"Senior American officials" have described the June 20th US cyberattack against Iranian targets. The New York Times says the officials see the operation as a success: it wiped out a database essential to the Islamic Revolutionary Guards Corps' operations against tankers in the Arabian Gulf.
Researchers at Secureworks report that TrickBot is exhibiting new functionality that poses a particular threat to mobile users. The malware now seeks PINs that could be used to give GOLD BLACKBURN, the threat group behind TrickBot, the ability to access voice and text communications. Code injected through user interaction with a bogus sign-in page initiates TrickBot's "record" function.
Blackberry Cylance's ThreatVector threat research team has released new research into a malware sample used by APT28, that is, Fancy Bear, Russia's GRU. ThreatVector's new research details analysis of samples US Cyber Command uploaded to VirusTotal. They found that the malware is "a multi-threaded DLL backdoor that gives the threat actor full access to, and control of, the target host." Fancy Bear's stripped-down malware is surrounded by a great deal of benign code, and ThreatVector thinks the new approach represents a response to widespread defensive use of machine learning.
Facebook announced a revision to its rules concerning political advertising. The rules will govern both campaign ads and advocacy ads concerning social and political issues. They aim at producing disclosures that would achieve greater transparency with respect to who's sponsoring and paying for the advertising.
Avast has helped the French Gendarmerie take down the Retadup worm's command-and-control infrastructure.