A known SharePoint vulnerability is being actively exploited in the wild. AT&T Alien Labs is tracking incidents involving CVE-2019-0604, a vulnerability Microsoft addressed in late winter. The Canadian Centre for Cyber Security warned last month of "China Chopper" malware hitting unpatched servers. Saudi Arabia's National Center for Cyber Security has also observed remote code execution exploitation of the vulnerability.
SC Magazine says that the (probably) Moscow-based gang Fxmsp may have stolen code from a fourth security company. None of the companies allegedly affected have been publicly named, but researchers at Advanced Intelligence have "high confidence" that Fxmsp has the code it says it does.
Thomson Reuters reports that the G7 are preparing a major exercise next month that will simulate a cross-border cyberattack against financial services and associated infrastructure.
Amnesty International will tomorrow petition the District Court of Tel Aviv to direct that Israel's Ministry of Defence revoke NSO Group's export license. NSO's lawful-intercept tool Pegasus is alleged to have been improperly used in surveillance by the governments of Mexico, Saudi Arabia, and the United Arab Emirates. The New York University School of Law's Bernstein Institute for Human Rights and Global Justice Clinic is supporting the suit.
Facebook is suing South Korean analytics firm Rankwave for allegedly abusing developer's platform data, reports TechCrunch.
Following incidents in which Chinese government money found its way to startups, the US Defense Department is moving forward with its Trusted Capital Markteplace program, intended to connect entrepreneurs with investors who don't represent a security threat.