Trend Micro, seconded by Qihoo 360, reports that North Korean operators are exploiting a vulnerability in the VBScript engine to compromise targets in Pyongyang's DarkHotel campaign. DarkHotel is related to DarkSeoul, and thence to the 2014 Sony Pictures hack.
Researchers at Proofpoint warn against a new malware strain, "Marap," which is being distributed in a large spam campaign run through the Necurs botnet. Marap is a malware dropper. The current campaign seems directed largely against the financial sector.
Two interesting proofs-of-concept have been reported. Researchers at Secarma describe a PHP exploit usable against content management systems. And Georgia Tech researchers demonstrate a new side-channel attack that can extract encryption keys from mobile devices.
Industry seems not to be buying the Australian government's contention that the country's new cybersecurity regulations won't amount to the equivalent of mandatory backdoors.
Dissatisfied with voluntary moderation, the EU is preparing anti-terror measures that will require social networks to yank radical content within an hour of notification.
Russia appears likely to continue its attempt to influence US elections, as the Atlantic Council and others warn. US National Security Advisor Bolton says it's not just Russia, either—the other three members of the Familiar Four (China, Iran, and North Korea) are interested in elections, too. Techniques vary. Russia favors media amplification of disruptive memes, China seeking influence through think tanks and universities, and Iran and North Korea probably building on past hacking successes.
Smart cars know lots about their drivers, and companies want to monetize those data.