Islamic state information operations increasingly mix atrocity-boasting videos with "women's propaganda" that seek to normalize life in the Caliphate. (One hopes in vain that few will be deceived by the latter, or impressed by the former.) ISIS attempts to doxx and target American service members continue (doxxing, but no evidence of hacking).
Files stolen by Snowden and released by others apparently reveal Canadian cyber capabilities (and operational styles — some alleged information ops discussions show a markedly puerile malignity).
More analysis of Drupal vulnerabilities and exploitation appear.
Denial-of-service attacks increasingly serve as misdirection and cover for more damaging exploits.
PoSeidon is giving BlackPOS a run for its money in the criminal marketplace.
GoDaddy's layered protections are reported vulnerable to social engineering (not surprising for any system with humans in the loop) and Photoshopping (a little surprising).
Game-streamer Twitch says it's been compromised and will reset user passwords.
Google finds and revokes misused certs (Mozilla does, too).
Tails gets an emergency security fix.
Verizon's report on paycard security tells Fortune testing's in decline.
Passcode revisits a vexed problem: what counts as a "cyber incident" as opposed to, say, a glitch or malfunction? (Of particular concern with respect to industrial control systems.)
Bloomberg's spat with Kaspersky (advantage Kaspersky) over government influence prompts reflections on national borders' continuing role in cyberspace.
Security analysts offer approaches to risk mitigation — start by determining what's at risk.
Chinese release of PLA cyber offensive capabilities may be a step toward deterrence (something the US wants more of, too).