The Islamic State's well-organized online video campaign continues to shock.
A cyber attack on Canada's National Research Council that CSEC attributed to the Chinese government has implications for Canada's IT infrastructure as a whole. China's Foreign Ministry issues a non-denial denial in high dudgeon, calling Canadian attribution of the hack "irresponsible" and "without evidence," asking for an apology, and reiterating China's long-asserted principled opposition to hacking.
Kaspersky offers an alternative to Crowdstrike's analysis of "Energetic Bear." Pace Crowdstrike, Kaspersky says it's not clear the espionage does come from Russia. (So Kaspersky renames the campaign "Crouching Yeti," because Yetis are mysterious. Also Himalayan? In any case, as the wrestling announcers used to say of Gorilla Monsoon, from parts unknown.)
Ransomware, now a staple of the cyber black market, is increasingly being assembled from readily available commodity code.
Black Hat and DEF CON are around the corner, and the customary vulnerability studies and exploit demonstrations appear. Noteworthy are a study of USB's inherent vulnerabilities, questions about a management tool used to remotely configure phones, Android's "FakeID" issues, exploitation of Android voice search, and, of course (although this one might not get to Vegas) the apparent breach of Tor anonymity.
Researchers raise doubts concerning AV software security, and analysts advise enterprises to vet such tools before installing them.
Observers note, again, the tension between compliance and security. Target's security team sensibly preaches collaboration as the retailer recovers from last winter's breach.
PrivCo expects VCs to invest $788M in early-stage cyber startups this year.