Sweden’s Luftfartsverket (LFV) has officially stated that November outages in that country’s air traffic control system were caused by a solar flare, not Russian electronic warfare.
Russian and US officials are meeting this week in Geneva to develop confidence-building measures designed to avoid misinterpretations of actions and incidents in cyberspace.
More details emerge on the US cyber offensive against ISIS. Marine Corps EA-6Bs are reported to have moved into the area of operations, adding an airborne electronic warfare and cyber capability to the US options. When offensive cyber operations began against ISIS in February, US operators concentrated on disruption (roughly equivalent to jamming) but sources now say the US has moved on to spyware installation (enabling identification and targeting of individuals and networks) and denial of encrypted communication channels (forcing ISIS command and control into less secure channels).
Researchers at PortSwigger have reported finding an XSS filter bypass vulnerability in Microsoft’s Edge browser. The flaw is thought to reside in code imported from Edge’s ancestor, Internet Explorer. A patch is not yet out.
Cisco’s Talos group has again warned of the risks facing users of out-of-date JBoss servers. JBoss ransomware is active in the wild, and K-12 schools are thought particularly vulnerable.
“Phineas Fisher” has published an account of how he hacked Hacking Team last July. He says he found a vulnerable embedded device and worked his way in from there.
Magic Leap, Alert Logic, and Orange are reported to have made acquisitions.
The FBI may have a Firefox zero-day.