WikiLeaks' release of alleged CIA cyberespionage tools in Vault 7 continues to prompt concerns over the risk all enterprises face when such tools hit the wild. Similar concerns surround the presumably independent release by the ShadowBrokers of what the group claims are NSA tools. One of those, the "DoublePulsar" backdoor affects large numbers (36,000, according to estimates by security firm Below0Day) of unpatched Windows machines worldwide. Countercept has released a tool that promises to determine whether a system has the DoublePulsar implant. And, of course, users are advised to patch their systems.
US investigations of the apparent leaks proceed, but without much public comment about progress. The US Justice Department has taken a renewed interest in indicting and prosecuting WikiLeaks' Julian Assange, still resident in Ecuador's London embassy.
A US court at the end of last week handed down the stiffest sentence on record (twenty-seven years) to Roman Valeryevich Seleznev, Russian carder and son of Valery Seleznev, an influential member of Russia's Duma. Seleznev fils was arrested in the Maldives in 2014, extradited to Seattle, and convicted in August 2016. In mitigation he unsuccessfully pleaded a difficult Vladivostok childhood.
Google has ejected SMSVova spyware from the PlayStore.
Researchers at security company Incapsula report finding a large and evasive spam campaign hawking counterfeit pharmaceuticals. More than 80,000 unique IP addresses are serving the spam. It's a large criminal campaign, the latest iteration of the "Canadian pharmacy" scam long pursued by organized gangs, most of which appear headquartered in Russia and Ukraine.