ESET reports that Fancy Bear (Russia's GRU, or, if you insist, Mr. Putin, Russia's "GU") is deploying a rootkit against its foreign targets. They're active so far mostly in the Balkans and other Central and Eastern European countries, and the kit they've deployed is "LoJax," malware developed from the LoJack anti-theft software. The attribution to Fancy Bear is, as is usually the case, circumstantial but compelling, based on the presence of other known Fancy Bear hacking tools.
Another ESET researcher has found a banking Trojan masquerading as a call recording app in Google's Play store. The bad app is, or was, since Google has now booted it out, called "QRecorder."
Cisco's Talos unit looked into VPNFilter malware and has discovered that it's even more capable than initially believed. The researchers found seven additional modules in VPNFilter. They think it was designed to debut against Ukrainian targets on the anniversary of the NotPetya attacks, but they also note that VPNFilter was also designed to be a long-term attack platform. The malware is particularly adapted for IoT attacks, especially against vulnerable routers.
Duo Security reports finding an authentication weakness in Apple's Device Enrollment Program that could be exploited for privilege escalation or rogue device deployment.
Yesterday's hearings in the US Senate covered online privacy. Big Tech expressed general approval of privacy regulations. Some of the GDPR's requirements are onerous, but they like consistency and predictability.
One of the suspects in the Salisbury nerve agent attacks has been identified as a GRU colonel.