Other jihadist groups are reported to be taking a page from ISIS's social media playbook, conducting "money jihad" fundraisers over Twitter (so far without ISIS's growing OPSEC wariness).
Researchers are looking into a bug in VMWare's ESXi hypervisor that could corrupt virtual machines. VMWare knows about the problem and addressed it with an advisory early last month; Veeam and other firms are evaluating the adequacy of the fix.
CSO reports that Apple's XProtect fix for the iWorm may be incomplete. The Rootpipe OS X vulnerability continues to induce security headaches. (Rootpipe could be exploited to give attackers control of Macs without the need to enter a password.) These issues, as well as the WireLurker malware Palo Alto finds infecting Apple devices in China, move many observers to predict a coming era of insecurity for Apple users.
A version of the Dridex banking malware revives an old-school attack technique: infected MS Word macros.
eSecurity Planet draws a lesson from Shellshock and extends it to other software with deep pre-Internet roots. What were features in the old days are dangerously buggy in today's connected world.
Samsung answers NIST's warning about the alleged vulnerability in the manufacturer's Find My Mobile service.
Vectra Networks wonders what attackers do after they're inside a network's perimeter, and looks a five-month's worth of incident data to see what's trending. Command and control is the most common activity, exfiltration the least.
Raytheon buys Blackbird Technologies.
The Chinese ambassador to the US accuses the Americans of cyber bad faith.