Trend Micro is tracking a new campaign by Earth Empusa (also known as Poison Carp, a group believed to be linked to the Chinese government) against Uyghurs in Tibet. The campaign uses a new strain of Android spyware, ActionSpy, Modularized and typically distributed in watering hole attacks, ActionSpy has also been used against a travel agency in Taiwan and political and media organizations in Turkey.
The Atlanta Journal Constitution reports that Atlanta Police websites were briefly down yesterday. Tweets purporting to be from Anonymous claimed responsibility for the outage, which they called a response to Friday's fatal shooting of a man during an altercation: "Anonymous has taken action against Atlanta PD for the execution of #RayshardBrooks, we call for the arrest of the two murderers. No more impunity."
According to KrebsOnSecurity, Privnotes[.]com has been impersonating the legitimate Privnote[.]com free messaging service, The bogus site is phishing for Bitcoin by substituting the criminals' Bitcoin address for any such address it detects in communications. BleepingComputer notes that the campaign combines cybersquatting and phishing.
ZDNet reports that security firm CloudEyE has been selling criminals malware.
Organizations are receiving extortion notes that claim, falsely, to have installed info-stealing ransomware, and that if they're not paid they'll "destroy" the victims' sites and release sensitive data online. There's no ransomware: the threats are similar to the sextortion notes that claim, falsely, to have access to discreditable browser histories and webcam videos. BleepingComputer says the notes themselves are unusually well-written, without the eccentric usage one normally sees.