BlueKeep (CVE-2019-0708), the wormable vulnerability in Microsoft's Remote Desktop Protocol that Redmond disclosed in May of this year, has finally been exploited in the wild. That's not good, but it's not nearly as bad as months of warnings had led observers to expect. As WIRED summarizes the attacks, the exploitation so far hasn't gone farther than the installation of some cryptojackers. Thus there's no reason to panic, but also no grounds for complacency: about three-quarters-of-a-million machines are thought to be still vulnerable to BlueKeep.
Ransomware hit the Canadian province of Nunavut's government Saturday morning, taking agencies offline and rendering services unavailable, Nunatsiaq News reports.
The controversy between WhatsApp and NSO Group has grown into an Indian domestic scandal. WhatsApp has accused NSO Group of installing Pegasus spyware in WhatsApp users' devices, targeting journalists, activists, and politicians. Reuters reports that one of the politicians so targeted is the Congress Party's general secretary Priyanka Gandhi Vadra. The Times of India says it's received information from the Internet Freedom Foundation NGO that suggests the Ministry of Electronics and Information Technology's CERT-IN knew about the buffer overflow vulnerability in WhatsApp that is believed to have allowed Pegasus in. WhatsApp has filed suit against NSO Group in a US Federal court.
PerimeterX says it's found a new trend in Magecart attacks: different groups hitting the same victims at the same time.
Advanced Intelligence explains how GandCrab changed ransomware, moving it from a craft practiced in isolation by small gangs to a full-fledged black market commodity.