Anonymous announces its intent to strike at ISIS/ISIL in cyberspace, but its approach seems curiously perverse and indirect: the hacktivist collective says it will hit cyber targets in Turkey and Saudi Arabia, and in other countries it claims financially support the Islamic State. (Not to forget the US, either, whom Anonymous assigns a hefty share of blame for "the crisis.") Analysts continue to worry about ICS/SCADA vulnerability to ISIS cyber offensive capabilities — still largely aspirational — but few doubt the success of the Islamic State's information operations, which prompt a "lone wolf" terror alert from the US Department of Homeland Security.
Vulnerabilities in popular software discussed today include an Oracle hole and some redirection to drive-by sites from jQuery[.]com.
In the US, vulnerability researchers find issues with Healthcare[.]gov; the Department of Health and Human Services promises fixes by mid-November.
The iPhone 6's TouchID remains vulnerable to fake fingerprint hacking, researchers say, but its biometrics are deemed accurate enough for Apple Pay.
Home Depot believes it's stopped vulnerability to point-of-sale hacking (with the possible exception of some locations in Canada). Observers offer thoughts on the scope and risk of retail data breaches. The SANS Institute's Pescatore discusses how one might determine value-at-risk from publicly available information (noting the benefit of performing such analysis in advance of an incident). PropertyCasualty360° points out one easily overlooked insurance consequence of a breach: triggering D&O (directors and officers) policies.
High-volume denial-of-service attacks are on the rise, with attackers shifting their attention to ISPs and gaming sites.