On Sunday Finland sustained a major distributed denial-of-service attack (the country's information and communications technology center, Valtori, called it "the biggest attack we've had in the past few months," implying a relatively high rate of attack). Several citizen-facing websites were unavailable, including the national online identity verification service Suomi.fi. The defense ministry was unaffected. There's no attribution yet, but earlier DDoS attacks have been ascribed to unnamed foreign actors.
Concerns about state-sponsored attacks on industrial and consumer Internet-of-things devices remain high. In the US, these concerns continue to center on Russian activity. There have been recent warnings about GRU compromise of home routers—known about for some time but only imperfectly redressed, such devices being notoriously easy to ignore when patching. Other concerns focus on the power grid, where GRU probes of utility business networks have been widespread. Congress continues to push the Administration about grid security.
Smart city technology presents an especially attractive attack surface. There's a growing concern about the sensors that technology deploys.
A patch for NetComm 4G LTE Light industrial M2M routers is out, addressing a critical vulnerability. Users are advised to patch quickly.
Oracle has addressed a vulnerability that could compromise an Oracle Database and grant shell access to underlying servers.
It's Patch Tuesday, with Microsoft and others expected to roll out fixes over the course of the day.
President Trump has signed legislation barring ZTE and Huawei devices from Federal enterprises. Other sanctions, particularly against Russia and Iran, are widely expected to prompt cyber-retaliation.