Increasing pressure on the ground drives ISIS not only toward more dispersed attacks abroad, but also toward renewed aspirations for an aggressive online presence and cyber-attack capability. Police intelligence alerts over social media sadly failed to arrive in time to warn victims of the Bastille Day attack in Nice.
Three upgrades to familiar crimeware appear. Symantec observes that newer versions of the Android.Fakebank.B malware family (a family known to researchers since 2013) have picked up a call-blocking capability. The Trojan blocks calls to the customer service numbers of selected banks. Avira warns that Locky ransomware is now able to encrypt victims’ files without needing to connect to a command-and-control server. And FireEye notes that an IE exploit has been added to the Neutrino kit. It appears to have been reverse-engineered from a proof-of-concept researchers at Theori prepared in June.
Pokémon Go shows no signs of slowing popularity. Its security risks remain intensely debated. Whether privacy issues deriving from the extensive privileges the game initially assumed have been fully addressed or not, players are strongly cautioned to be alert for bogus apps and pirated versions. (And to look both ways in physical space before crossing streets.)
In industry news, SAP has fixed thirty-six vulnerabilities (two “high priority”) in its software. Cisco addresses security issues in Cisco IOS, IOS XR, ASR 5000, WebEx Meetings Server, and Cisco Meeting Server. CyberGRX emerges from stealth with $9 million in Series A funding (led by Allegis Capital), and Delta Risk Cybersecurity Services acquires Allied InfoSecurity.