Bulgarian police arrest a Syrian student in connection with Islamist hacktivism. Social media and other IT companies wrestle with the tension between supporting free speech (and, unmentioned, but surely operative here, free commerce) and enabling ISIS information operations. (The discussion will sharpen as investigation into yesterday's sad murder of four US Marines in Tennessee proceeds.)
Researchers show ways of obfuscating malicious code in HTML5 for drive-by attacks.
A bogus error message purporting to be a "crash report" is turning up on iOS devices. It is, of course, phishbait for hooking users into calling an equally bogus "tech support" number.
Palo Alto describes "MiniDionis," apparently a new campaign by the CozyDuke/CozyCar threat actors.
We know, we know, anyone who warns of problems in Wikileaks is probably stooging for the Man, but we'll pass on a warning anyway: those Stratfor documents stolen a few years ago are reported to harbor a dangerous amount of malware. Caveat lector.
iSight Partners says CVE-2015-2424, patched this week by Microsoft, is being exploited in the wild by the Russian espionage group "Tsar Team."
The Andromeda botmasters, having corralled enough bots, launch an aggressive point-of-sale crime spree with "GamaPOS" malware.
Siemens energy automation devices are found susceptible to authentication bypass.
Flash and Java were both patched, but both face increasing dissatisfaction and pessimism over their security.
The Hacking Team incident raises concerns about third-party security.
The US Department of the Interior tells Congress it dodged a cyber bullet. (Fusillade is more like it.)
Wassenaar approaches; concerns mount.