Some news sources report that ISIS is doxing US service members and their families, posting personally identifying information online and howling for lone wolves to behead those so identified. It's unclear how real the threat is (and the arrest of a Georgia Guardsman for falsely reporting similar but unrelated threats should give one pause) but authorities urge caution. Other ISIS information ops sicken even the Taliban, which objects to recent execution videos.
An international dragnet (US, UK, and Danish authorities at least were involved) resulted in the indictment of at least nine (Naked Security says thirty-two) stock traders and hackers for a five-year-long criminal campaign to profit from illicitly obtained inside information. The SEC suggests they may have made up to $100 million by hacking press release services to obtain early warning of material information. In one case, half an hour advance warning of an earnings downgrade yielded $500 thousand in ten minutes of short-selling. Observers draw the following lessons: 1) hackers needn't be flash traders to game the market, 2) enterprises really need to take a hard look at third-party risk, 3) such financial cyber crime isn't unique — consider FIN4 and last decade's Estonian gang, and 4) inevitably, more legislation is needed.
On the subject of cyber risk and its transfer, some thoughts are offered on determining value-at-risk in the absence of a large corpus of actuarial data.
Yesterday was Patch Tuesday. In addition to Microsoft's fixes, see upgrades from Google, Mozilla, Adobe, and OpenSSH.
Oracle anathematizes reverse engineering.