Kaspersky Lab reports finding a new version of Shamoon, which it's calling "StoneDrill." Like its progenitor, StoneDrill is destructive, deploying a wiper across infected machines to destroy data. Kaspersky discovered StoneDrill in the course of investigation the three waves of Shamoon 2.0 attacks that began in November 2016.
StoneDrill is more evasive than Shamoon (it avoids execution in sandboxes) and includes "mostly Persian resource language sections." (Shamoon 2.0 featured Yemen's version of Arabic; Kaspersky notes that both language cues could easily be false flags.) It's begun to turn up in Europe, indicating its potential spread beyond its original Saudi range. The threat group associated with Shamoon, and probably with StoneDrill, is Charming Kitten (a.k.a. Newscaster and NewsBeEF), thought to be an Iranian group. Kaspersky, however, offers no attribution.
Malwarebytes warns that a Trojanized version of Facebook Lite for Android targets Chinese users with Spy FakePlay.
In the US, center-left and progressive advocacy groups are subjected to online blackmail: Russian hackers (thought to be criminals and not intelligence services, although, as Bloomberg observes, in Russian operations that can be a difficult line to draw) threaten to release embarrassing emails and shared documents.
In M&A news, CA buys Veracode for $614 million. Edwards acquires Evolved Cyber Solutions, Inabox buys Logic Communications, and Okta acquires Stormpath.
In the US, Congress considers legislation that would permit hacking victims to access their attackers' non-cooperating systems to determine attribution. Observers are divided as to whether this is a good idea.
The Obama-Trump wiretapping dust-up remains...unclear? Uncomfortable?