The US military puts protections in place for service members and their families in the wake of ISIS "kill-list" threats. While attacks are still regarded as relatively improbable, the incident is another small information operations success for ISIS. Recent US counter-operations (notably a leafleting campaign over Syria) seem to be taking a page from the traditional psywar playbook. A US Government study finds the Americans losing the info ops competition with both ISIS and Russia, and one wonders why, given their national expertise in both marketing and media.
Cylance finds and discloses a vulnerability in ANTlabs' widely used hotel guest Wi-Fi system InnGate. In other hotel cyber news, Bancsec researchers report a cross-site request forgery vulnerability in Hilton's newly revamped (for better security) Hilton Honors system.
Google's and Mozilla's warnings about CNNIC unauthorized certificates are censored on Chinese websites.
Brian Krebs believes he's found clues to the identity of fraud-enabling Antidetect tool — Pavel Vladimirovich (last name redacted) is out there looking for a job and incautiously leaking his crimeware chops.
Security firms look at recent surges in spam and what these reveal about botnet assembly and operation.
The Kreditech breach is thought to hold interesting technical lessons on MongoDB issues and equally interesting anthropological lessons on the security implications of "hipster-tech."
Red Canary and Phishme land venture investments. The Financial Times describes a new breed of business-intelligence company that looks much like a cyber version of private investigators.
DARPA advances cyber security automation.
The UN appoints a data privacy rapporteur.