Blackberry Cylance has a new report on OceanLotus, also known as APT32 or Cobalt Kitten. The Vietnamese threat group uses steganography (in the form of a png image file) to carry its loader to the target.
e-sushi, a self-described dabbler in cybersecurity and other things, called out Facebook Sunday for asking people to give up their third-party email credentials so Facebook can "automatically" verify those accounts. Yesterday the Daily Beast confirmed that Facebook is indeed doing this. Facebook says their intentions were good and they didn't actually store passwords, but they understand, and have stopped this form of verification. It struck most observers as appallingly bad practice.
Remote Administration Tool or Remote Access Trojan? If you ask the author of Orcus RAT, it's the former. If you ask the Mounties, it's the latter. KrebsOnSecurity has an account of last week's raid on Orcus Technologies.
Haaretz says OpIsrael preparation has begun, as hacktivists infect some one-hundred-twenty Israeli sites. OpIsrael is expected on April 7th.
Bitcoin's price spiked above $5000 early this week. The Telegraph and others think an April Fool's prank was behind the bull rush.
In a very odd incident, the US Secret Service Saturday detained a woman who showed up at President Trump's Mar-a-Lago. She was seeking entrance to a non-existent event, and was carrying a laptop, four phones, and a number of dongles, loaded with a lot of what the Miami Herald helpfully calls "malicious malware." She also had a Chinese passport and an interest in international trade.