Al Qaeda, competing hard against the Islamic State for jihadist mindshare, announces reorganization: Qaedat al-Jihad al-Electroniyya will henceforth be responsible for (as the name suggests) "electronic jihad." Yahya al-Nemr commands the unit; Mahmud al-Adnani serves as his deputy. (Hat tip to SenseCy for keeping an eye on cyberterrorism's inside baseball.)
Trend Micro finds and discloses a new Flash zero-day vulnerability — this one, like its immediate predecessors, is being exploited in the wild through malvertising. Internet Explorer and Firefox users are reported particularly at risk, and some security experts again advise doing without Flash wherever possible. Adobe is working on a patch that it expects to have out this week.
A Ponemon report says browsers have become the weak link in security, with browser-based exploits now the leading source of enterprise infections.
File-encrypting malware Critroni is being distributed as spoofed Chrome updates that "aggressively redirect" victims to multiple compromised sites.
"SaveMe," a bogus backup service that's actually a variant of SocialPath Android malware, has infested Google Play.
D-Link routers are found vulnerable to DNS hijacking.
Canadian mining firm Nautilus Minerals suffers a disturbing cyber crime: a $10M payment to a shipbuilding firm was in fact made to a spoofed site.
Another US parking service, Book2Park, is compromised, apparently by the same gang responsible for the Target hack. Stolen customer paycard data has shown up on the Rescator criminal market.
Shortages of cyber labor continue to impede efforts to improve enterprise security.
The US Presidential budget asks $1B more for cyber.