Microsoft has warned of macro-less malware that exploits a recently discovered vulnerability in the company's Dynamic Data Exchange (DDE) protocol. Even if users take the precaution of not enabling macros, exploitation of DDE can still affect them through Word documents, Excel spreadsheets, or Outlook files. One threat actor using this attack vector in the wild is Fancy Bear (Russia's GRU).
There's no honor among thieves, and sometimes that's a bad thing for the rest of us. Researchers at NewSky Security discovered one hacker who realized that hype and fear surrounding the Reaper botnet (which still seems not to have done much, by the way) would lead poorly-skilled crooks to look for ways of riding the Reaper train. So he put a backdoored PHP script out to attract skids looking for vulnerable IoT devices. The effect was to enable the skids to create their own Reaper-like botnet, but one that was incorporated into the code author's own Kaiten botnet.
Concerns about the vulnerability of transportation modalities rise. A team of researchers has demonstrated the possibility ("in a non-laboratory environment") of hacking a Boeing 757 airliner. They were able to establish remote presence in non-cooperating avionics. In the maritime shipping sector, many now believe that Maersk's experience with NotPetya demonstrate merchant vessels' vulnerability to cyberattack.
The electrical power industry raises another alarm about the threat of cyberattack. Attribution remains as difficult as ever.
Accidental code deletion has rendered a lot of ether digital currency—about £214 million—inaccessible, perhaps frozen, perhaps gone.