Symantec reports that sites in India and Pakistan have been the targets of a sustained cyberespionage campaign using Ehdoor spyware. The spying goes at least as far back as October 2016, and seems to have focused on collecting information on regional security matters. Symantec says the campaign looks like the work of a single nation-state, but it doesn't specify which one. Other observers note that India has been experiencing a heightened state of tension with China, but that's merely an indicator, and doesn't rise even to the level of circumstantial evidence.
The NHS Lanarkshire attack has been confirmed as ransomware. It's not WannaCry (which had afflicted NHS Lanarkshire in an earlier incident) but which ransomware variant hit the NHS systems remains unclear. Health care services continue to experience interruptions in parts of Scotland. Observers note that ransomware is playing an increasingly important role in attacks intended to disrupt as well as extort.
Cylance research on Hancitor exposes how the malware's three-step exploitation of low-level Windows vulnerabilities enables it to accomplish its work.
Collaborative work by several security companies appears to have contained an Android distributed denial-of-service botnet. "WireX" was detected on August 17th, hitting hospitality, adult, and gambling sites as well as some domain registrars. The botnet was disabled by Akamai, Cloudflare, Flashpoint, Google, Oracle, RiskIQ and Team Cymru.
Phishbait currently chumming the Internet attracts both the noble (Hurricane Harvey relief scams) and the base (Game of Thrones unreleased episode come-ons).
A BGP fumble briefly shut down Japan's Internet yesterday.