Yesterday Adobe patched a Flash Player zero-day (CVE-2017-11292) that Kaspersky Lab discovered being exploited in the wild. The exploitation, attributed to the little-known and less-understood threat actor "Black Oasis," was installing FinFisher spyware into selected targets.
It's been revealed that a 2014 North Korean cyberattack against British production company Mammoth Screen prompted cancellation of a projected television series. The show, "Opposite Number," had a plot revolving around the imprisonment of a British nuclear scientist in the DPRK. This is the second major known hack of a media company related to Pyongyang's objections to media content. The other case, of course, is the Sony hack.
An Infineon firmware patch closes a vulnerability that could be exploited to reveal private encryption keys in a fast prime attack. A proof-of-concept uses a variant of the Coppersmith's attack ("ROCA," for "Return of Coppersmith's Attack").
Much advice is offered on protection from from the KRACK wi-fi vulnerability. Several vendors have issued patches to deal with the issues, but it's likely to persist for a long time, especially in the Internet-of-things.
WikiLeaks' Julian Assange has tweeted out some odd code that looks like the "insurance code" released in advance of past major leaks.
Yesterday the US Department of Homeland Security issued Binding Operational Directive 18-01. This will require US Federal agencies to adopt DMARC security standards to increase email and web security.
The US Supreme Court has agreed to hear an appeal of a Second Circuit decision that exempted data stored abroad from US search warrants.