IS has operated effective information campaigns (particularly effective in recruiting) and now, observers argue, aspires to develop an active hacking capability. This is so far more a matter of a priori probability than indications and warnings, but the possibility bears watching. Security experts and 9/11 commissioners outline trends in state and non-state cyber operations.
Several million Gmail credentials turned up on a Russian Bitcoin forum, but there's apparently less here than meets the eye: Google wasn't breached, says that 98% of the credentials were invalid, obsolete, or fake accounts, and that only a fraction of the remaining credentials could be used to access accounts. Ordinary security precautions with respect to Gmail seem more than sufficient to deal with the residual threat.
VMware patches third-party components in vSphere.
Certificate authorities want Google to give websites more time for upgrades before it expands Chrome safety warnings.
A survey of the financial sector purports to expose its four biggest fears: "a systematic attack on the markets as a whole, manipulation of product data, losing customer data to the extent of losing customer confidence, and employees becoming the weakest links."
In industry news, analysts look at the prominence of NSA and Unit 8200 alumni in, respectively, US and Israeli cyber start-ups. (Former NSA Director Alexander's patent application draws particular interest.)
As the US and Europe tighten restrictions on oil production equipment exports to Russia, Western energy companies would do well to look to the security of their networks: those networks have already been reconnoitered.