ISIS documents captured in Mosul indicate that the Caliphate is taking an interest in commercial drones as weapons. It's long been noticed that the Internet provides threat actors with a ready-made research, development, and acquisition capability of a calibre formerly accessible only to nation-states. This latest bit of information warrants a look back at a 2008 Naval Research Advisory Committee study that predicted exactly this development, in pretty much exactly this form.
WordPress late last week patched a critical content injection zero-day. It kept the vulnerability under wraps until the patch was ready to avoid tipping off hackers who might have weaponized the exploit.
The venerable Zeus malware continues to successfully infect point-of-sale devices.
The EyePyramid campaign is thought to have been aimed at gaining illicit trading advantages. Such insider information is joining intellectual property as a common criminal goal: reasearchers at RedOwl and IntSights are seeing more cyber criminals attempting to recruit corporate insiders in the dark web. The insider trading racket is lucrative, at least according to the crooks managing the souk: they say their members make more than $5000 a month on illegal trades. Take that with the proverbial grain of salt, but there may be something to is, since the forum managers charge a 1 Bitcoin ($995) cover fee for membership. Companies are advised to look to their insider threat.
In industry news, Visa USA acquires CardinalCommerce (authentication), HPE buys Niara (behavioral analytics), and Radware concludes acquisition of Seculert (automated attack detection).
Russia's FSB purge continues.