At the end of last week Microsoft warned that a threat group it calls "Phosphorus" (and that others call Charming Kitten or APT35) is already actively working to affect the 2020 US Presidential election. Phosphorus is Iranian, and "linked to the Iranian government." The principal target appears, Reuters reports, to be President Trump's campaign, and the activity seems to be in its reconnaissance phase. The threat actor's targets are not exclusively campaign operations: journalists, government officials, and Iranian expatriates are also of interest to Phosphorus.
Teiss reports that a cybercriminal going by the nom-de-hack of X4crow is auctioning what he, she, or they claim is a 16GB SQL database holding personal information on about ninety-two million Brazilian citizens. The data are the usual identity theft gold: names, dates of birth, taxpayer IDs, gender, and mother's names.
Prince Harry is suing the News Group Newspapers and MGN Ltd., alleging, the Guardian reports, phone hacking that invaded his privacy. The Duke of Sussex is claiming damages from an old incident: the tabloids are said to have hacked royal phones between 1994 and 2011. The New York Times published a wrap-up of the incident nine years ago.
The Tuscaloosa Post says the DCH Health System unlocked ransomware-encrypted files by paying the extortionists.
Thales and Verint have published a taxonomy of some of the more prominent threat actors.
Speakers at an Atlantic Council event last week warned that cyberattacks on power infrastructure are now a present risk, and no longer just a theoretical possibility.