The claimed ISIS doxing of US service members increasingly looks like so much gasconade — the Pentagon thinks it's mostly hooey.
Google continues to have a difficult week: MWR Labs exposes an Android sandbox escape vulnerability, and Exodus Intelligence demonstrates that Stagefright patching is at best incomplete. Google is expected to issue fixes as soon as possible.
The Internet Storm Center describes Adwind, a remote access Trojan delivered as the payload in botnet-served spam. Adwind appears to require user interaction for activation.
Windows 10 continues to worry users concerned about their privacy.
The Russian CyberVor mob may be back — at least, someone posing as CyberVor seems to have gained access to University of Miami networks.
The "OwnStar" car hack is said to be effective against BMWs and Mercedes as well as Chryslers.
Apple updates OS X Server, iOS, Safari, and Yosemite. Dropbox moves to two-factor authentication.
The electrical power sector remains bedeviled by thumb-drive-delivered malware.
Oracle's stern words about reverse engineering to hunt bugs reverberate. Bug bounties are well-known, and HP's Zero Day Initiative tells eSecurity Planet how they legitimately buy vulnerabilities.
Enterprises that hold a lot of customer data — law firms, government agencies, etc. — are increasingly skittish about the risk to which those data expose them. The cyber insurance market gropes toward ways of transferring some of that risk. Post-breach litigation is a growing problem: class-action suits are now the norm.
The US National Institute of Standards and Technology (NIST) invites comment on a draft report of international cyber standards.