Turkish authorities interdict social media along the Syrian border in support of an offensive against Kurdish forces, WIRED reports.
Proofpoint has issued another report on Silent Librarian, the Iranian threat group also tracked as Cobalt Dickens and TA407. Silent Librarian, associated with Iran's Mabna Institute, targets universities through phishing campaigns that make heavy use of spoofed university brands and library-themed phishbait. The objective appears to be intellectual property theft.
North Korea's Lazarus Group has renewed its deployment of an Apple backdoor against cryptocurrency exchanges. Malwarehunter Team alerted researchers to the activity Friday; it was further examined by researcher Patrick Wardle, who sees the malware as a variant of the AppleJeus operation Kaspersky described in August. In this round the Lazarus Group is again using a front company, "JMT Trading," to upload malicious code to GitHub.
Connecticut-based shipping and postage metering company Pitney Bowes disclosed yesterday morning that it had sustained a serious ransomware attack. The company believes that customer data were not compromised, and that the consequence of the attack will be confined to service disruptions. Groupe M6, the large media company headquartered in the Parisian suburbs, also disclosed an attack over the weekend, and L'Express calls it ransomware. Groupe M6's programming continued, but some business and customer contact functions were degraded. There's no evidence so far that the attacks are connected. In neither case has the ransomware strain or a threat actor been publicly identified. The incidents give point to recent Europol and FBI warnings about the ransomware threat.