Over the weekend print operations at several major US newspapers were disrupted by a cyberattack. Saturday editions of the San Diego Union Tribune, the Baltimore Sun, the Chicago Tribune, the New York Times, the Wall Street Journal, the Los Angeles Times and other papers saw their editions delayed as the attacks on print plants affected production (New York Times). The attack, which is believed to have involved a variant of Ryuk ransomware, targeted Tribune Publishing, but not all of the affected papers were Tribune properties. A number of them, including the New York Times, and Wall Street Journal, contract to use Tribune printing services. Production resumed through reversion to various workarounds.
Attribution remains murky, but the Los Angeles Times reports that the attack is believed to have originated outside the United States. Neither Tribune Publishing nor the affected papers have reported receiving ransom demands, but the incident seems consistent with a ransomware attack. KnowBe4 and Check Point have pointed out circumstantial similarities between this attack and operations of the North Korean government (Ryuk being a descendant of Hermes, which has been attributed to the Lazarus Group). CrowdStrike thinks Eastern European criminals the probable culprits, and that those gangs may have used Trickbot in their attack (PC Magazine).
Rapid7 reports finding hard-coded credentials in Guardzilla home-surveillance video systems.
Alleged NSA leaker Hal Martin succeeded in having incriminating statements he made during a 2016 FBI raid on his house suppressed: he wasn't Mirandized. But physical evidence the Bureau collected is still admissible.