Three quick updates on investigations into apparent state-sponsored cyber operations. The US Department of Homeland Security's cybersecurity lead Jeanette Manfra said that Russia's GRU (Fancy Bear) targeted voter registration data in twenty-one states, and succeeded in "a few" cases. She said data were not manipulated during the incidents, which have been discussed on-and-off since late 2016.
An AP report describes another Fancy Bear campaign, this one a phishing expedition against mostly US Defense contractors for technical intelligence.
And the third is an update on North Korea's exploitation of a Flash Player zero-day against South Korean targets. Investigators believe Pyongyang purchased the zero-day from some third-party.
Netskope has a report on a newly discovered strain of malware, "ShortJSRAT," that uses cloud apps to deliver malicious Windows scriptlets.
Cylance offers a report on the URSNIF family of information stealers.
Researchers at Radiflow report finding a cryptominer infestation in a European water utility, marking cryptojacking's long-expected approach to the industrial Internet-of-things.
A malicious Reddit spoof site has been found-it's engaged in credential harvesting.
If you thought the Nigerian prince scam was exposed and over, think again: a variant is using Twitter to inveigle marks out of cryptocurrency.
A US-led international effort has taken down the long-running "Infraud" carding gang, thought responsible for more than $530 million in losses to consumers over the last seven years. Thirty-six alleged hoods have been indicted; thirteen of them are in custody, the rest on the lam.
Intel has issued another Spectre patch, this for its Skylake chips.