We're pleased to announce that it's now possible to become a CyberWire Patron. Your support will help us continue to provide our free cyber security news service, the briefings and podcasts so many have come to use and enjoy. Thanks for your consideration, and as always, thanks for reading and listening. Become a patron today.

Bondnet nears weaponization? Blackmoon returns with improved framework. Google Docs worm phishing abused 0Auth. Carbanak ups its game. Extortion updates. India's Aadhaar national ID system in trouble.
Two interesting discoveries were announced this morning. GuardiCore Labs has identified "Bondnet," a botnet said to consist of thousands of servers. So far it's been applied to mining cryptocurrencies, but it seems ready for weaponization into a distributed denial-of-service platform. Fidelis Cybersecurity has announced the reappearance of the Blackmoon banking Trojan, now with a new man-in-the-browser framework. Blackmoon has so far afflicted mostly South Korean financial services.
A widely distributed and unusually plausible phishing episode hit Internet users yesterday afternoon with a spoofed Google Docs email. Like the Pawn Storm (a.k.a. Fancy Bear) techniques Trend Micro recently described, the Google Docs worm was spread by abuse of 0Auth. Google and Cloudflare responded quickly, containing the incident in about an hour, which is being widely praised as a "blue team win," but all would do well to remain on the qui vive.
Trustwave reports that the Carbanak gang has refined its intrusion techniques, using phone call "follow-ups" to see whether phishing marks have opened (and swallowed) the phishbait. Carbanak has also come under suspicion in recent restaurant hacks affecting the Chipotle, Baja Fresh, and Ruby Tuesday chains.
Cerber ransomware now has VM and sandbox evasion capabilities, but extortion is less confined to ransomware than it had been. The Netflix hack is seen as a bellwether: criminals increasingly threaten either DDoS or sensitive information disclosure.
India's Aadhaar national ID system is in trouble. Its legality is under court challenge, and it's believed to have leaked more than one-hundred-thirty-five million individuals' biometric records.
Today's issue includes events affecting China, European Union, Germany, India, Democratic Peoples Republic of Korea, Russia, United Kingdom, and United States.
A note to our readers: Today, of course, is World Password Day. More importantly, it's also Star Wars Day, and many have taken the opportunity to draw security lessons from Alderann to Tatooine to Scarif, as they do here, here, and here. Enjoy, and may the fourth be with you.
In today's podcast, we talk with Rick Howard from our partners at Palo Alto Networks. He'll be previewing this evening’s Cybersecurity Canon event (we'll be there, too). Our guest, Andrew Chanin of PureFunds, describes the upcoming Cyber Investing Summit (and we'll be at that one as well).