Cisco Talos describes "Sea Turtle," a state-directed espionage campaign that's been active since early 2017. Most of Sea Turtle's operations have been in the Middle East, and the campaign is noteworthy for its sophisticated Domain Name System (DNS) manipulation. Cisco Talos divides the victims into "two distinct groups." The first group includes the targets proper: energy organizations, defense establishments, and foreign ministries. The second group are third-parties used to reach the primary targets: telcos, ISPs, and DNS registrars. CrowdStrike and FireEye had earlier described aspects of this DNS-manipulation campaign. FireEye tentatively attributed it to Iran.
Buzzfeed says Google has booted six ad-fraud apps from the Play store.
Yesterday Facebook acknowledged inadvertently uploading email contacts of a million-and-a-half users without the users' consent. The social network regrets this, and says it will remove contacts uploaded in connection with its now-disenabled email password verification feature. The contacts may have found their way into data used to draw inferences for ad-targeting and the People You May Know feature. Whether those inferences will also be removed is, the Guardian reports, unknown.
ZeroFOX sees a wave of opportunistic scamming conducted around the Notre Dame fire: ad fraud, direct fraud, malware installation, and even stock fraud.
The Washington Post interviews a professor who sees problems with the conduct of cybersecurity research. The issues apparently derive from how research uses data entangled with marketing that are better adapted to persuasion than replication.
The Mueller report is being released this morning. CNN and others are following the story.