A spearphishing campaign against Palestinian law enforcement officials is reported to be underway. Its use of Micropsia malware and its development in Delphi lead Check Point to suspect that it's the work of the same group Cisco's Talos Labs and Palo Alto's Unit 42 found engaged in a similar campaign last year. Check Point speculates that the group may be affiliated with Hamas.
A wallet operated by Bancor, a cryptocurrency exchange that raised $150 million in a 2017 ICO, has been compromised, and thieves are said to have made off with $10 million in Bancor’s own BNT, $12.5 million in Ether, and $1 million in Pundi X’s NPXS. Bancor has frozen BNT, but says it can't do much about the Ether or NPXS.
ESET has found an espionage group, BlackTech, using certificates stolen from Taiwanese firms D-Link and Changing Information Technology Inc., to sign Plead backdoor malware. BlackTech has been most active against East Asian targets.
The Polar Flow fitness app, popular among soldiers, spooks, and others professionally devoted to staying fit in odd corners of the earth, may be oversharing. According to Bellingcat, at issue is its "Explore" feature, which lets users find new routes and activities near them that other users have shared. Patterns of activity reveal locations of sensitive sites and (because people tend to turn the tracker off when they get home) the residences of the users.
Apple has issued iOS fixes and updates. Microsoft will have its regular Patch Tuesday updates later today.