Microsoft warns businesses to be on guard against the possibility that attackers could compromise virtual machines, turning cloud environments against the enterprises that use them.
Dr. Web identifies a new Android threat. This one, known as "Skyfin," is a second stage infection observed in phones already compromised by the Android[.]Downloader malware family. Skyfin infests the local Playstore app to make unwanted purchases.
The SANS Internet Storm Center has a rundown on Sage 2.0, ransomware they've observed in spam hitherto associated with Cerber.
Specific ransomware victims late last week include the St. Louis (Missouri, USA) public library system and the Racingpulse[.]in pony betting site operating out of Bangalore (India). The St. Louis librarians aren't paying up; instead, they're wiping and restoring the approximately 700 affected machines. The Dharma ransomware strain hit Bangalore; there's no word yet on which variety affected St. Louis.
The Lloyds Banking Group disclosed that it was affected by distributed denial-of-service campaign two weeks ago. An unnamed "international cybercrime gang" is said to be responsible.
Both the New York Times and the BBC had their Twitter accounts hijacked yesterday, the Times hijackers tweeting (falsely) Russian President Putin's intentions to launch missiles against the US, and the BBC's hijackers tweeting (equally falsely) that US President Trump had been wounded in an assassination attempt. Protection racketeers at OurMine admit collaborating in the caper, but said their unnamed partners composed the tweets.
The FBI is said to be interviewing the gentleman security journalist Brian Krebs identified as the figure behind Mirai.