Commentators and defense intellectuals weigh the costs and benefits of restricting ISIS access to social media and run up against the old electronic warfare trade-off: you can no longer intercept what you jam.
Businesses reassess the cyber threat from state actors in the wake of the Gemalto affair. What do you do when those intruding into your systems aren't just bad guys, but, effectively, those you might have thought of as friends and family? Gemalto itself casts its experience as a privacy issue as opposed to a security problem, which is certainly one way of looking at it.
Users continue to purge their devices of Lenovo's unhappy Superfish experiment. Microsoft says its Malicious Software Removal Tool shows that about 250,000 machines have been scrubbed.
Bromium reports a new variant of Cryptolocker targeting files associated with games. (These are apparently single-player games — popular, but not necessarily the most popular.) FireEye reports another criminal development: exploitation of real-time advertising bidding networks to spread ransomware.
Various sectors struggle with question of assessing cyber value-at-risk. Insurance companies are obviously concerned with the question, not only as underwriters, but for judging their own exposure as well. Other businesses take calculated risks with respect to addressing their own vulnerabilities (one hopes the calculations are sound).
OpenDNS acquired BGPmon. Bloomberg reports that Websense is for sale. PayPal, preparing for its spinoff from eBay, may have a security acquisition strategy.
NIST announces cyber research grant topics for small businesses.
The US Government receives advice on cyber information sharing.