Sony continues to bleed sensitive information, and Hollywood is spooked by the apparent cost of the cyber attack — its exact price tag remains unknown but is surely very large. The FBI has thrown cold water on early reports of attribution of the hack to North Korea (we await the G-men's, and Norse's, conclusions with interest). Several industry sources sniff disdainfully at what they perceive as an attempt to inoculate Sony from security lapses by calling the attack "unprecedented": precedents (Shamoon, Dark Seoul, etc.) abound.
Patch Tuesday saw more than the usual array of Microsoft updates. Adobe, IBM, VMWare, and Yik Yak all address vulnerabilities, several of which are under active exploitation in the wild.
The season for retrospective and predictive trend studies has arrived. Noteworthy claims include Coalfire's forecast that cyber and risk management costs will double in 2015.
In industry news, Yahoo announces it will henceforth disclose within ninety days all vulnerabilities its researchers find. The Willis Wire thinks crypto-currencies may well prove uninsurable.
A decryption utility for OG3 crypto-malware is released. NIST delays release of its crypto standards report.
CSO believes catchy vulnerability nicknames have actually conduced to faster patching.
The US Congress increases cyber appropriations.
Also in the US, the Senate Select Committee on Intelligence releases a declassified version of its report on CIA interrogation techniques — there are references to cyber intelligence therein.
ISIS recruits using "slick" social media campaigns. Sabu talks of his arrest (for you Russian readers, Sabu would be the Father Gapon of Lulzsec).