Fancy Bear (APT28, or, to name it directly, Russia's GRU) is snuffling around people thinking about attending next month's CyCon conference in Washington, DC. Sponsored jointly by the US Army Cyber Institute and NATO's Cooperative Cyber Defence Centre of Excellence, this year the well-known conference takes "the future of cyber conflict" as its theme. Fancy Bear is phishing for prospective attendees with a baited Word document that carries Seduploader as its payload. Seduploader is a reconnaissance tool useful in determining which targets deserve closer attention. The phishbait document, a cut-and-paste job designed to look like an event flier, is "Conference_on_Cyber_Conflict.doc." Stay away from it and the malicious Visual Basic for Applications (VBA) macro it contains.
Security experts are still waiting for the Reaper (also called "IoTroop") IoT botnet storm to hit. Many think the distributed denial-of-service campaign Reaper appears being readied for to dwarf Mirai's.
Kaspersky's counter to the US Government's ejection of the company's software from Federal networks (and the non-governmental users who are following suit) is an offer of a "Global Transparency Initiative," in which the company would offer its source code for public, independent inspection.
A Twitter executive was apparently successfully trolled by Russian influence operators in 2016, induced to retweet positive stories from a bogus Black Lives Matter activist. Observers take the incident as a cautionary tale of how grooming influencers works.
Two active malware campaigns bear watching in the wild: MacOS Proton backdoors distributed through Trojanized Elmedia players, and Magniber ransomware circulating through East Asia.