If you're a fan of the CyberWire, please vote for us today in Maryland Cyber's People's Choice Awards. (And thank you for your support.)

Spam returns, now in pump-and-dump mode. Vulnerability in Moodle affects universities. IRS warns of scams, suspends vulnerable tool. UK joins US in restricting laptops from some flight carry-ons. No solution yet to ISIS messaging. Investigations and recriminations over Russian influence operations.
Spam surged this week after a global drop-off dating to mid-December of 2016. The December-to-March hiatus occurred when the Necurs botnet ceased activity, apparently at its masters' command. Its sudden return seems due to a pump-and-dump penny stock campaign. Naked Security says the attempted manipulation involves InCapta Inc. (INCT), a pink-sheet-listed media company, but the scam seems to be a third-party caper.
Necurs had formerly been used principally to distribute ransomware. This reappearance of the criminal botnet with a new purpose doesn't mean that ransomware is yesterday's news: the SANS Internet Storm Center continues to track new Cerber infestations daily.
A vulnerability in Moodle's content management systems, widely used in universities, could expose academic servers to compromise. eLearning platforms are particularly at risk.
In the US, the IRS and the Department of Education have suspended their online Federal Student Aid (FSA) tool. The IRS's related Data Retrieval Tool was suspended as security precaution. It appeared leaky.
Investigation and recriminations continue to surround US election hacking.
Security services worldwide grapple with ISIS messaging.
UK authorities have joined the US in prohibiting large electronic devices from being carried aboard airline flights originating in specific airports. Tunisia, Turkey, Lebanon, Saudi Arabia, and Egypt are affected. The UK referenced only "evolving terrorist threats"; the US cited intelligence indicating jihadist plans to conceal explosives in devices like laptops.
US armed services are looking for ways of punishing bad online behavior. Whatever they come up with will no doubt fall under Article 134 of the UCMJ.
Today's issue includes events affecting Australia, China, Egypt, Finland, Jordan, Lebanon, Russia, Saudi Arabia, Tunisia, Turkey, Ukraine, United Arab Emirates, United Kingdom, and United States.
In today's podcast, we hear from our partners at the Johns Hopkins University as Joe Carrigan offers his take on the Cloudbleed bug. Our guest is Philip Susmann (from the Norwich University Applied Research Institutes) on Norwich's DECIDE cyber security simulation platform.
Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security. And see also Cylance's video interview with our Producer.