US Cyber Command warned that CVE-2017-11774, a Microsoft Office Outlook security bypass vulnerability publicly identified in 2017, is being actively exploited in the wild. The Command posted samples to VirusTotal, which researchers at Chronicle have checked and associated with exploitation of this vulnerability in 2018 by Iran's APT33 and Shamoon2. Users who haven't yet patched are encouraged to do so. The warning comes during a period of heightened US-Iranian tension.
Airline pilots say they've experienced weeks of GPS disruption around Tel Aviv. C4ISRNET reports that Russian jamming is suspected.
Chatham House has published a study of NATO space-based strategic systems' vulnerability to cyberattack.
Cloudflare experienced a widespread outage yesterday morning that affected Internet service worldwide with 502 errors. Cloudflare's CEO Matthew Prince tweeted that a "[m]assive spike in CPU usage caused primary and backup systems to fall over," and that the issue has since been remediated. The company attributed the outage to "a bad software deploy," and says the problem lasted about thirty minutes.
Proofpoint says TA505, the gang responsible for Locky ransomware and the Dridex banking Trojan, is using a new downloader, "AndroMut," that bears code similarities to the Andromeda malware family. AndroMut distributes the FlawedAmmyy remote access Trojan in at least two campaigns: one targeting South Korean users, the other aimed at Singapore, the UAE, and the US. Both campaigns use malicious Microsoft Office files as their infection vector, and both are interested in the banking sector.
Bloomberg reports that Broadcom is in "advanced talks" to acquire Symantec.