A Russian espionage operation, "Waterbug" (others call the actor "Turla") appears to have hijacked Iran's OilRig ("Crambus") infrastructure, Symantec reports. The activity falls into three distinct campaigns: one using Meterpreter, another a hitherto unremarked backdoor ("Neptun"), and the third a backdoor that executes PowerShell scripts without powershell[dot]exe. (Symantec doesn't attribute Waterbug or Crambus to any nation-states, but notes that press reports have done so.)
Trend Micro describes a cyberespionage campaign ("Bouncing Golf") afflicting targets in the Middle East. It shows some significant similarities to the earlier Domestic Kitten campaign Check Point last September attributed to Iran.
vpnMentor found an exposed database (now secured) belonging to Florida advertising agency X Social Media. The database contained business and personal information concerning medication side-effects, defective infant-care products, injuries attributable to pesticides, medicines, or medical devices, and US veterans' combat wounds. Much of X Social Media's ad business is said to lie with law firms cultivating class action suits.
SecurityWeek says Retrieval-Masters Creditors Bureau Inc., AMCA's corporate parent, has filed for Chapter 11 bankruptcy. The action is the result of the AMCA data breach that affected Quest Diagnostics, LabCorp, and BioReference Laboratories. That breach was publicly revealed on June 3rd when Quest disclosed it in an 8K filing.
The City Council of suburban Riviera Beach, Florida, voted unanimously to pay ransomware extortionists $600,000 to recover city files. The AP reports the town understands it's a crapshoot: even paying may not get them their files back. WPTV points out that backups would have been cheaper.