The video ISIS released over the weekend appears to contain some fakery — not, alas, the murders, but rather the claimed encryption. The encrypted email is patently faked, according to informed observers. Speculation about the fakery's motive varies: internal morale building, posturing, or even provocation intended to push governments toward policies weakening encryption.
Trolls are circulating a link to "crashmysafari[dot]com," which site induces browsers to process a memory-clogging string of characters, forcing devices to reboot. OS X, iOS, and Android devices are said to have been affected. Beware in particular of shortened urls that may be less immediately recognizable.
There are reports of active attempts to exploit the now fixed FortiOS SSH vulnerability.
Versions 1 and 2 of the popular e-commerce platform Magneto have been found vulnerable to cross-site scripting. A patch is available; analysts recommend applying it as soon as possible.
In other patch news, Oracle issues some Java patches. FreeBSD fixes a kernel panic vulnerability, and Apple update tvOS. OpenSSL is expected to issue two patches later this week.
A study of corporate risk disclosures in US Security and Exchange Commission filings finds such disclosures — including those pertaining to cyber risk — generic and uninformative. The insurance market moves toward more rigorous characterization of cyber risk: a variety of approaches are on offer, ranging from traditional consulting interviews to various scans of the external environment.
Venture capital continues to flow into cyber security start-ups.
Proofpoint says it's not for sale.
US Cyber Command warns of technological "peer competitors" in cyberspace.