Hong Kong's Registration and Electoral Office has disclosed that the loss of two laptops taken from a locked room in the AsiaWorld-Expo conference center has exposed the personal information of some 3.7 million voters. The laptops are said to be encrypted, but how strong that encryption might be is unknown.
Just as physical loss can pose a threat to data and systems, so too can things physically found. Canada's Carleton University sustained a ransomware attack in November 2016, but the university has now found another, hardware-delivered threat: USB sticks left strewn about the campus. The devices contain a keylogger. It's unclear whether there have been any successful infections.
Trend Micro reports that Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a buffer overflow attack. This zero day is thought to have been exploited in the wild in July or August of 2016.
Trend Micro also reports that Cerber ransomware has shown signs of evolution into a more evasive form: it now has loaders delivered by self-extracting Dropbox files which seem designed to avoid detection by machine-learning security tools.
Researchers at Cure53 disclose bugs in Siemens RUGGEDCOM ROX I VPN industrial communication endpoints and firewalls. There are no patches, but Siemens has issued advice on mitigating the vulnerabilities.
VMWare has issued patches for moderate-to-critical vulnerabilities found in three of its products: ESXi, Workstation, and Fusion.
The Finnish Security Intelligence Services have released their annual report on national security. The cyber threat, especially from Finland's large Russian neighbor, receives prominent attention.