Saudi Arabia is concerned about the latest rounds of Shamoon 2, which this week are disclosed to have hit chemical industry targets as well as the Labor Ministry. These incidents indicate a shift in Shamoon 2's target set: the November attacks involving the malware most prominently focused on aviation operations.
Check Point warns of "Charger," a newly discovered ransomware strain found in the EnergyRescue app in the Google Play Store. Google's Android security team has managed to interdict the malware before it reached the point of mass infection. In the case of Charger, the extortionists' threat is release, sale, or other abuse of stolen data, mostly contacts and SMS messages. "All your data is already stored on our servers!" crow the hoods, who demand $180 in protection money. The malware was available for about four days before being taken down; the incident moves Ars Technica to skepticism about the effectiveness of Play Store security scans.
zScaler and Malwarebytes are warning that two newly evolved remote access Trojans (RATs) are circulating in the wild. zScaler reports that SpyNote is flying the false flag of a Netflix app. Malwarebytes says that the well-known AndroRAT has become more stable, added new functionality, and increased its obfuscation.
It seems a "vigilante" (as Motherboard characterizes the actor) is finding poorly secured databases and inserting an empty folder into them to warn admins.
Cisco is patching its WebEx Chrome Plug-in. Users are advised to update.
In industry news, RiskIQ buys Maccabim; Verizon says nothing about Yahoo!