The Apache Struts vulnerability patched last week is now undergoing active exploitation in the wild. Volexity reports that it's being used to run a cryptojacking campaign against unpatched systems.
A previously unknown Microsoft Windows local privilege escalation zero-day was announced on Twitter late Monday by "SandboxEscaper," whose Twitter account disappeared shortly thereafter. CERT/CC quickly verified that the zero-day was real, and that it worked against "a fully-patched 64-bit Windows 10 system." The vulnerability exists in Windows' Task Scheduler and has been given a CVSS score of 6.4—6.8. There are no known work-arounds, but Microsoft has also confirmed the issue, and is believed to be working on a patch.
The complexity of attribution and the correspondingly complicated connections among threat groups are on display in a Trend Micro account of "Urpage," whose activities are interestingly similar to those of Confucius, Patchwork, and Bahamut.
TheTruthSpy, which Motherboard and others call a "stalkerware" vendor, was hacked, losing logins, audio, images, text messages, and other data.
As operational technology experts at Applied Control Solutions continue to warn of potential security issues with power plant's process sensors, researchers at Cybereason point out that criminals also pose a threat to the grid. Unlike nation-states, cybercriminals may not mean to turn the power off, but they might do so inadvertently.
Reuters reports that an Iranian influence campaign major social media platforms have struggled with is bigger than initially believed. One indication of its size is the effort's linguistic reach: Reuters counts Iranian information operations in eleven languages.