Ukraine yesterday accused Russia of conducting new cyber attacks on Ukrainian infrastructure. Oleksandr Tkachuk, chief of staff of Ukraine's security service, said at a press conference that Russian intelligence services were orchestrating a campaign that enlisted the aid of both security firms and criminal hackers to attack Ukraine's energy and financial sector. Tkachuk claimed that the intelligence Ukraine had developed suggested that the threat actors were those responsible for the BlackEnergy malware implicated in earlier attacks on his country's power grid.
CrowdStrike CTO Dmitri Alperovitch described how threat actors (again, principally Russian ones) had adapted their tactics since last year's influence operations directed against US elections. Alperovitch sees a trend: hackers are likelier than before to release compromising information taken from their targets, and they're showing a new readiness to alter that information before disseminating it.
Researchers at VU have published a method of bypassing the address space layout randomization (ASLR) protections in major browsers and operating systems. Should this exploitation method be confirmed, it would have serious general implications for security.
In industry news, Yahoo! may be reducing the asking price in its planned acquisition by Verizon. Reports suggest Yahoo! may now be willing to accept more than $300 million less initially planned. The reduction is seen as having been reduced as a result of the very large breaches Yahoo! disclosed last year.
Western security, intelligences, and diplomatic services make a concerted attempt to counter ISIS messaging.
US President Trump offers the National Security Advisor post to Robert Harward.