A recently patched .NET vulnerability, CVE-2017-8759, is being exploited in the wild by a threat actor believed to be operating from China, possibly under Chinese government control. Most recently Proofpoint has seen this threat group active against a US research center and shipbuilding industry targets. Proofpoint calls the cyber espionage group "Leviathan." Leviathan is using "torpedo recovery programs" as phishbait.
F-Secure last year observed the group's NanHaiShu malware deployed against Philippine targets. F-Secure hasn't attributed the activity to the Chinese government, but others perceive connections between the threat actor and attempts to advance Chinese interests in disputes over territorial waters in the South China Sea.
The ATM malware "Cutlet Maker" is able to jackpot the cash machines (a video of what this looks like is available on Bleeping Computer) and Kaspersky has found it for sale in criminal markets for $5000. Cutlet Maker comes bundled with a password generator and an app that can tell the crooks what's inside the particular ATM they're working.
Locky seems to be holding its place atop the ransomware leaderboard.
A New York judge is shocked to learn that the NYPD's large evidence database isn't backed up.
CyberArk describes a proof-of-concept it's calling "BoundHook" that enables post-intrusion application hooking and stealthy manipulation in Intel’s Skylake microprocessor. Microsoft calls BoundHook more stealth technique than exploit, since it functions to conceal activity in an already compromised machine.
More malicious apps surface in Google's Play Store, among them Sockbot, malware that ropes Minecraft-playing devices into a botnet.