Dragos this morning released a report on ALLANITE, a threat actor the company says has been actively prospecting US and UK electrical utilities. They've observed "watering-hole and phishing leading to ICS recon and screenshot collection." ALLANITE resembles the Russian Palmetto Fusion group the US Department of Homeland Security described last year. Its target set is similar to Dragonfly's, but Dragos assesses ALLANITE's technical capabilities as being significantly different from those exhibited by Dragonfly.
As the US announced its intention to withdraw from the Iranian nuclear deal, concerns have risen over the prospects of renewed Iranian cyber offensives. Observers think it likely that a cyberattack attributable to Iran would draw a strong US reprisal. Recorded Future offers a lengthy assessment of Iran's cyber establishment. One interesting note: Tehran depends upon competing contractors for most of its offensive capabilities. Studies of wiper malware issued this week by Cisco's Talos group are worth reviewing as US-Iranian tensions rise.
Aqua describes an image-pull vulnerability in Windows. They're calling it "Jack-in-the-Box."
Cyber criminals continue to make good (bad) use of EternalBlue.
Signal's disappearing messages apparently don't disappear, at least not by default. Self-deleted messages persist for some indefinite period in macOS's Notification history.
Chinese device maker ZTE may be down for the count. US sanctions that prevent it from buying from US suppliers have induced it to cease major operations. Deprivation of Android software and Qualcomm chips appears to have been the final blow.
Gina Haspel's confirmation as US Director of Central Intelligence remains contentious.