The unnamed country behind a recent cyber campaign against Israeli targets has been named: research by Morphisec, confirmed by iSIGHT Partners, points to OilRig, also known as "Helix Kitten," an Iranian threat actor. Israel's National Cyber Defense Authority says the attacks were blocked. The attacks sought to exploit a known (and patched) vulnerability in Microsoft Word, CVE-2017-0199.
McAfee researchers conclude that recent Shamoon attacks were conducted by the same group that first mounted them in 2012, and that group too is generally believed to be working on behalf of Iran's government.
Vigilante IoT botnet Hajime has herded in some 300,000 devices, to most security experts' dismay. In its struggle with Mirai, rival and more destructive vigilante-ware BrickerBot is said to have interrupted Sierra Tel's ISP service earlier this month.
Forcepoint identifies a new variant of Geodo/Emotet banking malware pursuing targets in the UK.
Thales e-Security has published a study of data security in the US Federal sector.
The US Administration again refuses to say whether it hacked North Korean missile tests. Some in the media (particularly in the UK) take this as an admission that the US did indeed hack them, so speculation proceeds apace, especially among those unfamiliar with the many ways missiles fail.
Government countermessaging programs—information operations designed to combat ISIS—draw tepid reviews even as lethal strikes have an increasingly clear effect on the Caliphate. Facebook publishes a study of information operations that draws some useful distinctions and offers operators some insights into this difficult art.