigns.
US concerns about election hacking and voter influence continue, with Russia the source of concern. US-Russian relations grew colder this week as Russia formally withdrew from a bilateral plutonium-control accord in response to US sanctions against Russia. The Russian point is that US imposition of costs (a centerpiece of American cyber policy) will itself have costs.
In industry news, Carbon Black prepares for an IPO as it partners with IBM to offer competition with Tanium in the endpoint security market.
Russia has tightened up cyber legislation: cybercrimes will henceforth be categorized as theft, not fraud.