Authorities in the Five Eyes yesterday said, in coordinated announcements, that China's Ministry of State Security had attacked managed service providers with a view to using the MSPs' as an avenue of approach into their customers' enterprises (Washington Post). They didn't say which MSPs were so attacked (the campaign is the one known for some time as Operation Cloudhopper) but Reuters reports that its sources say IBM and Hewlett Packard Enterprise were two of the them. IBM says its customers weren't harmed, and HPE has declined comment.
For its part China has dismissed the allegations as "slander" (Reuters), but it seems increasingly likely that Beijing won't find many takers in the developed world for its claims of innocence and ill-use. (Tu quoque maybe, but even that's stretching it.)
McAfee researchers link Shamoon 3 to Iran (Infosecurity Magazine).
Blind, the anonymous social networking app that had appealed to whistleblowers, malcontents, and others who wished to discuss their employers without fear of retribution, proves to be less blind than thought. One of its servers was left exposed, without so much as password protection (TechCrunch).
Companies continue to suffer social engineering attacks from criminals working through Google cloud (ZDNet). The tactic is believed to help them cover their tracks and lend credibility to their come-ons (Dark Reading).
Alexa has done some oversharing (Motherboard), and creeps are poking around in Nest baby monitors (Washington Post).
The tiresome hitman extortion scam is back (HackRead). It's no more plausible than it was the first time around.