The Islamic State draws hacktivist attacks, so its gruesome propaganda are at least in some circles proving self-defeating. The US Treasury Department is also working to choke off IS financial windpipe. (Treasury involvement suggests cyber law enforcement as part of the effort.)
Israeli security firm ClearSky finds the Gholee Trojan dropper in pro-Palestinian malware spread with Gaza phishbait. Gholee's structure and sophistication, ClearSky argues, indicates Iranian involvement in the cyber campaign.
Researchers at the University of New Haven report data leaks in many popular Android personal messaging apps.
Investigators continue to debate (metaphysically, in some respects) whether Home Depot's breach was accomplished by the same BlackPOS malware responsible for Target's. Observers note, sympathetically, how difficult retailers find it to prevent or mitigate such attacks. Banks are often the first to notice, and, while threat sharing is improving, it remains slower than all would like.
Cyber criminals are exploiting iCloud security worries in phishing campaigns that seek login credentials. Wired reports that crime may have indirectly paid for Reddit (which itself is not accused of any crime): the magazine thinks Reddit made enough from celebrity picture views to run its servers for a month.
Heartbleed, still imperfectly patched, seems not to have been exploited before its disclosure. Thus concludes a consortium of university researchers, whose findings would tend to exonerate NSA and GCHQ of accusations that they kept the vulnerability quiet with a view to using it themselves.
Microsoft and Adobe get their Patch Tuesday reviews.
Apple Pay is cautiously received.