Scotland's Parliament has sustained a brute-force attack on Members' email credentials. The campaign against Holyrood is similar to the one Westminster sustained in June, and similar measures are being taken to remediate it.
WannaCry and NotPetya continue to trouble enterprises (in one case, Maersk has pegged its NotPetya-related losses at $300 million). Both exploited Equation Group material leaked by the ShadowBrokers. How the Brokers got the exploits remains a mystery, but the SMB flaws they exploit—EternalBlue, EternalRomance, EternalSynergy, and EternalChampion—are likely to present problems for some time, according to an analysis published by Cylance.
The hackers who went after a Mandiant analyst in Operation #LeakTheAnalyst claim to have compromised FireEye, but it seems likelier they're mostly trolling.
"Mr. Smith" is getting more strident with HBO, but it's not clear what "Mr. Smith" may have actually obtained from hacking the entertainment giant.
The neo-nazi Daily Stormer, kicked out of most legitimate services, appears to have migrated its unsavory inspiration to the dark net. Even there, parties unknown may be pursuing it with distributed denial-of-service attacks. The Stormer or at least its message will probably find other outlets, if long experience with ISIS is any guide: the Caliphate has posted more beheading pictures—the victim this time is a captured Iranian IRGC fighter.
Trickbot banking malware is being disseminated through unusually convincing counterfeit sites—even the url and certificate are right.
PowerPoint vectors may be distributing an OLE exploit as a test, or so Cisco and Trend Micro researchers suspect.