Check Point reports finding an Iranian domestic spyware campaign. "Domestic Kitten," as some are calling it for now, appears to be targeting ethnic Kurds and Turks, and also potential adherents of ISIS.
Flashpoint has discovered a malicious website that spoofs the Jaxx cryptocurrency wallet site. The bogus site has been taken down; its goal was looting wallets.
F-Secure has found a firmware vulnerability that affects most laptops and desktops. It enables a variety of cold boot attack that exposes encryption keys and other sensitive information.
Armis reminds everyone that the BlueBorne Bluetooth bugs—BlueBorne is a set of nine bugs—are still out there. A year after its disclosure, patches for BlueBorne are available but users have lagged in applying them: about two-billion devices remain vulnerable, Armis estimates.
Microsoft has purged some three-thousand ads for dodgy tech support services that had appeared in association with Redmond's TechNet. Many of the them were swiftly replaced in altered form, which suggests the difficulties even the most straightforward and uncontroversial forms of content moderation face.
Such moderation will become even more important if the copyright protection measures enacted yesterday by the EU have their expected effect.
US President Trump yesterday signed an Executive Order setting up a process whereby election interference by foreign actors would trigger sanctions. Interference covered by the order includes both hacking and propaganda. The US Congress continues to work on its own measures for dealing with election security.
India's Aadhaar national identity system is again reported vulnerable to compromise.