ISIS deals with loss of territory by looking for scriptural evidence that such setbacks are foreordained, and in no way compromise its legitimacy. Expect this to become a leitmotif in the Caliphate's ongoing information campaign.
The Syrian Electronic Army ("with Russian backing," says the victim) has attacked Belgian newspaper Nieuwsblad to protest Belgian participation in airstrikes against Syrian targets.
Pace the Jester and lots of other people who thought they'd glimpsed the hidden hand of Russia, it now appears that Friday's DDoS attacks were not directly the work of a state security service. The Mirai botnet remains under investigation, but according to US Director of National Intelligence Clapper, it looks more like a criminal operation than an attack by the state. Flashpoint has published a study that suggests the attackers were, as CSO calls them, "a bunch of amateurs," "script kiddies" and dark web lurkers without specific political or criminal motivation. If correct, this assessment is not reassuring, since it implies such attacks are well within the reach of many.
Utilities, especially electrical utilities, are worried. The not-forgotten Ukraine grid hack began with low-grade criminals and was coopted by a capable nation-state, and the same could happen with IoT vulnerabilities. Trend Micro points out one problem with the electrical power sector: too many of its personnel still use pagers.
Indegy has found a remote code vulnerability in Schneider Electric software used in programmable logic controllers.
Netskope describes the CloudFanta credential harvesting malware.
Forcepoint's study of millennials and cyber is out.