WikiLeaks' Vault7 dump last week featured descriptions of "ExpressLane," an (alleged) CIA program for installing liaisonware to (allegedly) extract information from partner agencies. Most of those agencies are believed to be other US organizations, but WikiLeaks suggests international partners were similarly affected. The strongest reaction so far seems to be from India, where the public is already skittish about several disclosed vulnerabilities in the national Aahaar identification program. Indian authorities deny that Aadhaar was affected, but observers in the media remain dubious.
The US Navy's investigation of the destroyer USS McCain's collision with a merchant tanker a week ago seems to be tending toward the painful conclusion that seamanship errors and not cyberattacks were the cause. This hasn't halted speculation about a cyberattack, with many observers offering suggestions as to how such an attack might have been accomplished. These are perhaps best regarded, absent further evidence, as hypothetical cautionary tales. Most will be familiar to those who have followed accounts of industrial control system vulnerabilities; there's a strong family resemblance.
New Sky Security researchers have noticed a large list containing "thousands" of working IoT-device Telnet credentials dumped online, an obvious distributed denial-of-service threat. Security experts are scrambling to forestall that possibility.
A new ransomware strain, "Defray," was detected late last week by Proofpoint. It uses unusually well-targeted spearphishing to spread. Another ransomware strain of unknown type and provenance has hit NHS Lanarkshire in Scotland; remediation is in progress.
In industry news, Forcepoint announces its acquisition of behavioral-analytics shop Red Owl.