Zscaler reports finding a campaign of malicious redirection from WordPress sites in the wild. Those responsible are exploiting a cross-site-scripting vulnerability in the platform's widely used WP Live Chat Support plugin.
As another database is found exposed online (this one a Chinese set of 45.2 million records culled from online dating sites, as CyberScoop and others report), Digital Shadows shares some glum perspective: the company thinks some 2.3 billion files are similarly exposed. Some are chickenfeed, others are "gold."
ESET is taking a close look at the Turla threat actor's latest capers, many involving Powershell exploits.
The International Committee of the Red Cross has released a study of the potential humanitarian costs of cyber operations. The report cites, as part of its motivation, the need to address the effect such incidents as WannaCry, NotPetya, and attacks on the Ukrainian grid have on delivery of essential goods and services to civilian populations. It also cites the increased willingness to conduct offensive cyber operations by countries other than Russia and North Korea. The ICRC's study is intended to inform the laws of armed conflict of how new cyber technologies might be constrained to ameliorate suffering from operations in this newly contested domain.
Baltimore thinks the ransomware attack on the city's systems will cost it around $18.2 million, when all is said and done, according to the Baltimore Sun. We're just spitballing here, but we guess it would have cost less to patch those systems two years ago (and even back them up).