Japan's Cyber Defense Institute warns that some Arabic-language blogs discussing ISIS are serving as malware vectors. No attribution, but the Cyber Defense Institute speculates that individuals and firms doing counter-terrorism research are the targets of an organized campaign.
ISIS's own attempts at information operations, based as they are on horrific propaganda-of-the-deed, show signs of prompting a grassroots backlash from the audience they seek to impress. A Forbes op-ed calls US social media complicit in ISIS's online efforts. While this is a little like blaming tire-manufacturers for car-bombings, the piece offers perspective on terrorists' online presence.
Trend Micro outlines Operation Pawn Storm, a cyber espionage campaign targeting iOS. Trend Micro stops short of attribution, but FireEye isn't so shy: they call out Russia's government.
Others report more Russian fingerprints on the Sony hack. Taia Global presents evidence that Russian actors (presumably criminals, not necessarily state organs) have not only been in Sony Pictures' networks, but that they remain there still.
An Internet Explorer flaw opens users to cross-site-scripting exploitation.
Ransomware and adware both continue to surge, as familiar attacks take new turns and gain new capabilities. Banking Trojans also find fresh victims.
On threats within the financial sector, brokers fear insiders most, then criminals. (Terrorists not so much. Such fears continue to shape the cyber insurance market.) Financial service customers take note: your banks, brokers, and wealth managers probably aren't going to cover your losses to hacks.
Hackers aren't necessarily smart, finds Sophos, but they do benefit from their black market.