Some minor moves among cyber criminals yesterday and today. The Gozi banking Trojan, hitherto mostly seen in attacks against financial institutions in the Gulf and the US, appears ready for an Eastern European outbreak. Users of the Angler exploit kit show signs of moving to Neutrino. Older versions of iOS are said to be vulnerable to "Quicksand" exploitation.
The Ashley Madison breach continues to dominate cyber news, and interest therein is not entirely sordid. US observers note a large number of Federal and military email accounts in the posted credentials. The Feds are paying close attention, given the obvious potential for blackmail, and equally the obvious evidence of people misbehaving with Government networks. (For military personnel Army Times notes an additional risk: adultery remains a punitive article in the US Uniform Code of Military Justice.) CSO's Salted Hash publishes some internal, pre-breach security self-assessments from Ashley Madison's parent company, Avid Life. The concerns would be familiar to any organization: tension between operational efficiency and security, worries about potentially disgruntled insiders, the difficulty of recruiting and retaining security personnel (which one executive characterizes as the problem of "keeping up with the jones" [sic]), etc.
Cisco warns that Flash exploits are proliferating rapidly.
Drupal, WordPress, and Pocket issue security upgrades.
CSO offers a rundown of dates, "holidays," although most of them aren't actual holidays, on which cyber attacks are more likely.
Symantec's recent M&A activity prompts speculation about other cyber companies thought to be preparing acquisitions.
Texas clarifies cyber standards of care.