E&E News says the North American Electric Reliability Corporation (NERC) issued a non-public warning to utilities that Xenotime, a threat hitherto seen mostly in the oil and gas sector, has been conducting reconnaissance against the grid. The warning is based on research by Dragos, which says that the "activity group" has evidently expanded its target list to the electrical power sector without necessarily abandoning its earlier interests. Dragos thinks Xenotime should be taken seriously (it is, after all, the group responsible for Trisis/Triton, which affected some industrial safety systems), but cautions against overhyping the problem: "no new capabilities [are being] deployed and [the activity observed amounts to] early reconnaissance not compromises of electric utilities."
At least two hacking groups are exploiting the "Return of the Wizard" remote code execution vulnerability in Exim mail servers that was publicly disclosed last week, ZDNet notes. Exim servers handle a large fraction of the world's email traffic, and users are urged to patch. BleepingComputer suggests that an encouragingly large fraction of users are doing just that.
AP reports that a fictitious persona, "Katie Jones," is seeking connections on LinkedIn. The story speculates that the fictional Ms Jones is a catphish deployed by a foreign intelligence service, trolling for recruits. The affair is reminiscent of 2010's Robin Sage experiment. Katie Jones, however, represents an advance over Robin Sage in that the persona seems to have been built in part with the aid of artificial intelligence.
Julian Assange's extradition proceedings advanced today, according to the Guardian.