Researchers at Symantec are tracking a cryptojacking campaign that for now seems mostly to affect businesses in China. They're calling the campaign "Beapy," and the worm involved appears to be using the EternalBlue exploit to spread. So far Beapy has left individual users largely alone: it shows a distinct preference for enterprises.
KnownSec 404 has discovered a zero-day in Oracle web servers. Two WebLogic components, wls9_async and wls-wsat, are susceptible to remote code execution. There's no patch yet, and KnownSec 404 recommends either removing the two problematic components and restarting the servers, or firewalling the paths an attack might exploit.
A Recorded Future study indicates the degree to which credential-stuffing tools have become widely available criminal commodities. It’s possible to mount a credential-stuffing campaign for as little as five-hundred-fifty dollars. That investment is often repaid twentyfold. It’s a criminal-to-criminal market: the money's made in reselling stolen credentials. Recorded Future says there are six major account-checking toolkits available, with dozens of also-rans being hawked in dark web souks as well.
A cabinet dust-up over who talked out of school about a decision to allow Huawei participation in the UK's 5G build-out, at least in such "non-core" technologies as antennas, may give rise to a criminal investigation, the Telegraph reports.
According to the Washington Post, investigation into the Easter massacres in Sri Lanka has identified at least eight of the nine suicide bombers. Three were members of one of the country's wealthiest families; the family patriarch is among those who've been arrested.