Palo Alto's Unit 42 thinks the Sofacy Group is quietly changing its tactics. Sofacy, generally regarded as belonging to Russia's GRU (a.k.a. Fancy Bear, Pawn Storm, Sednit, or Tsar Team) had tended to prospect a small number of selected individuals within a targeted organization. They also tended to use the same exploits and malware against those individuals. For all of Fancy Bear's reputation for being noisy, this is a relatively unobtrusive approach. But now Unit 42 sees the group adopting parallel attacks, a "shotgun" approach to many more individuals. They're also using a more diversified set of exploits and malware, presumably to achieve higher infection rates.
Intezer researchers say they've found a backdoor in the wild that's based on Hacking Team tools.
Guardicore Labs describes Operation Prowli, a campaign that manipulates traffic and mines cryptocurrencies. There are roughly 40 thousand infected machines in a wide range of organizations and sectors.
VPNFilter is not only attempting to reconstitute its botnet of routers, but it's now been found to infect more models than it had formerly captured. Cisco's Talos unit has found infestations in ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE devices.
Retailers pull CloudPets from their physical and virtual shelves. The plush toys share audio messages in a cloud, which is fine, but those messages transit an unsecured MongoDB server.
Seeking to return to American good graces ZTE pays a $1 billion fine and replaces its leadership.
The US Senate wants answers from both Facebook and Google about data-sharing with Huawei.