Malware samples recovered from watering hole attacks against the Polish financial regulator's website contain false flags that fraudulently suggest Russian actors are behind the campaign. BAE Systems Threat Research attributed the attack to the notoriously known Lazarus Group.
TeamSpy malware targets high-profile industrial executives, researchers and diplomats using phishing attack. If successful, the malware installs keylogger and hidden TeamViewer application.
The world's largest spam botnet Necurs, with 5 million infected hosts, has added a DDoS module.
Montenegro suffered massive cyberattacks against government and media websites.
This one about Cloudflare bug is all over the internet, but I found the report from the Google Project Zero engineer interesting.
Google announces first SHA1 collision attack, demonstrating it with two PDF files.
Short blog with the self explanatory headline "Why it sucks to be a Security Researcher" written by a Sakurity infosec guy.
Crackle is a tool to crack Bluetooth Smart Encryption (BLE). It exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers.
The Mercure is a tool for generating and managing phishing campaigns. It includes email templates, attachments and landing page management.