SophosLabs finds a new PlugX malware variant directed against a fresh target: the Japanese word processor Ichitaro. TrustWave uncovers a very large "trove" of credentials—Facebook, Twitter, Google, Yahoo, LinkedIn—as it rummages the Pony botnet.
Banking Trojan Neverquest is identified (by Symantec) as an evolved version of the Snifula family. And ZeuS is now routinely packaged as an anti-virus update.
Visual basic scripting malware, formerly found mostly in targeted attacks, is now spreading widely through Latin America.
Windows XP exploits grow as the obsolescent OS nears the end of its supported life. Some of them are now circumventing sandboxes in unpatched versions of Adobe Reader. The Chinese government wants Microsoft to rethink its decision to stop support of XP, but few think this likely to happen.
The InfoSec Institute offers some advice on coping with CryptoLocker ransomware.
Healthcare.gov continues to draw tepid security reviews. The private sector has its own issues in the form of the iPharmacy Drug Guide & Pill ID app, said to be unpleasantly leaky with personal information.
Bitcoin crooks remain on the cyber-lam.
Sure, it's a stunt, but SkyJack's drone-hacking offers food for thought about hacker R&D.
Webroot's redoubtable Mr. Danchev notes another way in which criminal markets ape legitimate ones—celebrity endorsements: a dodgy Russian VPN service touts itself as "recommended by Edward Snowden."
The US and UK continue to seek a cyber-security modus vivendi with China.
Speaking of Snowden, the Guardian says it has lots more stuff to reveal, and promises it's "shocking."