Observers continue to mull the import of Twitter's warnings that you-may-be-the-target-of- state-sponsored-attention, but reach no consensus.
As Russia deploys jammers to Syria, ISIS/Daesh retaliates indirectly against the ministrations of Anonymous, releasing personally identifying information of US personnel (not themselves, ex hypothesi, Anonymous adherents). European and American authorities begin prosecution of ISIS supporters for either recruitment or conspiracy. In the US, eyebrows rise over reports that the Department of Homeland Security explicitly excludes social media checks from its vetting of visa applicants. One of the San Bernardino killers is said to have left a lurid trail in her social media posts.
As the OPM hack is found to extend to accredited journalists, OPM's recently appointed "cyber czar" says he's worried that ISIS/Daesh may also be able to compromise the agency's data or networks.
One hears much of "actionable intelligence," but use cases have been surprisingly thin on the ground. But here's a developing story of one such case: British firm Moonfruit, which provides online services primarily for small businesses, has taken itself offline in response to indications that it may soon be targeted in a DDoS campaign. Moonfruit says it's taken this step to protect its customers, and that it will return after a security upgrade.
Other case studies surface in responsible disclosure, courtesy of researcher Chris Vickery, who finds two unrelated problems. The vendors' different responses are instructive.
The "Microsoft Word Intruder" crimeware kit gets an upgrade.
Joomla patches a remote code execution vulnerability being actively exploited in the wild.