Hopes that reduced nuclear tensions on the Korean peninsula would moderate North Korean hacking seem on their way to being dashed. South Korean sources say that DPRK cyberattacks have continued essentially unabated.
Researchers at Fortinet have found a new variant of the Mirai Internet-of-things botnet in the wild. They call it "Wicked," and say that is uses three modules: "Scanner," "Attack," and "Killer." Unlike the original Mirai, which brute-forced its way into vulnerable connected devices, Wicked makes use of known exploits to establish access. It scans ports to establish a connection with its targets and uses an exploit appropriate to that connection. Wicked seems to be the work of the same coder who produced the Sora, Owari, and Omni botnets.
RiskIQ has a report out on MEWkit and the Russian mob behind it. MEWkit is an Ethereum phishing tool that makes novel use of automation in its attacks.
KrebsOnSecurity says that LocationSmart, a US company that aggregates cell phone location data, has been leaking those data through a buggy demo page on its website. The flaw granted access without requiring authentication. LocationSmart took down the relevant portions of its site yesterday afternoon upon being informed of the problem. AT&T, Sprint, T-Mobile and Verizon customers could have had location data exposed.
Office 365 is proving increasingly popular as phishbait.
In what amounts to a dog-bites-man story, the Wall Street Journal says a lot of cryptocoin investment offers are scams.
The US Senate yesterday confirmed Gina Haspel as Director of Central Intelligence.