Russian banks are reported to be under attack (again) by the RTM gang, which operates a phased campaign: backdoor, compromise, reconnaissance, data exfiltration, and theft of funds.
Trustwave reports a "remotely exploitable issue in the Telnet administrative interface" of various DBLTek devices: a flawed proprietary challenge-and-response authentication system could give an attacker root access to a device.
ThreatGeek reports on how the privacy-friendly messaging app Telegraph is being exploited by phone scammers. Messaging apps are becoming more popular with scammers as a way of evading do-not-call rules. If a scammer already has a phone number in their contact list, Telegram will tell them if that number is associated with a Telegram account.
Sucuri researchers report finding an SQL injection vulnerability in the NextGEN Gallery WordPress plug-in.
ZScaler has patched a cross-site scripting bug in its admin portal. Rapid7 discloses eight vulnerabilities in its products and issues either patches or mitigations for them. Slack has fixed a cross-origin token-theft vulnerability in its popular cloud-based collaboration tool.
Yahoo!'s investigation of its breaches reveals little to the company's credit.
There are other issues of phone privacy and the regulation thereof under discussion in the US. The FCC, as expected, has voted to back away from privacy rules the broadband industry argued were unfairly burdensome. And in response to a series of bomb threats, some Senators (notably Charles Shumer, D-NY) are asking the FCC to grant Jewish Community Centers permission to bypass caller-ID blocking.
Mutual suspicious between Russia and the US in cyberspace continue.