Industry continues to pore over last Friday's ShadowBrokers' leaks, which the Brokers claim disclose NSA hacking tools. Consensus holds that some of the attack code does indeed represent a threat, as its now open to hacker use in the wild. Some observers think the incident should prompt re-evaluation of the US Intelligence Community's Vulnerabilities Equity Process: if the leaks are genuine, they argue, there's no safe place to keep zero-days. But it would seem quixotic to expect intelligence services anywhere to foreswear productive collection techniques, even in the cause of herd immunity. Rapid7 advises patching, and thinking hard about securing end-of-life systems you can't do without.
Where the ShadowBrokers got their wares remains unknown (the same might be said for WikiLeaks and Vault 7). Presumably investigation is underway.
In cybercrime news, the hoods behind the BankBot financial malware continue to find ways of getting Trojanized apps into Google's PlayStore.
Check Point warns that pixel-tracking, a familiar marketing tool used to track email opens, is being exploited by criminals performing target reconnaissance to improve their phishing success.
Two weeks ago Radware described BrickerBot, a misguided vigilante attempt to permanently kill poorly secured IoT devices. There's now apparently another vigilante working the Internet-of-things, the Hajime botnet, initially seen as simply a Mirai competitor with an obscure purpose. Hajime now looks like more vigilante coding, less destructive than BrickerBot, but arguably still misguided.
Oracle releases 299 patches, a record for the company. Among the problems addressed is the Solaris vulnerability the ShadowBrokers disclosed.