Ukrainian authorities attribute BadRabbit ransomware to Black Energy, the threat group they also believe was behind NotPetya. Ukraine and many (most?) security experts believe Black Energy operates in the interest and under the direction of the Russian government. (Moscow denies this, and also denies that it's carried out cyberattacks against Ukraine.)
A North Korean spokesman has denounced the UK's attribution of WannaCry ransomware to Pyongyang as a "wicked attempt" to ratchet up sanctions against North Korea. But global banks are not disposed to take the DPRK's protestations of innocence at anything approaching face value. The financial sector is taking steps to secure itself not only against the sort of SWIFT exploitation that diverted millions from Bangladesh Bank's holdings through fraudulent wire transfers, but also against the more destructive wiper malware the DPRK has deployed against other targets.
There's also some more traditional espionage news concerning the two Koreas: a South Korean lawmaker has accused the North of stealing sensitive warship plans.
A new ransomware campaign, "ONI," has been observed in operations against Japanese targets. Like a number of other apparent ransomware efforts, WannaCry and NotPetya prominently among them, ONI may blur the lines between ransom and simple disruption. Cybereason, which has been tracking ONI, says the ransomware (or wiper) was deployed only to active directory servers or what Cybereason calls "critical assets."
A phishing campaign underway in the wild is seeking to obtain Facebook or YouTube credentials.
Cyber companies continue to sell their certificate authority business. Comodo is the latest.