A wave of attacks on financial institutions appears linked, acording to researchers at Symantec and BAE. The malware discovered in a range of watering hole attacks, which is being called "Ratankba," is thought to bear signifcant similarities to that used by the Lazarus Group, a criminal organization believed by many to be linked to North Korea and the 2014 Sony hack. Polish media had initially suspected the campaign to originate with Russian security services; this is now being called into doubt.
"Fileless" malware continues to concern telecoms, banks, and government agencies as this particular mode of attack continues its spread.
Researchers demonstrate proof-of-concept exploits against industrial control systems, including those used in water and electrical utilities.
The SANS Internet Storm Center reports that Microsoft has delayed patches scheduled for release today. Adobe has patched thirteen Flash vulnerabilities.
In industry news, Convergence Technology has acquired Deep Run, WiseKey has agreed to buy Quo Vadis, and HALOCK buys Eclipsecurity. InSights secures a $13 million Series B funding round.
Threatpost reports that governments are "distancing" themselves from advanced persistent threats, but such distancing is merely an enhancement of plausible deniability: they appear to be making more sophisticated use of third-parties, outsourcing attacks to cut-outs.
Microsoft has called for a "Geneva Convention" in cyberspace. This goes beyond the protection of noncombatants the original Geneva Conventions sought to provide. Microsoft is interested in promoting general international norms of cyber conflict.
US National Security Advisor Michael Flynn, criticized for ties to Russia, has resigned his post.