As US Congressional and other attention continues to be lavished on the threat that Russia poses (by general consensus and specific evidence) to both infrastructure and elections, security firms warn of an increase in cyber activity emerging from Iran. Palo Alto Networks repeats its warnings of the OilRig campaign against the energy sector. Symantec notes that the Leafminer group, also thought associated with Tehran, represents a rising threat, still stumbling, but also clearly on its way up. Iran's recent cyber activity has focused on regional rivals and associated targets, but this seems a matter of strategic decision and not necessarily a sign of limited capability.
LifeLock, the well-known identity protection company, has fixed a problem with its systems that enabled any interested party to browse and index customer email addresses to customer accounts. It would have been possible for an attacker to unsubscribe customers from LifeLock communications. More seriously, it could have facilitated spoofing millions of LifeLock customers with phishing emails purporting to come from LifeLock.
The US Department of Homeland Security has warned businesses that hackers are actively targeting SAP and Oracle enterprise resource planning (ERP) systems. There's been a dramatic rise in attacks detected, and also a spike in dark web chatter related to ERP vulnerabilities. The attackers represent the full mix of usual suspects: criminals, hacktivists, hobbyists, and espionage services.
TrendLabs is tracking Underminer, a cryptojacking bootkit with an encrypted TCP tunnel.
Australia and the US appear ready to take a more assertive joint position in cyberspace.