McAfee researchers report finding a hitherto unremarked "data reconnaissance implant" that's targeting Korean speakers. They're calling it "Oceansalt," an homage to the earlier Seasalt implant that the old Chinese Comment Crew used back in 2010. Indeed, Oceansalt reuses code from Seasalt. The Comment Crew, also known as APT1, is thought to have gone dormant since its exposure in 2013, but a copycat seems to be back. Operations are thought to be closely targeted, with implants distributed via two compromised sites based in South Korea, and to be prospecting targets in Canada and the US as well as in the Republic of Korea.
Facebook has concluded that the breach it recently sustained was the work of criminal spammers, and not a nation-state's intelligence service.
Twitter has released a trove of Russian tweets issued at the time of the UK's Brexit vote—the sockpuppets were for it.
Iranian operators have been using fake social media personae in (relatively ineffectual) attempts at influencing US elections.
Researchers at Poland's Silesian University of Technology have found remote code execution vulnerabilities in D-Link routers. SecurityWeek says no fixes appear to be available. Cisco Talos researchers have found flaws in Linksys E-series routers, but there are patches available for these.
NBC News sends GCHQ's National Cyber Security Centre a mash note, saying the US has nothing like it, and should copy it. We're fans of the NCSC, but perhaps NBC is overlooking the Department of Homeland Security's National Protection and Programs Directorate. NPPD fills a similar role.