ISIS (whose nominal sympathizers continue their practice of whacking at poorly protected sites in the American Midwest — this time at an Indianapolis artisan group) posts a sinister call asking supporters to attack US military personnel in their homes. The Caliphate helpfully publishes a doxed list of service members and their addresses, gleaned apparently from public sources. Such episodes illustrate the degree of nuisance (and menace) achievable with very modest technical skills.
The Rocket Kitten APT group (linked to Iran's government) resurfaces with attacks on European and Israeli targets.
China's government denies involvement with last week's hack of Register.com, suggesting accusations to the contrary are basically another American provocation. (Back in America, the FBI is investigating the hack.)
Cisco announces discovery of new paycard-scraping point-of-sale malware, PoSeidon, caught exfiltrating stolen data to servers in Russia.
A site-hijacking bug is found in another WordPress plug-in. Pakistan blocks WordPress for "national security" reasons, but that's because of terrorist group Tehreek Taliban Pakistan's heavy use of the blogging platform, not any technical vulnerabilities.
A recently patched Flash vulnerability appears in the Nuclear exploit kit. Patched bugs are being weaponized at a noticeably faster pace — speed of patching grows in importance.
Bank of America customers are targeted in a phishing campaign that shows a new tactical wrinkle: use of spoofed email addresses with a .gov top-level domain.
Apple and Google continue purging their respective app stores. Analysts warn that leaky apps have become a principal enterprise threat.
High-profile hacking spurs a wave of security IPOs.