The US Defense Department writes warily of a growing sophistication in ISIS cyber operations, but such sophistication is more evident in the Caliphate's information operations than in hacking. Recent threats against US service members, for example, derive from unsophisticated (if diligent) doxxing as opposed to network compromise.
ISIS itself is being hit in cyberspace by a self-organized (or unorganized) array of vigilantes (yes, Anonymous among them). The terrorist aspirant state is suffering increased friction in social media.
Cyber vigilantes may also be at work on North Korean networks.
NanoCore, a remote-access Trojan, is found infesting networks from East Asia through North America and into the Middle East. It appears to be spearphishing the oil-and-gas sector, and since its source code has leaked into criminal fora, observers expect infections to spike.
Patched vulnerabilities continue to be exploited: witness Adobe Flex SDK bug CVE-2011-2461, patched back in 2011, but persisting in widely visited Websites.
Palo Alto warns of "Android Installer Hijacking" — a vulnerability affecting nearly half of Android devices.
The Premera breach autopsy continues (Washington state insurance regulators lead a multi-state investigation). Reports indicate Premera both lacked multi-factor authentication and — disturbingly — was in HIPAA compliance, moving observers to ask whether HIPAA standards are too low.
Windows Pro IT reminds its readers that hackers don't need a rational motive.
The Christian Science Monitor's Passcode reports on US regional competition to become the cyber version of Silicon Valley.
Coca Cola experiments with novel approaches to enterprise security — the Wall Street Journal has the story.