The Pemex hack was either a relatively minor matter quickly resolved, if you follow Mexican Security Minister Alfonso Durazo and Finance Minister Arturo Herrera, or it was a big problem that's still not resolved, if you believe what Pemex personnel are telling Reuters on condition of anonymity.
Proofpoint describes the work of TA2101, "a relatively new actor" that's spoofing official communications from German, Italian, and US agencies as phishbait.
Fortinet has discovered a dropper active in the wild that's delivering two Trojans to its targets: RevengeRAT and WSHRAT. Both RATs have a history of being used in attacks related to financial institutions. RevengeRAT collects system information; WSHRAT is a data stealer often seen in phishing campaigns.
An odd ransomware campaign is underway. According to BleepingComputer, the particular strain involved, "AntiFrigus," avoids files on the usual C-drive, reserving its hostile encryption for data on mapped network drives or removable devices. It's being distributed by malvertising that redirects victims to the RIG exploit kit.
Researchers at the Ohio State University have found a vulnerability in Bluetooth Low Energy (BLE) devices that exposes them to fingerprinting attacks. And, if the devices and the mobile apps that connect to them use weak encryption, attackers could intercept data being passed between them.
Pope Francis weighed in on the cryptowars yesterday. While stopping short of calling for backdoors accessible to law enforcement, he did suggest that tech providers had a grave responsibility to prevent abuse of their platforms by those who would exploit and endanger children.